Gartner's Top Technologies for Security in 2017
July 12, 2017

Gartner, Inc. highlighted the top technologies for information security and their implications for security organizations in 2017.

"In 2017, the threat level to enterprise IT continues to be at very high levels, with daily accounts in the media of large breaches and attacks. As attackers improve their capabilities, enterprises must also improve their ability to protect access and protect from attacks," said Neil MacDonald, VP, Distinguished Analyst and Gartner Fellow Emeritus. "Security and risk leaders must evaluate and engage with the latest technologies to protect against advanced attacks, better enable digital business transformation and embrace new computing styles such as cloud, mobile and DevOps."

The top technologies for information security are:

Cloud Workload Protection Platforms

Modern data centers support workloads that run in physical machines, virtual machines (VMs), containers, private cloud infrastructure and almost always include some workloads running in one or more public cloud infrastructure as a service (IaaS) providers. Hybrid cloud workload protection platforms (CWPP) provide information security leaders with an integrated way to protect these workloads using a single management console and a single way to express security policy, regardless of where the workload runs.

Remote Browser

Almost all successful attacks originate from the public internet, and browser-based attacks are the leading source of attacks on users. Information security architects can't stop attacks, but can contain damage by isolating end-user internet browsing sessions from enterprise endpoints and networks. By isolating the browsing function, malware is kept off of the end-user's system and the enterprise has significantly reduced the surface area for attack by shifting the risk of attack to the server sessions, which can be reset to a known good state on every new browsing session, tab opened or URL accessed.

Deception

Deception technologies are defined by the use of deceits, decoys and/or tricks designed to thwart, or throw off, an attacker's cognitive processes, disrupt an attacker's automation tools, delay an attacker's activities or detect an attack. By using deception technology behind the enterprise firewall, enterprises can better detect attackers that have penetrated their defenses with a high level of confidence in the events detected. Deception technology implementations now span multiple layers within the stack, including endpoint, network, application and data.

Endpoint Detection and Response

Endpoint detection and response (EDR) solutions augment traditional endpoint preventative controls such as an antivirus by monitoring endpoints for indications of unusual behavior and activities indicative of malicious intent. Gartner predicts that by 2020, 80 percent of large enterprises, 25 percent of midsize organizations and 10 percent of small organizations will have invested in EDR capabilities.

Network Traffic Analysis

Network traffic analysis (NTA) solutions monitor network traffic, flows, connections and objects for behaviors indicative of malicious intent. Enterprises looking for a network-based approach to identify advanced attacks that have bypassed perimeter security should consider NTA as a way to help identify, manage and triage these events.

Managed Detection and Response

Managed detection and response (MDR) providers deliver services for buyers looking to improve their threat detection, incident response and continuous-monitoring capabilities, but don't have the expertise or resources to do it on their own. Demand from the small or midsize business (SMB) and small-enterprise space has been particularly strong, as MDR services hit a "sweet spot" with these organizations, due to their lack of investment in threat detection capabilities.

Microsegmentation

Once attackers have gained a foothold in enterprise systems, they typically can move unimpeded laterally ("east/west") to other systems. Microsegmentation is the process of implementing isolation and segmentation for security purposes within the virtual data center. Like bulkheads in a submarine, microsegmentation helps to limit the damage from a breach when it occurs. Microsegmentation has been used to describe mostly the east-west or lateral communication between servers in the same tier or zone, but it has evolved to be used now for most of communication in virtual data centers.

Software-Defined Perimeters

A software-defined perimeter (SDP) defines a logical set of disparate, network-connected participants within a secure computing enclave. The resources are typically hidden from public discovery, and access is restricted via a trust broker to the specified participants of the enclave, removing the assets from public visibility and reducing the surface area for attack. Gartner predicts that through the end of 2017, at least 10 percent of enterprise organizations will leverage software-defined perimeter (SDP) technology to isolate sensitive environments.

