CWPPs are workload-centric security products that protect server workloads in hybrid, multicloud data center environments (see Note 1). CWPPs provide consistent visibility and control for physical machines, virtual machines (VMs), containers and serverless workloads, regardless of location. CWPP offerings protect workloads using a combination of system integrity protection, application control, behavioral monitoring, intrusion prevention and optional anti-malware protection at runtime. CWPP offerings should also include scanning for workload risk proactively in the development pipeline.
The market for enterprise data loss prevention (EDLP) comprises offerings that provide visibility into data usage across an organization for a broad set of use cases and the dynamic application of policies based on the content and context at the time of an operation. EDLP seeks to address data related threats including the risks of inadvertent or accidental data loss, and the exposure of sensitive data using monitoring, filtering, blocking and other remediation features.
The Endpoint Detection and Response Solutions (EDR) market is defined as solutions that record and store endpoint-system-level behaviors, use various data analytics techniques to detect suspicious system behavior, provide contextual information, block malicious activity, and provide remediation suggestions to restore affected systems. EDR solutions must provide the following four primary capabilities: • Detect security incidents • Contain the incident at the endpoint • Investigate security incidents • Provide remediation guidance
An Endpoint Protection Platform (EPP) is a solution deployed on endpoint devices to prevent file-based malware, to detect and block malicious activity from trusted and untrusted applications, and to provide the investigation and remediation capabilities needed to dynamically respond to security incidents and alerts.
The network intrusion detection and prevention system (IDPS) appliance market is composed of stand-alone physical and virtual appliances that inspect defined network traffic either on-premises or in the cloud. They are often located in the network to inspect traffic that has passed through perimeter security devices, such as firewalls, secure Web gateways and secure email gateways. IDPS devices are deployed in-line and perform full-stream reassembly of network traffic. They provide detection via several methods — for example, signatures, protocol anomaly detection, behavioral monitoring or heuristics, advanced threat defense (ATD) integration, and threat intelligence (TI). When deployed in-line, IDPSs can also use various techniques to detect and block attacks that are identified with high confidence; this is one of the primary benefits of this technology. Next-generation IDPSs have evolved in response to advanced targeted threats that can evade first-generation IDPSs.
Gartner defines mobile data protection (MDP) products and services as software security methods that enforce confidentiality policies by encrypting data, and then defending access to that encrypted data on the mass storage systems of end-user workstations. These storage systems include the primary boot drive of a workstation, additional system drives and removable devices used for portability. Storage technologies affected by MDP include magnetic hard-disk drives (HDDs), solid-state drives (SSDs), self-encrypting drives (SEDs), flash drives and optical media. Several methods allow MDP products to delegate all or part of the encryption process to be accomplished by hardware elements, including the CPU and drive controller, and to native capabilities in the OS. Some vendors also have protection capabilities for network storage, and a few also support cloud-based storage environments as an extension to the desktop.
Network-based sandboxing is a proven technique for detecting malware and targeted attacks. Network sandboxes monitor network traffic for suspicious objects and automatically submit them to the sandbox environment, where they are analyzed and assigned malware probability scores and severity ratings. Sandboxing technology has been used for years by malware researchers at security companies and even in some large enterprises that are highly security conscious. Traditionally, using a sandbox has been an intensive effort requiring advanced skills. The malware researcher manually submits a suspicious object into the sandbox and analyzes it before flagging it as malware or not. By adding automated features to sandboxing technology (automatically submitting suspicious objects and automatically generating alerts).
Gartner defines the security and information event management (SIEM) market by the customer’s need to analyze event data in real time for early detection of targeted attacks and data breaches, and to collect, store, investigate and report on log data for incident response, forensics and regulatory compliance. SIEM technology aggregates event data produced by security devices, network infrastructure, systems and applications. The primary data source is log data, but SIEM technology can also process other forms of data, such as network telemetry. Event data is combined with contextual information about users, assets, threats and vulnerabilities. The data may be normalized, so that events, data and contextual information from disparate sources can be analyzed for specific purposes, such as network security event monitoring, user activity monitoring and compliance reporting. The technology provides real-time analysis of events for security monitoring, query and long-range analytics for historical analysis.
Reviews for 'Security Solutions - Others'