How EDR, remote browsers, and cloud security will shape the next year of cybersecurity.
As attacks on enterprise IT increase, security leaders must remain vigilant and educated about new technologies to protect the organization.
“In 2017, the threat level to enterprise IT continues to be at very high levels, with daily accounts in the media of large breaches and attacks. As attackers improve their capabilities, enterprises must also improve their ability to protect access and protect from attacks,” said Neil MacDonald, vice president, distinguished analyst and Gartner Fellow Emeritus, during Gartner Security & Risk Management Summit 2017. “Security and risk leaders must evaluate and engage with the latest technologies to protect against advanced attacks, better enable digital business transformation and embrace new computing styles such as cloud, mobile and DevOps.”
Mr. MacDonald presented a list of the top 11 information security technologies for the year.
Cloud workload protection platforms
Today’s data centers support workloads that typically run in several different places: Physical machines, virtual machines, containers, and private and public cloud. Cloud workload protection platforms provide a single management console and a single way to express security policy, regardless of where the workload runs.
Read More: 5 Trends in Cybersecurity for 2017 and 2018
Browser-based attacks are the leading source of attacks on users. Establishing a remote browser by isolating end-user internet browsing sessions for enterprise endpoints keeps malware off an end-user’s system, reducing the surface area for attack and shifting it to server sessions. Server sessions can be reset to a known good state on new browsing sessions, tab opened or URL accessed.
Deception technology can be used to thwart or throw off a potential attacker. They allow enterprises to better detect attacks with a higher level of confidence in events detected. Current deception technology spans multiple layers within the stack, including endpoint, network, application and data.
Endpoint detection and response (EDR)
Gartner predicts that by 2020, 80% of large enterprises, 25% of midsize organizations and 10% of small organizations will have invested in EDR capabilities. These solutions monitor endpoints for unusual behavior or malicious intent.
Network traffic analysis (NTA)
Network traffic analysis is a network-based approach to monitor network traffic, flows, connections and objects looking for malicious intent. This solution will identify, monitor and triage these events.
Managed detection and response (MDR)
MDR can be a good solution for enterprises that want to improve threat detection, incident response and continuous-monitoring abilities but lack the skill or resources to do so in-house. MDR is particularly popular with small and midsize enterprises due to lack of investment in threat detection.
Microsegmentation means implementing isolation and segmentation for security purposes in the virtual data center. This can stop attackers who are already in the system from moving laterally to other systems.
Software-defined perimeters (SDPs)
SDPs define a logical set of disparate, network-connected participants within a secure computing enclave. The resources are typically hidden from public discovery, and access is restricted via a trust broker to the specified participants of the enclave, removing the assets from public visibility and reducing the surface area for attack.
Cloud access security brokers (CASBs)
CASBs provide a single point of control over multiple cloud services concurrently for any user or device, offering more control and visibility. They address gaps created by the significant increase in cloud service and mobile usage.
OSS security scanning and software composition analysis for DevSecOps
Security architects must be able to incorporate security controls without manual configuration throughout the DevOps process, while being as transparent as possible for developers. Software composition analysts analyze the source core, modules, frameworks and libraries to identify and inventory OSS components and known security vulnerabilities or licensing issues.
Because containers use a shared OS model, an attack on a vulnerability in the OS could compromise all the containers. Container security can be a challenge if developers create containers with no input from security experts. Container security solutions protect the entire life of the container from creation into production, and most provide preproduction scanning combined with runtime monitoring and protection.
Gartner clients can learn more about security & risk in the Gartner Trend Insight Report “Digital Trust: Redefining Trust for the Digital Era.”
Cloud Leadership eBook
Learn more about cloud security and strategy in the complimentary Gartner eBook Cloud Leadership.
Gartner Security & Risk Management Summits 2017
Gartner analysts will provide additional analysis on IT security trends at the Gartner Security & Risk Management Summits 2017 taking place in Tokyo; Mumbai, India; Sao Paulo; Sydney; London; and Dubai. Follow news and updates from the events on Twitter at #GartnerSEC.