The evolving digital business requirements demand advanced threats solutions. Gartner calls the information security organizations to create necessary infrastructure capable of adapting to the increasing threat environment. In support, the organization presented 10 technologies for information security at the Gartner Security and Risk Management Summit.
According to Neil MacDonald, vice president, distinguished analyst and Gartner Fellow Emeritus, “Security and risk leaders need to fully engage with the latest technology trends if they are to define, achieve and maintain effective security and risk management programs that simultaneously enable digital business opportunities and manage risk.”
The usage of cloud services has increased drastically, but many software as a service (SaaS) apps have limited visibility and control options. Gartner highlights Cloud Access Security Brokers (CASBs) as a solution to gain control over the cloud services across multiple cloud providers.
Another solution Gartner highlighted is Endpoint Detection and Response (EDR), which typically records numerous endpoint and network events, and store the information in a centralized database. These information are then searched using various technologies to identify the breach of security and to devise solutions to respond to security threats.
Non-signature approaches for malware prevention, user and entity behavioral analytics (UEBA), micro-segmentation and flow visibility, DevSecOps, intelligence-driven security operations center orchestration solutions, remote browser, and pervasive trust services are the other technologies Gartner suggest.
Among these, UEBA enables broad-scope security analytics. It provides user-centric analytics around user behavior, also around other entities such as endpoints, networks and applications, thus delivering more accurate threat detection.
Microsegmentation comes into play when attackers already gain a foothold in enterprise systems. Once attacked, they freely move east/west to other systems. Hence, there is a need for more granular segmentation of east/west traffic in enterprise networks. Moreover, the visualization tools enable operations and security administrators to understand flow patterns, set segmentation policies and monitor for deviations.
An intelligence-driven security operations center (SOC) goes beyond preventative technologies and the perimeter, and events-based monitoring. It informs every aspect of security operations.