What are the top technologies for information security in 2016? Gartner has announced the top 10 technology trends and the effects they will have on security organisations.
"Information security teams and infrastructure must adapt to support emerging digital business requirements, and simultaneously deal with the increasingly advanced threat environment. Security and risk leaders need to fully engage with the latest technology trends if they are to define, achieve and maintain effective security and risk management programs that simultaneously enable digital business opportunities and manage risk," says Neil MacDonald, vice president, distinguished analyst and Gartner Fellow Emeritus.
The top 10 tech security trends:
Cloud access security brokers (CASBs):
These are informational control points for information security officers to ensure secure and compliant cloud service use across providers. Gartner points out that many software-as-a-service (SaaS) apps have limited visibility and control, but as more organisations adopt SaaS, infrastructure-as-a-service (IaaS) or platform-as-a-service (PaaS) it becomes more difficult for chief information security officers (CISOs) to manage simultaneous use across cloud providers. Effective management is crucial in this regard.
Endpoint detection and response (EDR)
EDR tools record endpoint and network events, which is then stored at the endpoint or on a central database. This information is used and searched for known indicators of compromised behaviour, analytics and machine learning to rapidly respond to attacks.
Nonsignature approaches for endpoint prevention
Learning-based malware protection using mathematical models and non-signature based malware prevention methods are becoming more refined, particularly as traditional signature-based approaches are ineffective.
User and entity behavioural analytics (UEBA)
These allow for broad-scope security analytics surrounding user behaviour, endpoints, networks and applications. Analysis correlations help make results more accurat, and therefore make threat detection more effective.
Microsegmentation and flow visibility
Microsegmentation of traffic in enterprise networks can stop malware attacks travelling across systems. Microsegmentation may also include visualisation tools that help security officers understand flow patterns, set policies and monitor for 'deviations'. Additionally, network encryption and cryptographic isolation between workloads are also available microsegmentation tools.
Security testing for devops (DevSecOps)
The automated, transparent and compliant configuration of a security infrastructure policy based on current deployed workload states is the key in DevSecOps. Scripts, recipes, blueprints and templates will drive security infrastructure, which includes security policies such as testing applications during development or network connectivity at runtime. Automated vulnerability scanning before the system is released into production.
Intelligence-driven security operations centre orchestration solutions (SOC)
This system is built for intelligence and monitors every security operations aspect. These must work beyond traditional perimeter-based defenses by proving adaptive architecture and context-aware components. Traditional SOCs must transform into ISOCs through automation and orchestration of SOC processes.
These can remotely operate a browser session from a specially-designed server hosted on-site or in the cloud. These isolated servers prevent email, URL or malicious website malware from entering the end-user's system and the network system as a whole. Gartner says that this has 'significantly reduced the surface area for attack by shifting the risk of attack to the server sessions, which can be reset to a known good state on every new browsing session, tab opened or URL accessed'.
These technologies disrupt an attacker's cognitive process, tools, activities or breach progression.
Deception capabilities are emerging for network, application, endpoint and data. They can create false vulnerabilities, cookies, systems and shares to trick an attacker. If the attacker uses these, it can be a signal that an attack is happening, and can warn legitimate users not to access or see the compromised resources. Gartner says that 10% of enterprises will use deception capabilities by 2018.
Pervasive trust services
The growth of the Internet of Things and operational technologies have forced new security models that manage and provide trust at scale. These trust services must support the varying needs of billions of devices, many of which do not have much processing power. Gartner says that organisations tht want larger-scale trust-based services should focus on data integrity, confidentiality, device identity and authentication. Blockchain and distributed trust architectures are becoming more common.