Sunteți pe pagina 1din 9

R

Previous Next

Previous Next
JANUARY 2017

Previous Next

Five Security Technologies


Previous Next

to Watch in 2017 Download

These emerging tools and services promise to make a difference this year.
Are they on your companys list? >> Subscribe
By Jaikumar Vijayan

Powered by
Content Spotlight
A Network Managers Guide
Five Security Technologies to Ransomware
Provided by:

to Watch in 2017
These emerging tools and services promise to make a difference in 2017.
Are they on your companys list?
By Jaikumar Vijayan

A s enterprises prepare for another year of fighting


against cyberattacks, their confidence in their defenses
continues to wane. In a 2016 survey, 72% of IT security
professionals attending the Black Hat conference said
it is likely that they will have to respond to a major se-
curity breach in the next 12 months (see chart, p. 6). Nearly three-
quarters said they dont believe they have enough staff or budget
to meet the threat (see chart, p. 7).
And so the search for technological solutions continues. After
spending nearly $74 billion on information security products in 2016,
analyst firm IDC estimates that businesses worldwide will spend even
more in the coming year and a staggering $101.6 billion in 2020.
Where will those dollars go? Much of the spending will be focused
on securing new computing environments, such as cloud services
and the Internet of Things (IoT), which present the potential for new Reg
Previous Next

darkreading.com January 2017 2


[ Five Security Technologies to Watch in 2017 ]

72%
threats. Other investments are designed to also be hooked directly to the application
help the enterprise integrate and harness programming interface of software-as-a-
its existing security technologies and data. service (SaaS) applications to monitor user Ensure Your
And finally, most enterprises are looking of IT security professionals said it is activity and data in a cloud application. Communications and
likely that they will have to Collaboration Systems Are
for help with the IT security skills shortage, Gartner defines CASBs as on-premises, or
Secured Against Attacks
which has made it difficult for companies to respond to a major security breach cloud-based security enforcement points
Modern communications
hire all of the talent they need to meet the that sit between cloud services consumers
in the next 12 months. environments can be a complex
challenge ahead. and cloud service providers. They can be mix of technologies, from legacy
Black Hat Attendee Survey, 2016 PBX systems, UC platforms, and
In this special issue of the Dark Reading used to enforce a slew of security policies, SIP trunks, to new API-enabled
Tech Digest, we take a closer look at five including those pertaining to user authen- and sometimes browser-based
emerging technologies and services that access enterprise data from anywhere at any tication, single sign-on, device profiling, en- real-time voice and video
tools. Theres only one event
enterprises are expected to invest in dur- time and with virtually any device. cryption, malware detection, and alerting, that provides you with the
ing the coming year: cloud access security Enter CASBs. Cloud access security bro- Gartner observes. in-depth, objective, vendor-
neutral expertise to ensure
brokers (CASBs); IoT security tools; security kers sit between your workers and the cloud Any organization that is leveraging the your organization is safe from
orchestration; threat intelligence platforms services they are trying to access. They give cloud for consuming services through attackers, hackers, phreakers, and
anybody else looking to do harm
(TIPs); and third-party professional services. you a way to enforce security policies by SaaS applications or delivering services
to or through your enterprise
ensuring that all traffic from your end user through the cloud via infrastructure-as- communications environment:
Cloud Access Security Brokers devices desktop, mobile, remote, and a-service or platform-as-a-service should Enterprise Connect Orlando,
held March 27-30. Save $100
Enterprises moving workloads to the cloud on-premises is routed through what is be using a CASB for visibility, compliance, on Entire Event and Tue-Thu
need a way to ensure their data is safe from essentially a central gateway. data security, and threat protection, says Conference passes or get a FREE
Expo pass with Marketing Code:
unauthorized access, theft, and various other A CASB gives administrators a way to in- Rohit Gupta VP of product management DARKREADING.
forms of compromise. They need visibility spect all cloud-bound traffic for malware, at Oracle. Gupta is the founder of Palerra, a
over all of their data and apps in the cloud; data leaks, and signs of unusual activity, and CASB technology vendor recently acquired Register
whos using them, when, where, and how. to detect the use of unsanctioned cloud by Oracle. Previous Next

