Modern information security teams encounter challenges unique to the current business environment. While the main goal of the team is to support emerging digital business, they’re also dealing with an increasingly advanced threat environment. At the Gartner Security & Risk Management Summit, Neil MacDonald, vice president at Gartner, spoke about the latest technology trends for 2016 that allow information security teams to provide the most effective business support and risk management.
- Cloud Access Security Brokers
Software as a Service (SaaS) apps, increasingly pervasive in enterprises, provide new challenges to security teams with their limited visibility and control options. Cloud Access Security Brokers (CASB) allow chief information security officers (CISOs) an opportunity to apply enterprise security policies across multiple cloud services.
- Endpoint Detection and Response
Endpoint detection and response (EDR) solutions allow CISOs to detect potential security breaches and react quickly. These tools record endpoint and network events, and the data is continuously searched using known indicators of compromise (IOC) and machine-learning techniques for early identification of breaches.
- Nonsignature Approaches for Endpoint Prevention
Techniques such as memory protection and exploit prevention and machine learning-based systems, which uses mathematical models, augment ineffective signature-based approaches for malware prevention against advanced and targeted attacks.
- User and Entity Behavioral Analytics
User and entity behavioral analytics (UEBA) provide user-centric analytics alongside information about networks, endpoints, and applications. The correlation of these analytics offers more effective, accurate threat detection.
- Microsegmentation and Flow Visibility
Microsegmentation, a more granular segmentation, stops attackers already in the system from moving laterally (“east/west”) to other systems. Visualization tools allow security teams to understand flow patterns, set segmentation policies and monitor for deviations. For data in motion, some vendors provide optional encryption of the network traffic.
- Security Testing for DevOps
- As DevOps integrates security into the workflow (DevSecOps) emerging operating models offer an automated, transparent and compliant configuration of underlying security infrastructure based on policy reflecting the currently deployed state of the workloads.
- Intelligence-Driven Security Operations Center Orchestration Solutions
Intelligence-driven security operations centers (ISOCs) are designed to deal with the new “detection and response” paradigm. This solution requires the evolution of traditional security operation center (SOCs) to offer an adaptive architecture and context-aware components.
- Remote Browser
CISOs can address malicious malware delivered via email, URLs or websites by isolating the browsing function from the endpoint and corporate network. This is done by remotely presenting the browser session from an on-site or cloud-based “browser server.” The server sessions can be reset to a known good state, and this technique reduces the surface area for an attack, shifting the risk to server sessions.
Deception tools, as the name implies, use deceit or tricks to thwart attacks. The security team creates fake vulnerabilities, systems, shares and cookies to tempt attackers. Any real attack on these resources indicates to security teams an attack is occurring, as legitimate users won’t see or need access to the fake systems.
- Pervasive Trust Services
Security models must evolve alongside the projected pervasiveness of the Internet of Things (IoT) and increasing dependency on operational technology. Trust services can manage the needs of billions of devices with limited processing capability. More importantly, trust services are designed to scale and can offer secure provisioning, data integrity, confidentiality, devices identity and authentication.