Gartner believes it has identified the top cyber security technologies
Data breaches are foretasted to cost businesses $2.1 trillion globally by 2019! At the same time cyber security technologies are developing to mitigate cyber-crime. Gartner, the analyst firm, have attempted to identify up and coming cyber security technologies that are here to fight cyber-crime and win the battles.
Top 10 Cyber Security Technologies
1 – Cloud access security brokers (CASB)
CASBs provide a critical control point for the secure and compliant use of cloud services across multiple cloud providers. Many software as a service apps have limited visibility and control options. CASB solutions fill many of the gaps in individual cloud services and allow CISOs to control security across a growing set of cloud services. CASBs address a critical CISO requirement to set policy, monitor behavior and manage risk across the entire set of enterprise cloud services being consumed.
2 – Endpoint detection and response (EDR)
The emerging imperative is to detect potential breaches and react faster. EDR tools typically record numerous endpoint and network events, and store this information either locally on the endpoint or in a centralized database. Databases of known indicators of compromise. Behavior analytics and machine-learning techniques are then used to continuously search the data for the early identification of breaches, including insider threats, and to rapidly respond to those attacks.
3 – Non-signature approaches for endpoint prevention
Purely signature-based approaches for malware prevention are ineffective against advanced and targeted attacks. Multiple techniques are emerging that augment traditional signature-based approaches, including memory protection and exploit prevention that prevent the common ways that malware gets onto systems, and machine learning-based malware prevention using mathematical models as an alternative to signatures for malware identification and blocking.
4 – User and entity behavioral analytics
User and entity behavioral analytics (UEBA) enables broad-scope security analytics, much like security information and event management (SIEM) enables broad-scope security monitoring. UEBA provides user-centric analytics around user behavior, but also around other entities such as endpoints, networks and applications. The correlation of the analyses across various entities makes the analytics’ results more accurate and threat detection more effective.
5 – Microsegmentation and flow visibility
Once attackers have gained a foothold in enterprise systems, they typically can move unimpeded laterally (‘east/west’) to other systems. To address this, there is an emerging requirement for ‘microsegmentation’ (more granular segmentation) of east/west traffic in enterprise networks. In addition, several of the solutions provide visibility and monitoring of the communication flows. Visualization tools enable operations and security administrators to understand flow patterns, set segmentation policies and monitor for deviations. Additional encryption of network traffic is available also (typically, point-to-point IPsec tunnels) between workloads for the protection of data in motion, and provide cryptographic isolation between workloads.
6 – Security testing for DevOps (DevSecOps)
Security needs to become an integral part of DevOps style workflows – DevSecOps. DevSecOps operating models emerging use scripts, ‘recipes,’ blueprints and templates to drive the underlying configuration of security infrastructure – including security policies such as application testing during development or network connectivity at runtime. In addition, several solutions perform automatic security scanning for vulnerabilities during the development process looking for known vulnerabilities before the system is released into production. Whether security is driven from models, blueprints, templates or toolchains, the desired outcome is an automated, transparent and compliant configuration of the underlying security infrastructure based on policy reflecting the currently deployed state of the workloads.
7 – Intelligence-driven SOC orchestration solution
An intelligence-driven security operations center (SOC) goes beyond preventative technologies and the perimeter, and events-based monitoring. An intelligence-driven SOC has to be built for intelligence, and used to inform every aspect of security operations. To meet the challenges an intelligence-driven SOC also needs to have an adaptive architecture and context-aware components. The intelligence-driven SOC (ISOC) includes automation and orchestration of SOC processes as a key enabler.
8 – Remote browser
Most attacks start by targeting end-users with malware delivered via email, URLs or malicious web sites. An emerging approach to address this risk is to remotely present the browser session from a ‘browser server’ (typically Linux based) running on-premises or delivered as a cloud-based service. By isolating the browsing function from the rest of the endpoint and corporate network, malware is kept off of the end-user’s system and the company has significantly reduced the surface area for attack by shifting the risk of attack to the server sessions, which can be reset to a known good state on every new browsing session, tab opened or URL accessed.
9 – Deception
Deception technologies are defined by the use of deceits and/or tricks designed to thwart, or throw off, an attacker’s cognitive processes, disrupt an attacker’s automation tools, delay an attacker’s activities or disrupt breach progression. For example, deception capabilities create fake vulnerabilities, systems, shares and cookies. An attack on fake resources, it is a strong indicator that an attack is in progress, as a legitimate user should not see or try to access these resources. Deception technologies are emerging for network, application, endpoint and data, with the best systems combing multiple techniques.
10 – Pervasive trust services
Because enterprise security is extended operational technology and the Internet of Things, new security models must emerge to provision and manage trust at scale.
Trust services are designed to scale and support the needs of billions of devices, many with limited processing capability. Organizations looking for larger-scale, distributed trust or consensus-based services should focus on trust services that include secure provisioning, data integrity, confidentiality, device identity and authentication. Some leading-edge approaches use distributed trust and block chain-like architectures to manage distributed trust and data integrity at a large scale.
No doubt, as the new threats emerge will will see evolving cyber security technologies set to fill the gaps in existing approaches.