Build Adaptive Security Architecture Into Your Organization

Traditional "prevent and detect" approaches are inadequate.

Many enterprise IT security teams spend much of their time focused on preventing a cyberattack. In doing so, they have implemented a “incident response” mindset rather than a “continuous response” where systems are assumed to be compromised and require continuous monitoring and remediation.

The adaptive security architecture is a useful framework to help organisations classify existing and potential security investments to ensure that there is a balanced approach to security investments. Rather than allowing the “hot” security startup of the day to define security investments, Gartner recommends that security organizations evaluate their existing investments and competencies to determine where they are deficient.

New Capabilities for Digital Product Management

How to manage products and services in new ways

Download eBook

Gartner predicts that, by 2020, 40% of large organizations will have established a “security data warehouse” to support advanced security analytics.

The concept of adaptive security, one of Gartner’s “Top 10 Strategic Technology Trends for 2017,” is a vital building block of a modern digital business.

“Digital business is built upon an intelligent mesh of devices, software, processes and people,” says David Cearley, research vice president and Gartner Fellow. “This means an ever more complex world for security, demanding a continuous, contextual and coordinated approach.”

He added that there are four stages of an adaptive security cycle (see Figure 1).


The Four Stages of an Adaptive Security Architecture
Figure 1. The Four Stages of an Adaptive Security Architecture


Prevention and detection are key pillars of a traditional approach to cybersecurity. “In the digital world, however, predicting new threats and automating routine cybersecurity responses and practices — to free up the time of human specialists for the most complex incidents — is key to staying ahead of an expanding universe of threats and risks,” said Mr. Cearley.

Moreover, relying only on prevent-and-detect perimeter defenses and rule-based security, such as antivirus and firewalls, becomes less effective as organizations increasingly use cloud-based systems and open application programming interfaces (APIs) to create modern business ecosystems. The IT department simply does not control the bounds of an organization’s information and technology in the way it used to.

Therefore, the current “incident response” mindset of many organizations — which views security incidents as one-off events — must shift to a “continuous response” stance. The assumption must be that the organization will be compromised, that the hacker’s ability to penetrate systems is never fully countered. Continuous monitoring of systems and behavior is the only way to reliably detect threats before it is too late.

Read More: The Gartner IT Security Approach for the Digital Age

This continuous approach, however, generates an enormous volume, velocity and variety of data. Advanced analytics will be the foundation of next-generation security protection and Gartner predicts that, by 2020, 40% of large organizations will have established a “security data warehouse” to support this function.

Advanced machine learning and artificial intelligence (AI)

“Advanced machine learning and artificial intelligence (AI) elements will extend this analytical approach to security,” says Cearley. “As these capabilities become mainstream, adaptive security architecture will become more common as vendors integrate different security functions into single platforms powered by embedded analytics and AI.”

One common example currently attracting widespread attention is user and entity behavior analytics (UEBA). These systems profile and baseline the activity of users, peer groups and other entities such as devices, applications and networks. They correlate user and other entity activity and behaviors, and detect anomalous patterns. For example, organizations can see if users are visiting sites they don’t usually visit, or downloading things they don’t normally download. Unusual behavior will trigger alarms.

“For next-generation security to be most effective, it must be integrated deeply into an organization’s architecture,” says Cearley. “It means security teams must overcome organizational barriers between them and application development and operations teams. As a result, they can provide meaningful feedback and ensure new systems are not introducing new threats that cannot be countered effectively.”


Gartner clients can learn more about adaptive security in "Top 10 Strategic Technology Trends for 2017: Adaptive Security Architecture", by David Cearley, et al.

More cybersecurity analysis is available in the Gartner Special Report "Cybersecurity at the Speed of Digital Business," a collection of research that addresses the new reality where IT organizations have little direct infrastructure and their biggest security concerns will come from services outside their control.

Nonclients can learn more in the complimentary Gartner webinar "Special Report: Cybersecurity is a Foundation for Digital Business" and research note "Adapting Your IT Strategy for a Cloud-Dominated Business Application Environment."


Get Smarter

Follow #Gartner

Attend a Gartner event

Explore Gartner Conferences

Cool Vendors Enable Radical Rethinking After the Reset

The recent global pandemic has put the entire world in a vulnerable and fragile state. Ingenuity, not just financial muscle, will become a source of advantage, allowing cleverer firms to rapidly reinvent and renew their businesses to succeed. CIOs should leverage Cool Vendors to expand their opportunities and accelerate reinvention.

Read Free Gartner Research


Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching