At the Gartner Security and Risk Management Summit 2017 conference held this week, Gartner unfurled what it describes as the top security technologies IT organizations should be employing in 2017. They include:
- Cloud Workload Protection Platforms: Hybrid cloud workload protection platforms (CWPP) that provide an integrated way to protect workloads via a single management console as well as a single way to express security policy, regardless of where the workload runs.
- Remote Browser: By isolating the browsing function, Gartner says malware is kept off the end-user system. That, in turn, reduces the surface area for attack by shifting the risk of attack to the server sessions, which can be reset to a known good state on every new browsing session, tab opened or URL accessed.
- Deception: Deception technologies are defined by Gartner as the use of deceits, decoys and/or tricks designed to thwart, or throw off, an attacker's cognitive processes, disrupt an attacker's automation tools, delay an attacker's activities or detect an attack. By using deception technology behind the enterprise firewall, enterprises can better detect attackers that have penetrated their defenses with a high level of confidence in the events detected. Gartner says deception technology implementations now span multiple layers within the stack, including endpoint, network, application, and data.
- Endpoint Detection and Response: Endpoint detection and response (EDR) solutions augment traditional endpoint security software by monitoring endpoints for indications of unusual behavior and activities that might be indicative of malicious intent. Gartner predicts that by 2020, 80 percent of large enterprises, 25 percent of midsize organizations and 10 percent of small organizations will have invested in EDR capabilities.
- Network Traffic Analysis: Network traffic analysis (NTA) solutions monitor network traffic, flows, connections and objects for behaviors indicative of malicious intent. Gartner recommends that IT organizations looking for a network-based approach to identify advanced attacks that have bypassed perimeter security should consider NTA technologies.
- Managed Detection and Response: Managed detection and response (MDR) services improve an organization's security posture by providing threat detection, incident response, and continuous-monitoring capabilities. Gartner says these services are especially critical for smaller enterprises that can invest in deploying these technologies on their own.
- Microsegmentation: Once attackers compromise an IT systems, they typically can move unimpeded laterally (“east/west”) to other systems. Microsegmentation is the process of implementing isolation and segmentation for security purposes within the virtual data center.
- Software-Defined Perimeters: Gartner says a software-defined perimeter (SDP) defines a logical set of disparate, network-connected participants within a secure computing enclave. The resources are typically hidden from public discovery, and access is restricted via a trust broker to the specified participants. Gartner predicts that through the end of 2017, at least 10 percent of enterprise organizations will employ software-defined perimeter (SDP) technology.
- Cloud Access Security Brokers: Cloud access security brokers (CASBs) provide a single point of control over multiple cloud service concurrently, for any user or device. Gartner describes the need for CASBs in the age of the cloud as being nothing less than urgent.
- OSS Security Scanning and Software Composition Analysis for DevSecOps: Gartner says security architects need to be able to automatically incorporate security controls without manual configuration in a way that doesn't impede DevOps agility. Gartner says security controls should be automated within DevOps toolchains using software composition analysis (SCA) tools to analyze the source code, modules, frameworks and libraries for known vulnerabilities.
- Container Security: Because containers employ a shared operating system (OS) model, Gartner notes an attack on a vulnerability in the host OS could lead to a compromise of all containers. Traditional network and host-based security solutions are blind to containers. That means Gartner says IT organizations need to invest in security solutions designed from the ground up to protect containerized applications employing technologies such as Docker that are starting to appear in production environments in increasingly larger numbers.
As awesome as all these IT security technologies are, however, most of them are beyond the financial reach of the average organization. The primary reason IT organizations generally limit their investments to firewalls and antimalware software isn’t that they don’t care about security. It’s generally all they can realistically afford. Some IT security professionals would argue that a higher proportion of the overall IT budget needs to be allocated to security. To a degree that’s true. But when security spending gets north of 10 percent of the IT budget challenge questions about the level of risk associated with any new application versus the total cost of deploying it start to get asked. In effect, IT security gets in the way of digital progress.
The IT security industry as a whole might want to take a giant step back from product strategies and business models that seem to presume there is an infinite amount of dollars to spend on IT security. There’s no doubt there’s more money being allocated to security than ever. But at the same time IT security vendors would be well advised to spend more time distinguishing between what’s really a feature of a security platform versus an actual new product category.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.