Gartner highlighted the top technologies for information security and their implications for security organizations in 2017. Those are:
Cloud Workload Protection Platforms
Modern data centers support workloads that run in physical machines, virtual machines (VMs), containers, private cloud infrastructure and almost always include some workloads running in one or more public cloud infrastructure as a service (IaaS) providers.
Gartner says that hybrid cloud workload protection platforms (CWPP) provide information security leaders with an integrated way to protect these workloads using a single management console and a single way to express security policy, regardless of where the workload runs.
Symantec’s cloud workload protection is an example to understand how it works. The cyber security solutions provider offers automated and elastic cloud-native security for AWS and Azure workloads. This offering discovers software services on workloads automatically and provides real time visibility into infrastructure changes.
For the public cloud users, this security solution offers protection against advanced attacks and zero-day threats. The included Real-time file integrity monitoring (RT-FIM) prevents unauthorized changes, while real-time user activity and application process monitoring identifies suspicious behaviours.
Remote Browser
Almost all successful attacks originate from the public internet, and browser-based attacks are the leading source of attacks on users.
Gartner recommends having secure remote browsing technologies in place to avoid such incidents.
By isolating the browsing function, malware is kept off of the end-user’s system and the enterprise has significantly reduced the surface area for attack by shifting the risk of attack to the server sessions, which can be reset to a known good state on every new browsing session, tab opened or URL accessed.
U.S.-based Light Point Security is in the field executing web content off of your computer and isolates it in a one-time-use remote virtual machine. This will stop any website code ever reaching your computer, while giving a real-time interactive image of the websites you visit.
Other companies offering web isolation platforms are Crusoe Security, Menlo Security, Fireglass etc.
Deception
Deception technologies are defined by the use of deceits, decoys and/or tricks designed to thwart, or throw off, an attacker’s cognitive processes, disrupt an attacker’s automation tools, delay an attacker’s activities or detect an attack.
By using deception technology behind the enterprise firewall, Gartner says that enterprises can better detect attackers that have penetrated their defenses with a high level of confidence in the events detected. Deception technology implementations now span multiple layers within the stack, including endpoint, network, application and data.
According to a Research and Markets report, the North America deception technology market size is estimated to grow at a Compound Annual Growth Rate (CAGR) of 11.1 percent during 2016-2022.
Meanwhile, a Markets and Markets report predicts that the deception technology market size is estimated to grow from $1.04 Billion in 2016 to $ 2.09 Billion by 2021, at the CAGR of 15.1 percent.
The major factors that are driving the deception market globally are, the rise of APTs and zero-day attacks, demand for a powerful solution for early detection of attackers by enterprises, and the rise in adoption of Bring Your Own Device (BYOD) and Internet of Things (IoT) trend within enterprises.
Cyber security company TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Rapid7, Logrhythm, Attivo Networks, Illusive Networks, Cymmetria etc are some other companies offering deception technology.
Endpoint Detection and Response
Endpoint detection and response (EDR) solutions augment traditional endpoint preventative controls such as an antivirus by monitoring endpoints for indications of unusual behavior and activities indicative of malicious intent.
Gartner predicts that by 2020, 80 percent of large enterprises, 25 percent of midsize organizations and 10 percent of small organizations will have invested in EDR capabilities.
Research and Markets estimates that this market segment will grow from $749.0 Million in 2016 to $2,285.4 Million by 2021, at a CAGR of 25 percent.
The major growth drivers of the Endpoint Detection and Response market include the need to mitigate IT security risks and increasing instances of enterprise endpoint-targeted attacks, coupled with the surge in demand from Small and Medium-sized Enterprises (SMEs), owing to the rise in the adoption of hosted EDR solutions.
Major companies involved in the EDR market are Carbon Black, Cisco Systems, Crowdstrike, Fireeye, Intel Security – Mcafee etc.
Network Traffic Analysis
Network traffic analysis (NTA) solutions monitor network traffic, flows, connections and objects for behaviors indicative of malicious intent. Enterprises looking for a network-based approach to identify advanced attacks that have bypassed perimeter security should consider NTA as a way to help identify, manage and triage these events.
According to Market Research Future Analysis, the network analytics market is showing rapid growth in the near future. The demand for advanced analytical tools and analytics applications is increasing rapidly due to the massive challenge of analyzing the huge amount of network data structure in real time. Network analytics provides solutions like network intelligence solutions and managed and professional services
The firm predicts that Global Network Analytics Market will be valued at $ 3.1 Billion during forecast period 2016 to 2022. Major players in this market segment include, Accenture, Juniper Networks, Alcatel-Lucent S.A., IBM, Brocade Communications Systems, Cisco Systems, HP etc.
