As attacks on enterprise IT increase, security leaders must remain vigilant and educated about new technologies to protect the organization. "In 2017, the threat level to enterprise IT continues to be at very high levels, with daily accounts in the media of large breaches and attacks. As attackers improve their capabilities, enterprises must also improve their ability to protect access and protect from attacks," said Neil MacDonald, vice president, distinguished analyst and Gartner Fellow Emeritus, during Gartner Security & Risk Management Summit 2017. "Security and risk leaders must evaluate and engage with the latest technologies to protect against advanced attacks, better enable digital business transformation and embrace new computing styles such as cloud, mobile and DevOps." Mr. MacDonald presented a list of the top 11 information security technologies for the year.
Today's data centers support workloads that typically run in several different places: Physical machines, virtual machines, containers, and private and public cloud. Cloud workload protection platforms provide a single management console and a single way to express security policy, regardless of where the workload runs.
Browser-based attacks are the leading source of attacks on users. Establishing a remote browser by isolating end-user internet browsing sessions for enterprise endpoints keeps malware off an end-user's system, reducing the surface area for attack and shifting it to server sessions. Server sessions can be reset to a known good state on new browsing sessions, tab opened or URL accessed.
Deception technology can be used to thwart or throw off a potential attacker. They allow enterprises to better detect attacks with a higher level of confidence in events detected. Current deception technology spans multiple layers within the stack, including endpoint, network, application and data.
Gartner predicts that by 2020, 80% of large enterprises, 25% of midsize organizations and 10% of small organizations will have invested in EDR capabilities. These solutions monitor endpoints for unusual behavior or malicious intent.
Network traffic analysis is a network-based approach to monitor network traffic, flows, connections and objects looking for malicious intent. This solution will identify, monitor and triage these events.
MDR can be a good solution for enterprises that want to improve threat detection, incident response and continuous-monitoring abilities but lack the skill or resources to do so in-house. MDR is particularly popular with small and midsize enterprises due to lack of investment in threat detection.
Microsegmentation means implementing isolation and segmentation for security purposes in the virtual data center. This can stop attackers who are already in the system from moving laterally to other systems.
SDPs define a logical set of disparate, network-connected participants within a secure computing enclave. The resources are typically hidden from public discovery, and access is restricted via a trust broker to the specified participants of the enclave, removing the assets from public visibility and reducing the surface area for attack.
CASBs provide a single point of control over multiple cloud services concurrently for any user or device, offering more control and visibility. They address gaps created by the significant increase in cloud service and mobile usage.
Security architects must be able to incorporate security controls without manual configuration throughout the DevOps process, while being as transparent as possible for developers. Software composition analysts analyze the source core, modules, frameworks and libraries to identify and inventory OSS components and known security vulnerabilities or licensing issues.
Because containers use a shared OS model, an attack on a vulnerability in the OS could compromise all the containers. Container security can be a challenge if developers create containers with no input from security experts. Container security solutions protect the entire life of the container from creation into production, and most provide preproduction scanning combined with runtime monitoring and protection.