Security | News
Report: 10 Security Functions Coming to the Forefront
- By Dian Schaffhauser
Information security in the education segment is becoming more demanding, and as a result the tools and tactics necessary for securing schools is churning. A recent presentation at Gartner's Security & Risk Management Summit laid out 10 "top" technologies and approaches security professionals should consider adding to their security portfolios:
- Cloud access security brokers;
- Adaptive access control;
- Pervasive sandboxing;
- Endpoint detection and response;
- Big data security analytics;
- Machine-readable threat intelligence;
- Software-defined security;
- Isolation and containment;
- Integrated application testing; and
- The "nascent" category of security brokers, firewalls and gateways for securing the enterprise version of the "Internet of Things."
Neil MacDonald, Gartner research vice president, explained that the list was compiled using three criteria. Each technology was "emerging" and was expected to gain pickup traction this year; it needed to be "transformative," either to the people using them or the processes to which they were applied or as a technology itself; and it needed to address "one or more aspects" of what Gartner terms the "nexus of forces," encompassing the cloud, social, mobile and big data.
"With the opportunities of the 'nexus' come risks," said MacDonald. "Security and risk leaders need to fully engage with the latest technology trends if they are to define, achieve and maintain effective security and risk management programs that simultaneously enable business opportunities and manage risk."
"Cloud access security brokers" are security policy enforcement "points" set up between users of cloud services and the providers to place a layer of security policies on access of cloud-based resources. Those policies might focus on authentication, single sign-on, device profiling, and malware detection and prevention.
"Adaptive access control" is a more flexible approach to access control that gives or denies users access to information based on "context-awareness." The system continually assesses the risk of the access.
"Pervasive sandboxing" is a function being integrated into "more capable" security platforms that can set up a virtual machine to test out an executable file in a safe environment. Once a problem is detected with the content, that finding is confirmed through other "indicators," such as what's going on with registry entries in live systems.
"Endpoint detection and response" is the practice of compiling data about endpoint and network events focused on PCs, tablets, laptops and servers and storing it in a central database, then using analytical tools to identify possible attacks, seek patterns that can improve security for those devices and respond to threats.
"Big data security analytics" according to Gartner, will surface in security applications as a feature. In fact, the company predicted that by 2020, 40 percent of organizations will have a "security data warehouse" to maintain the data generated in the monitoring of computing "entities." The analytics will be used to highlight "deviations" from the norm.
"Machine-readable threat intelligence" will integrate external context and intelligence feeds to perform a dynamic assessment of "trustability" that can be "factored into security decisions," reported Gartner. "For example, user and device reputation as well as URL and IP address reputation scoring can be used in end-user access decisions."
"Isolation and containment" of anything unknown could increasingly become the norm, predicted Gartner — akin to an "air-gapped" system for handling untrusted content and applications. Analysts projected that this would become a strategy among a fifth of enterprises by 2016.
"Software defined security" is an approach that "decouples" the data elements of the IT infrastructure — such as servers and storage as well as security — from its physical manifestation in order to shift the "intelligence" of operations to software and away from hardware, making for a more nimble security environment.
"Interactive application testing" combines the techniques of static and dynamic application security testing in order to "confirm or disprove the exploitability of the detected vulnerability" and determine where it lives in the application code.
"Security brokers, firewalls and gateways," the newest technology on Gartner's radar, will be needed to secure what MacDonald referred to as "operational technology" — enterprise equipment that has moved to IP-based technologies that need to be "managed, secured and provisioned" just like every other endpoint on the network.
"We must assume our systems have been, and will continue to be compromised, which forces a shift in focus to how to minimize damage — either by improving post infection detection methods or by isolating the attack to minimize its impact," said MacDonald.