Cloud Access Security Brokers

Cloud access security brokers (CASBs) address gaps in security resulting from the significant increase in cloud service and mobile usage. CASBs provide information security professionals with a single point of control over multiple cloud service concurrently, for any user or device. The continued and growing significance of SaaS, combined with persistent concerns about security, privacy and compliance, continues to increase the urgency for control and visibility of cloud services.

OSS Security Scanning and Software Composition Analysis for DevSecOps

Information security architects must be able to automatically incorporate security controls without manual configuration throughout a DevSecOps cycle in a way that is as transparent as possible to DevOps teams and doesn't impede DevOps agility, but fulfills legal and regulatory compliance requirements as well as manages risk. Security controls must be capable of automation within DevOps toolchains in order to enable this objective. Software composition analysis (SCA) tools specifically analyze the source code, modules, frameworks and libraries that a developer is using to identify and inventory OSS components and to identify any known security vulnerabilities or licensing issues before the application is released into production.

Container Security

Containers use a shared operating system (OS) model. An attack on a vulnerability in the host OS could lead to a compromise of all containers. Containers are not inherently unsecure, but they are being deployed in an unsecure manner by developers, with little or no involvement from security teams and little guidance from security architects. Traditional network and host-based security solutions are blind to containers. Container security solutions protect the entire life cycle of containers from creation into production and most of the container security solutions provide preproduction scanning combined with runtime monitoring and protection.

The Latest

December 14, 2017

Around one in five business leaders indicating that their software budget had increased 50 percent or more over the past three years to support digital transformation projects. However, the increased software development investment has not translated to greater security budgets or awareness of the security risks insecure software introduces: only 50 percent of business leaders surveyed understand the risk that vulnerable software poses to their business, according to Securing the Digital Economy, a report from Veracode ...

December 13, 2017

Metrics-oriented thinking is key to continuous improvement – and a core tenant of any agile or DevOps philosophy. Metrics are factual and once agreed upon, these facts are used to drive discussions and methods. They also allow for a collaborative effort to execute decisions that contribute towards business outcomes ...

December 11, 2017

The benefits of DevOps are potentially enormous, but simply identifying the benefits is not enough. A faster time to market may be a good customer story, but with no directly measurable monetary return, the value of DevOps can still be questioned at board level. Businesses want more than promises if they are to sign off on financial decisions: they need to know the Return on Investment (ROI) as well, with facts and figures that demonstrate what they will gain ...

December 07, 2017

Modern businesses are migrating to a cloud-based model for hosting sensitive data to reap the benefits of agility and cost savings as well as to keep pace with customer demand. Cloud-Native methodologies such as DevSecOps, continuous delivery, containers and micro-services are essential building blocks in the digital business revolution. However, moving information and technologies from hardware to software poses a security concern – translating to a top challenge for both IT and the C-level, as applications built on top of micro-services and containers in a Cloud-Native environment utilize a wide variety of secrets for their proper functioning ...

December 06, 2017

There was a time in cybersecurity strategy when most IT leaders considered perimeter and endpoint guards like antivirus and authentication controls to be the sum of network protection. But as attacks continue to increase in frequency and sophistication, leaders and DevOps teams have been focusing on the role of backup and disaster recovery in mounting a strong defense ...

December 04, 2017

In this blog I will summarize and share with you some wisdom about the biggest problem – okay, problems – in the field of software testing right now. While this is not an exhaustive list, these four bad habits have emerged as the predominant themes ...

December 01, 2017

The majority of testers – 63 percent – are responsible for both API and UI testing, according to the State of Testing 2017 Survey conducted by SmartBear Software. With the growth of methodologies like Agile and DevOps, testing teams have been shrinking and the line between roles increasingly blending ...

November 29, 2017

Companies today face a digital dilemma. How can they understand and discern if their approach to transforming their company to meet today's digital consumer is the right one? ...

November 27, 2017

It has been argued that Dev and Ops teams should work more closely together for some time. For many, the benefits of a closer relationship are clear, and the debate has moved on from if to how, but for lots of companies there are several types of walls to tear down ...

Share this