Gartner’s Top 10 Technologies for Information Security

June 16, 2016

Contributor: Kasey Panetta

How information security teams provide the most effective business support and risk management.

Modern information security teams encounter challenges unique to the current business environment. While the main goal of the team is to support emerging digital business, they’re also dealing with an increasingly advanced threat environment.

At the Gartner Security & Risk Management Summit, Neil MacDonald, vice president at Gartner, spoke about the latest technology trends for 2016 that allow information security teams to provide the most effective business support and risk management.

1. Cloud Access Security Brokers

Software as a Service (SaaS) apps, increasingly pervasive in enterprises, provide new challenges to security teams with their limited visibility and control options. Cloud Access Security Brokers (CASB) allow chief information security officers (CISOs) an opportunity to apply enterprise security policies across multiple cloud services.

2. Endpoint Detection and Response

Endpoint detection and response (EDR) solutions allow CISOs to detect potential security breaches and react quickly. These tools record endpoint and network events, and the data is continuously searched using known indicators of compromise (IOC) and machine-learning techniques for early identification of breaches.

3. Nonsignature Approaches for Endpoint Prevention

Techniques such as memory protection and exploit prevention and machine learning-based systems, which uses mathematical models, augment ineffective signature-based approaches for malware prevention against advanced and targeted attacks.

4. User and Entity Behavioral Analytics

User and entity behavioral analytics (UEBA) provide user-centric analytics alongside information about networks, endpoints, and applications. The correlation of these analytics offers more effective, accurate threat detection.

5. Microsegmentation and Flow Visibility

Microsegmentation, a more granular segmentation, stops attackers already in the system from moving laterally (“east/west”) to other systems. Visualization tools allow security teams to understand flow patterns, set segmentation policies and monitor for deviations. For data in motion, some vendors provide optional encryption of the network traffic.

6. Security Testing for DevOps

As DevOps integrates security into the workflow (DevSecOps) emerging operating models offer an automated, transparent and compliant configuration of underlying security infrastructure based on policy reflecting the currently deployed state of the workloads.

7. Intelligence-Driven Security Operations Center Orchestration Solutions

Intelligence-driven security operations centers (ISOCs) are designed to deal with the new “detection and response” paradigm. This solution requires the evolution of traditional security operation center (SOCs) to offer an adaptive architecture and context-aware components.

8. Remote Browser

CISOs can address malicious malware delivered via email, URLs or websites by isolating the browsing function from the endpoint and corporate network. This is done by remotely presenting the browser session from an on-site or cloud-based “browser server.” The server sessions can be reset to a known good state, and this technique reduces the surface area for an attack, shifting the risk to server sessions.

9. Deception

Deception tools, as the name implies, use deceit or tricks to thwart attacks. The security team creates fake vulnerabilities, systems, shares and cookies to tempt attackers. Any real attack on these resources indicates to security teams an attack is occurring, as legitimate users won’t see or need access to the fake systems.

10. Pervasive Trust Services

Security models must evolve alongside the projected pervasiveness of the Internet of Things (IoT) and increasing dependency on operational technology. Trust services can manage the needs of billions of devices with limited processing capability. More importantly, trust services are designed to scale and can offer secure provisioning, data integrity, confidentiality, devices identity and authentication.


Experience IT Security and Risk Management conferences

Join your peers for the unveiling of the latest insights at Gartner conferences.