One of the top challenges many cyber security executives face today is deciding which technologies to invest in to strengthen their organizations’ security posture.
On the one hand, having a lot of tools to choose from is a good thing because these solutions provide a host of capabilities that can help stop the latest attacks. On the other, it can complicate the process of evaluating and deploying technologies.
What are the optimal security technologies today? It really depends on what an organization is looking to achieve with its security strategy, the types of threats it typically faces, how big its infrastructure is, what kind of inhouse expertise is has, etc.
Earlier this year research firm Gartner Inc. weighed in with its selection of the top technologies for information security and their implications for security organizations. These might present ideas for cyber security leaders looking to find just the right products that are missing from their portfolio. Here’s a brief description of some of the technologies:
Cloud Workload Protection Platforms (CWPP). These platforms provide an integrated way to protect workloads in various cloud environments via a single management console and a single way to express security policy, regardless of where workload are running.
Remote Browser. Most attacks originate from the public Internet, and browser-based attacks are the top source of attacks. While target organizations might not be able to stop these attacks, they can contain the damage by isolating Internet browsing sessions from enterprise endpoints and networks. By doing this, they can keep malware off users’ systems and significantly reduce the surface area for attack.
Deception. Deception technologies are use decoys and/or tricks designed to thwart an attacker's cognitive processes, disrupt an attacker's automation tools, delay an attacker's activities or detect an attack. By using the technology behind a firewall, companies can better detect attackers that have penetrated their defenses.
Endpoint Detection and Response (EDR). These tools augment traditional endpoint preventative controls such as antivirus software by monitoring endpoints for indications of unusual behavior and activities that might indicate malicious intent. Gartner predicts that by 2020, 80% of large enterprises will have invested in EDR capabilities.
Network Traffic Analysis (NTA). These solutions monitor network traffic, connections, and objects for behavior that’s indicative of malicious intent. Organizations looking for a network-based method of identifying advanced attacks that have bypassed perimeter security should consider NTA as a way to help identify, manage and triage these events, Gartner said.
Managed Detection and Response (MDR). These services help organizations improve their threat detection, incident response, and continuous-monitoring capabilities. They’re especially suitable for small and mid-size businesses that lack internal security expertise.
Microsegmentation. Microsegmentation is the process of implementing isolation and segmentation for cyber security purposes within a virtualized data center. It helps organizations limit the damage when a breach occurs, and has evolved to be used for most of communication in virtual data centers, according to Gartner.
Software-Defined Perimeters (SDP). These perimeters define a logical set of disparate, network-connected participants within a secure computing environment. The resources are typically hidden from public discovery, and access is restricted through a trust broker to the specified participants of the environment. This removes assets from public visibility and reduces the surface area for attack. Gartner predicts that through the end of 2017, at least 10% of enterprises will leverage SDP technology to isolate sensitive environments.
Cloud Access Security Brokers (CASB). These tools address the cyber security gaps that result from the increase in the use of cloud services and mobile devices. CASBs provide a single point of control over multiple cloud services, for any user or device. The growing popularity of software-as-a-Service (SaaS) and the ongoing concerns about security and compliance is driving the urgency for control and visibility of cloud services, Gartner said.
OSS Security Scanning and Software Composition Analysis for DevSecOps. Cyber security architects need to be able to automatically incorporate security controls without manual configuration throughout a DevSecOps cycle in a way that’s as transparent as possible to DevOps teams and doesn't impede DevOps agility, but fulfills legal and regulatory compliance requirements and manages risk, Gartner said. Software composition analysis (SCA) tools specifically analyze the source code, modules, frameworks, and libraries developers use to identify and inventory OSS components and identify known security vulnerabilities before an application is released into production.
Container Security. Containers aren’t inherently unsecure, Gartner said, but they’re being deployed in an unsecure manner by developers, with little or no involvement from cyber security teams and little guidance from security architects. Traditional network and host-based security solutions do not consider containers, so container security tools are needed to protect the lifecycle of containers from creation to production.