The access management (AM) market is defined by customers’ needs to establish, enforce and manage runtime access controls for internal and external types of identities, interacting with cloud, modern standards-based web and legacy web applications. An AM vendor provides, at minimum, the following core capabilities: Identity administration of internal and external types of identities, including directory and identity synchronization services; User self-service, including end-user and administrative interfaces for user registration, password management, profile management and delegated administration; A workforce launchpad of applications or application gallery for single sign-on (SSO); Authorization and adaptive access, and support for modern identity protocols like OAuth 2.0; Session management; User authentication methods, including multifactor authentication (MFA), and SSO.
End-user computing and support organizations use client management tools (CMTs) to automate endpoint management tasks. CMTs perform the following technical functions: • OS deployment • Hardware and software inventory • Software distribution • Patch management • Configuration management (e.g., scripts) • Security configuration management • Remote control Organizations primarily use CMTs to manage PCs running Microsoft Windows and Apple macOS. Although most organizations still leverage separate management approaches for mobile devices and PCs, unified endpoint management (UEM) supports the convergence of enterprise mobility management (EMM) and CMT functionality. Organizations are increasingly looking for a single vendor and management platform to support PCs and mobile devices.
CWPPs are workload-centric security products that protect server workloads in hybrid, multicloud data center environments (see Note 1). CWPPs provide consistent visibility and control for physical machines, virtual machines (VMs), containers and serverless workloads, regardless of location. CWPP offerings protect workloads using a combination of system integrity protection, application control, behavioral monitoring, intrusion prevention and optional anti-malware protection at runtime. CWPP offerings should also include scanning for workload risk proactively in the development pipeline.
The market for DLP technology includes offerings that provide visibility into data usage and movement across an organization. It also involves dynamic enforcement of security policies based on content and context for data in use and at rest. DLP technology seeks to address data-related threats, including the risks of inadvertent or accidental data loss and the exposure of sensitive data, using monitoring, alerting, warning, blocking, quarantining and other remediation features.
Email security refers collectively to the prediction, prevention, detection and response framework used to provide attack protection and access protection for email. Email security spans gateways, email systems, user behavior, content security, and various supporting processes, services and adjacent security architecture. Effective email security requires not only the selection of the correct products, with the required capabilities and configurations, but also having the right operational procedures in place.
The Endpoint Detection and Response Solutions (EDR) market is defined as solutions that record and store endpoint-system-level behaviors, use various data analytics techniques to detect suspicious system behavior, provide contextual information, block malicious activity, and provide remediation suggestions to restore affected systems. EDR solutions must provide the following four primary capabilities: • Detect security incidents • Contain the incident at the endpoint • Investigate security incidents • Provide remediation guidance
An Endpoint Protection Platform (EPP) is a solution deployed on endpoint devices to prevent file-based malware, to detect and block malicious activity from trusted and untrusted applications, and to provide the investigation and remediation capabilities needed to dynamically respond to security incidents and alerts.
Reviews for 'IT Infrastructure and Operations Management - Others'
IGA tools manage digital identity and access rights across multiple systems. To accomplish this, IGA tools aggregate and correlate disparate identity and access rights data that is distributed throughout the IT landscape to enhance control over user access. IGA tools have evolved over the years to support a broad and deep range of capabilities.
Information-centric security products focus on content, more than device, and apply encryption and authentication to block file access and movement from unauthorized people or circumstances. Endpoint systems are porous, mistakenly sharing data is easy, and users can be careless. Information-centric security is the last line of defense for data when firewalls, anti-malware tools, best practices and other traditional defenses fail. The scope of this market is the protection of stored information, commonly referred to as data at rest. The protection of data at rest in some ways takes precedence, because the interconnectedness of today’s systems often undermines network protections. In other words, high-value information should be protected “at rest” to prevent the risk of a breach caused by an unexpected data in motion event.
MSSs provide organizations with a variety of management and operational services specific to security technologies and business outcomes for security. Capabilities include security monitoring, detection and response, exposure assessment and management as well as security consulting and security technology implementation. MSSs are delivered in a variety of modes, in the providers’ cloud infrastructure, as consultative engagements or through staff augmentation and on-premises. MSS providers offer a variety of different engagement models. These include heavily customized and consultancy-led models and commoditized technology management-driven experiences.
