Current Filter: Security>>>>>Opinion>

   

So says Neil MacDonald, vice president and Gartner Fellow. "With the opportunities of the Nexus come risks," he adds. "Security and risk leaders need to fully engage with the latest technology trends, if they are to define, achieve and maintain effective security and risk management programmes that simultaneously enable business opportunities and manage risk."

The warning came as global analyst organisation Gartner highlighted the top 10 technologies for information security and their implications for security organisations in 2014. Analysts presented their findings during the recent Gartner Security & Risk Management Summit and it makes for absorbing reading for anyone intent on staying safe and secure. Here is Gartner's take:

Cloud Access Security Brokers. Cloud access security brokers are on-premises or cloud-based security policy enforcement points placed between cloud services consumers and cloud services providers to interject organisational security policies as the cloud-based resources are accessed. In many cases, initial adoption of cloud-based services has occurred outside the control of IT, and cloud access security brokers offer an organisation increased visibility and control as its users access cloud resources.

Adaptive Access Control. Adaptive access control is a form of context-aware access control that acts to balance the level of trust against risk at the moment of access using some combination of trust elevation and other dynamic risk mitigation techniques. Context awareness means that access decisions reflect current condition, and dynamic risk mitigation means that access can be safely allowed where otherwise it would have been blocked. Use of an adaptive access management architecture enables an organisation to allow access from any device, anywhere, and allows for social ID access to a range of corporate assets with mixed risk profiles. Pervasive Sandboxing (Content Detonation) and IOC Confirmation. Some attacks will inevitably bypass traditional blocking and prevention security protection mechanisms, in which case it is key to detect the intrusion in as short a time as possible to minimise the hacker's ability to inflict damage or extract sensitive information. Many security platforms now included embedded capabilities to run ("detonate") executables and content in virtual machines (VMs) and observe the VMs for indications of compromise.

This capability is rapidly becoming a feature of a more-capable platform, not a stand-alone product or market. Once a potential incident has been detected, it needs to be confirmed by correlating indicators of compromise across different entities - for example, comparing what a network-based threat detection system sees in a sandboxed environment to what is being observed on actual endpoints in terms of processes, behaviours, registry entries and so on.

Endpoint Detection and Response Solutions. The endpoint detection and response (EDR) market is an emerging market created to satisfy the need for continuous protection from advanced threats at endpoints (desktops, servers, tablets and laptops) - most notably significantly improved security monitoring, threat detection and incident response capabilities. These tools record numerous endpoint and network events and store this information in a centralised database.

Analytics tools are then used to continually search the database to identify tasks that can improve the security state to deflect common attacks, to provide early identification of ongoing attacks (including insider threats), and to rapidly respond to those attacks. These tools also help with rapid investigation into the scope of attacks, and provide remediation capability.

Page   1  2