At the end of the first day of the Gartner Security and Risk Management summit in London, I had the opportunity to catch one of the distinguished analysts looking at the state of security in terms of the top ten technologies.
Presenting in the final session at the event, Neil McDonald, vice president, distinguished analyst and Gartner Fellow in Gartner Research presented on the “top ten technologies for information security”, where Gartner’s 60 security analysts from around the world submitted their key technologies.
McDonald said that these “had to be emerging, and needed to be transformative so it changes the way you do your job”, and he explained that he asked for technologies, not just trends. The list was as follows:
1 – Cloud access security broker market – McDonald said that this was “very real” as it is about providing visibility into the use of cloud based resources, such as encryption. He said that this was a technology which gets between the user and cloud as users use cloud based technologies such as SaaS.
2 – Adaptive access control – There is a need, he said to have more context into a decision at real time, such as the location of a user and device. “What do they support, how do they integrate into existing technology?”
3 – Pervasive sandboxing – Admitting that FireEye were the “poster boys of this section, but only offer detonation, McDonald said that the technology was about content detonation and IOC confirmation, and that this was becoming a feature of a capable platform and was the most introduced capability as a part of an underlying platform.
4 – Endpoint protection evolves – McDonald listed the prominent anti-virus vendors, saying that most focus on prevention. “The market needs better detection and response and assumes attacks get past and how do we find it? Not with traditional anti-virus; a new segment is growing up as anti-virus vendors are failing to lead,” he said.
5 – Big Data security analytics at the heart of next generation security platforms – He explained that all technologies generate vast amounts of data that the SIEM can handle, but once you have
got the data there is not the insight or intelligence, so we are seeing domain specific technologies that analyse specific layers to provide value to SIEM, and reduce noise that SIEM has to deal with.
6- Machine readable threat intelligence and reputation feeds – “Can pull in an IP feed to make your firewall smarter, so businesses build services to deliver intelligence as a service, not as a PDF report,” he said. This is about specific intelligence to pull into firewall or gateway, and can provide valuable insight and protection.
7 – Containment and isolation as a foundational security strategy, even on Windows. McDonald was very fond of the Bromium microvisor technology, which offers containment, but also Invincea, Blue Ridge and others who can offer an untrusted system and carve out trusted space, and you can use it as a pillar in your security strategy.
8 – Software-defined security – McDonald explained that we have heard of software-defined networking and storage, and now VMWare is talking of software-defined data centre, but security now needs it too. He explained that we if we can de-couple security from the underlying enforcement points anywhere in the data centre or in the cloud, then this could happen. “It is now where you put your favourite physical firewall, but about agility and speed of controls, and allow to embrace cloud computing even with computing models,” he said.
9 – Interactive application security testing – McDonald said that vendors are shipping such products today, and this is different as by instrumenting run time, you can observe as it is under test. “With this you are getting an inside-out view of the code that is associated with static testing,” he said. “This reduces scan time, false positives and makes results more actionable.”
10 – Security gateways, brokers and firewalls– Not new, but McDonald said that these are at the cutting edge where need to pay attention to, as traditional perimeters are not going away and we are dealing with complexity as sensors become more intelligent and exchange information. “Our ability to put agents on has reduced, if not been eliminated, and protocols are specific as vendors focus on the Internet of Things gateway between a device and users that can broker a policy,” he said.
He concluded by saying that the three technologies which did not make the list: deception and diversion technologies; open source software source code identification and vulnerability tracking; and application hardening and obfuscation, especially for mobile applications, were nominated but close.
Speaking to IT Security Guru, I asked McDonald if old technologies were obsolete, or should users be demanding more from their existing vendors? He said that ideally people will be pressuring their existing vendors to deliver these technologies.
“What is happening is the bigger vendors are invariably are slower to move, customers have real problems and typically will buy these solutions to fill the gap,” he said. “That is how the security market has been and vendors tend to not innovate quickly, but they tend to eventually come around and some customers need to plug that gap with the solutions and technologies that we talked about today.
“Some can wait and others need to find a better solution. For example, go back ten years and look at anti-spyware, there were a large number of vendors offering it. Some were acquired, some are no longer around, but now there is no market as you get it from Symantec, or McAfee and you expect the leaders to provide this, it just took a while as it will with many of these technologies we talked about today.”
McDonald mentioned that as an industry, there are too many “incumbent vendors” who sell “over-priced boxes and do not like to sell software and cannot embrace as conflict of interest”. Some may not like his top ten, while others will see this as an opportunity to step into a new, developing area. As a user, you are the one with the buying power and the capability to choose what defence and protection you choose to sink the investment into.