Gartner defines mobile data protection (MDP) products and services as software security methods that enforce confidentiality policies by encrypting data, and then defending access to that encrypted data on the mass storage systems of end-user workstations. These storage systems include the primary boot drive of a workstation, additional system drives and removable devices used for portability. Storage technologies affected by MDP include magnetic hard-disk drives (HDDs), solid-state drives (SSDs), self-encrypting drives (SEDs), flash drives and optical media. Several methods allow MDP products to delegate all or part of the encryption process to be accomplished by hardware elements, including the CPU and drive controller, and to native capabilities in the OS. Some vendors also have protection capabilities for network storage, and a few also support cloud-based storage environments as an extension to the desktop.
The mobile threat defense (MTD) market relates to products that protect organizations from threats on iOS and Android devices. MTD products protect at the device, network and application levels and focus on countering malicious actions.
NDR solutions primarily use non-signature-based techniques (for example, machine learning or other analytical techniques) to detect suspicious traffic on enterprise networks. NDR tools continuously analyze raw traffic and/or flow records (for example, NetFlow) to build models that reflect normal network behavior. When the NDR tools detect suspicious traffic patterns, they raise alerts. In addition to monitoring north/south traffic that crosses the enterprise perimeter, NDR solutions can also monitor east/west communications by analyzing traffic from strategically placed network sensors. Response is also an important function of NDR solutions. Automatic responses (for example, sending commands to a firewall so that it drops suspicious traffic) or manual responses (for example, providing threat hunting and incident response tools) are common elements of NDR tools
Network-based sandboxing is a proven technique for detecting malware and targeted attacks. Network sandboxes monitor network traffic for suspicious objects and automatically submit them to the sandbox environment, where they are analyzed and assigned malware probability scores and severity ratings. Sandboxing technology has been used for years by malware researchers at security companies and even in some large enterprises that are highly security conscious. Traditionally, using a sandbox has been an intensive effort requiring advanced skills. The malware researcher manually submits a suspicious object into the sandbox and analyzes it before flagging it as malware or not. By adding automated features to sandboxing technology (automatically submitting suspicious objects and automatically generating alerts).
Gartner defines operational technology as, “hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events.” OT security includes practices and technologies used to protect them.
PAM tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. PAM tools offer features that enable security and risk leaders to: • For all use cases: o Discover privileged accounts on systems, devices and applications for subsequent management. o Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts. o Control access to privileged accounts, including shared and “firecall” (emergency access) accounts. o Isolate, monitor, record and audit privileged access sessions, commands and actions.
The SACBT market is characterized by vendor offerings that include one or more of the following capabilities: Ready-to-use training and educational content; Employee testing and knowledge checks; Availability in multiple languages, natively or through subtitling or partial translation (in many cases, language support is diverse and localized); Phishing and other social engineering attack simulations; Platform and awareness analytics to help measure the efficacy of the awareness program. Training modules are available as cloud-hosted SaaS applications or on-premises deployments via client-managed learning management systems (LMSs), and also support the Sharable Content Object Reference Model (SCORM) standard, enabling integration with corporate LMSs.
Security service edge (SSE) secures access to the web, cloud services, and private applications. Capabilities include access control, threat protection, data security, security monitoring, and acceptable use control enforced by network-based and API-based integration. SSE is primarily delivered as a cloud-based service and may include on-premises or agent-based components.
Reviews for 'Security Solutions - Others'
TI products and services deliver knowledge, information and data about cybersecurity threats and other cybersecurity-related issues. The output of these products and services aim to provide or assist in the curation of information about the identities, motivations, characteristics and methods of threats, commonly referred to as tactics, techniques and procedures (TTPs). The intent is to enable better decision making and improve security technology capabilities to reduce risk and the chance of being compromised.
User authentication provides real-time corroboration of an identity claim by a person accessing an organization’s assets. It is foundational to network, application and data security, because it reduces fraud, mitigates account takeover (ATO) and other identity risks, and addresses regulatory requirements. Tools in this market enable or provide one or more credential-based or signal-based authentication methods that can augment or replace legacy passwords for employees, contingent workers, partners, suppliers, business or retail customers, or citizens in one or more use cases.
Gartner defines WAN optimization tools as products that improve the performance of applications running across the WAN as well as reduce WAN service expenses. WAN optimization solutions continue to evolve, and now support four high-level needs: improving the response times for users of business-critical applications over WAN links or mobile connections; assisting in maximizing ROI for WAN bandwidth; optimizing data-center-to-data-center (DC-to-DC) traffic for faster storage replication and synchronization; and assisting in directing traffic across multiple WANS, such as a hybrid WAN or public cloud connectivity.