Revealed: Top 10 security technologies for 2017
Gartner analysts flag up the key security buzzwords for the year - including OSS scanning in DevSecOps.
Gartner has unveiled a list of the analyst firms top security technologies for organisations in 2017, as well as their likely implications for enterprise. The technologies range widely from application development in DevSecOps, to cloud security and network traffic analysis. However, without further ado, here is the top ten:
OSS Security Scanning and Software Composition Analysis for DevSecOps
Automation of security controls throughout a DevSecOps cycle is key to minimising application vulnerabilities, according to Gartner. The company’s own research from 2016 predicted that 99 per cent of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year, and a host of recent attacks including WannaCry demonstrate that this issue hasn’t gone away. One major issue in application development is the use of OSS components with unpatched existing flaws, sourced from an out-of date library, or similar. Gartner believes that managing this risk, fulfilling legal and regulatory compliance requirements and maintaining DevOps agility is the motivation for increased interest in OSS Security Scanning and Software Composition Analysis tools. The products can analyze the source code, modules, frameworks and libraries that a developer is using to identify and inventory OSS components and to identify any known security vulnerabilities or licensing issues before the application is released into production - potentially removing serious but previously recognised flaws from the application.
Containers use a shared operating system (OS) model, which means that an attack on a vulnerability in the host OS could lead to a compromise of all containers. Containers are not inherently unsecure, say Gartner, but “they are being deployed in an unsecure manner by developers, with little or no involvement from security teams and little guidance from security architects.” Container security solutions provide preproduction scanning combined with runtime monitoring and protection, protecting the entire life cycle of containers from creation into production.
Cloud Workload Protection Platforms
Modern data centers support workloads that run in physical machines, virtual machines (VMs), containers, private cloud infrastructure and almost always include some workloads running in one or more public cloud infrastructure as a service (IaaS) providers. Hybrid cloud workload protection platforms (CWPP) provide a way to protect these workloads, often using a single integrated management console and a truly unified security policy.
An ingenious response to the problem of browser attacks via the public internet, which are not only the most common method of attack currently, but also difficult to defend against. Containing the damage by isolating the browsing function from the enterprise endpoint and network keeps malware off the end-user's system. At least until the bad guys work out how to subvert it.
Deception technologies are designed to slow attackers that have penetrated corporate defences. By using decoys and tricks to disrupt automated tools and throw off attacker’s cognitive processes, defenders can buy time. Deception technology implementations now span multiple layers within the stack, including endpoint, network, application and data.
Endpoint Detection and Response
Endpoint detection and response (EDR) solutions augment traditional endpoint preventative controls such as an antivirus by monitoring endpoints for indications of unusual behavior and malicious activities. Gartner predicts that by 2020, 80 percent of large enterprises, 25 percent of midsize organizations and 10 percent of small organizations will have invested in EDR capabilities.
Network Traffic Analysis (NTA)
NTA solutions monitor network traffic, flows, connections and objects for malicious behavior, a strategy recently recommended by researchers in order to spot ‘live’ attacks before they exfiltrate data or dig deeper into the network.
Managed Detection and Response (MDR)
MDR providers deliver services for buyers looking to improve their threat detection, incident response and continuous-monitoring capabilities, but lack the resources to go it alone. Gartner believes this is a significant area of demand for SMEs that have historically neglected spend on threat detection.
Once attackers have gained a foothold in enterprise systems, they can often easily move laterally to other systems. Microsegmentation is the process of implementing isolation and segmentation for security purposes within the virtual data center. Like bulkheads in a ship or submarine, microsegmentation helps to limit the damage from a breach when it occurs.
A software-defined perimeter (SDP) defines a logical set of disparate, network-connected participants within a secure computing enclave. Gartner predicts that through the end of 2017, at least 10 percent of enterprise organizations will leverage software-defined perimeter (SDP) technology to isolate sensitive environments.
Gartner recently recognised High-Tech Bridge as a “Cool Vendor” in Security for Midsize Enterprises.
Gartner is holding the Gartner Security & Risk Management Summit 2017 in London, September 2017.