Managed Detection and Response
Managed detection and response (MDR) providers deliver services for buyers looking to improve their threat detection, incident response and continuous-monitoring capabilities, but don’t have the expertise or resources to do it on their own.
Demand from the small or midsize business (SMB) and small-enterprise space has been particularly strong, as MDR services hit a “sweet spot” with these organizations, due to their lack of investment in threat detection capabilities.
According to Gartner, by 2020, 15 percent of midsize and enterprise organizations will be using services like MDR.
Microsegmentation
Once attackers have gained a foothold in enterprise systems, they typically can move unimpeded laterally (“east/west”) to other systems. Microsegmentation is the process of implementing isolation and segmentation for security purposes within the virtual data center.
Like bulkheads in a submarine, microsegmentation helps to limit the damage from a breach when it occurs. Microsegmentation has been used to describe mostly the east-west or lateral communication between servers in the same tier or zone, but it has evolved to be used now for most of communication in virtual data centers.
Data center virtualization technology vendors, including Cisco, Nuage, and VMware have been projecting micro-segmentation as an advantage of network virtualization (NV). VMware has made micro-segmentation part of its NV marketing strategy.
Software-Defined Perimeters
A software-defined perimeter (SDP) defines a logical set of disparate, network-connected participants within a secure computing enclave. The resources are typically hidden from public discovery, and access is restricted via a trust broker to the specified participants of the enclave, removing the assets from public visibility and reducing the surface area for attack.
Gartner predicts that through the end of 2017, at least 10 percent of enterprise organizations will leverage software-defined perimeter (SDP) technology to isolate sensitive environments.
According to Stratistics MRC, the Global SDP Market is accounted for $737.25 million in 2015 and is expected to reach $6,102.2 million by 2022 growing at a CAGR of 35.2 percent from 2015 to 2022.
Some of the key drivers that are influencing the SDP market include lack of cyber security talent, growing usage of cloud based applications, strong regulation and compliance requirements and demand for policy driven, scalable and programmable security architecture.
However, lack of awareness with reference to security in virtualization environment is constraining the market. Moreover, rising number of coupled devices due to IOT & BYOD trends and increasing demand for SDP’s will offer a predominant growth opportunities for the market.
Cloud Access Security Brokers
Cloud access security brokers (CASBs) address gaps in security resulting from the significant increase in cloud service and mobile usage. CASBs provide information security professionals with a single point of control over multiple cloud service concurrently, for any user or device. The continued and growing significance of SaaS, combined with persistent concerns about security, privacy and compliance, continues to increase the urgency for control and visibility of cloud services.
Key Market Insights predicts that the cloud access security brokers market size is estimated to grow from $3.34 Billion in 2015 to $7.51 Billion by 2020, at an estimated CAGR of 17.6 percent.
The market research firm notes that the increasing adoption of cloud-based applications such as Office 365, Salesforce, Google Apps, Box, and others by the end-users, SMBs, and the large enterprises is expected to play a key role in fueling the growth of the market during the forecast period.
Some of the known CAS brokers are – Cloudlock , Imperva , Bitglass , Ciphercloud , Netskope , Skyhigh Networks , ProductOffered , Cloudmask
OSS Security Scanning and Software Composition Analysis for DevSecOps
Gartner says that information security architects must be able to automatically incorporate security controls without manual configuration throughout a DevSecOps cycle in a way that is as transparent as possible to DevOps teams and doesn’t impede DevOps agility, but fulfills legal and regulatory compliance requirements as well as manages risk.
Security controls must be capable of automation within DevOps toolchains in order to enable this objective. Software composition analysis (SCA) tools specifically analyze the source code, modules, frameworks and libraries that a developer is using to identify and inventory OSS components and to identify any known security vulnerabilities or licensing issues before the application is released into production.
Container Security
Containers use a shared operating system (OS) model. An attack on vulnerability in the host OS could lead to a compromise of all containers. Containers are not inherently unsecure, but they are being deployed in an unsecure manner by developers, with little or no involvement from security teams and little guidance from security architects.
Traditional network and host-based security solutions are blind to containers. Container security solutions protect the entire life cycle of containers from creation into production and most of the container security solutions provide preproduction scanning combined with runtime monitoring and protection.