Traditional security tools designed for on- services by employees. These cloud security Traditional security controls are gener- Previous Next

premises use such as network and web fire- gateways can also be used to encrypt data ally reactive and focused on protecting the
Previous Next

walls, host-based antivirus, and file integrity while it is in transit to the cloud platform or front door to applications and data, Gupta
monitoring products are not agile enough while it is being stored there, and to decrypt says. These controls are absolutely impor- Previous Next

to keep up with the cloud, where workers can it on the way back to the user. CASBs may tant and required for a defense-in-depth Reg
Previous
Download Next

darkreading.com January 2017 3

Subscribe
[ Five Security Technologies to Watch in 2017 ] Content Spotlight

model, but are often insufficient for todays Traditional security controls are As we saw in the recent IoT DDoS attacks, 5 Steps to Implement an
modern threats. absolutely important and required many of these devices have poor built-in Effective Insider Threat
Eric Andrews, VP of cloud security at Sy- security, says Manish Rai, VP of marketing Detection Program
for a defense-in-depth model but Provided by:
mantec, says that for all the functionality at Great Bay Software, a company that spe-
delivered by CASBs, the technology can of- are often insufficient for todays cializes in IoT connection security products,
fer a lot more. CASB is in its infancy, he says. modern threats. especially for the healthcare industry. Re-
Looking ahead, CASB solutions will evolve Rohit Gupta, VP of product source constraints on IoT devices, which are
to apply state of the art security technolo- management, Oracle purposely built to solve specific problems at
gies for malware analysis, sandboxing, ran- affordable price points, have led to security
somware detection, enterprise-class [data by the series of massive distributed denial limitations like lack of support for 802.1X
leak protection], adaptive identity manage- of service (DDoS) attacks in late 2016 that network security standards, he says.
ment, and encryption. took advantage of tens of thousands of IoT devices often use older versions of op-
Enterprises should also expect to see bet- compromised home routers, webcams, erating systems with known vulnerabilities
ter controls for shadow IT cloud app usage and other IoT products. and little to no support for remote patching.
and better integrations with endpoint tech- Gartner has predicted that over the next While PCs, notebooks, and other conven-
nologies, Andrews says. We predict CASB few years, enterprises and consumers will tional endpoint devices can be protected
will become a new central point of control connect a staggering 20.8 billion things against threats via antivirus and antimal-
and integration for the full stack of enterprise to the Internet, ranging from network-con- ware tools, IoT endpoints rarely support the
security technologies as they extend out nected consumer products like smart re- use of third-party security agents. Not sur-
from the enterprise to safeguard enterprise frigerators and home security systems to prisingly, many enterprises do not track all
data assets and activity in the cloud, he says. industry-class systems such as IP-enabled of the IoT devices on their network and dont
sensors in manufacturing floors, smart ve- understand the risk they represent, Rai says.
IoT Connection Security hicles, and medical devices. Based on the IoT connection security products are
IoT connection security is an emerging evidence from the 2016 attacks, it appears designed to address these securit y
category of products that are designed that a large number of these devices will challenges, including visibility, monitor-
to help enterprises detect, onboard, and have few security controls; many of them ing, enforcement, and onboarding. They
monitor IoT devices for compliance with are protected only by default or hardcoded can be used to monitor the behavior of
security policies. The need for such capa- passwords and cannot be remotely patched any connected IoT device and to detect
bilities is becoming critical, as evidenced or updated against security flaws. and flag behavior that is anomalous or Reg
Previous Next

darkreading.com January 2017 4


[ Five Security Technologies to Watch in 2017 ]

unexpected. For example, if the same In the short term, Utter says, expect to this surfeit of security technology.
device shows up in two different sub- see IoT connection products integrate Security orchestration tools are designed
nets, or if a printer that is not supposed more machine learning and automation to help address the situation by giving en-
Meet Securitys Best and
to communicate over FTP suddenly with existing network border controls. IoT terprises a way to connect disparate secu- Brightest
begins to do so, theres a good chance connection monitoring features will likely rity tools and bring their data together on a
The brightest minds in security
something is wrong, Rai says. begin to appear in home user equipment, single console, improving threat detection will return to Singapore for Black
carrier equipment, and enterprise tech- and automated response. Many security Hat Asia 2017. This four-day event
will be held at the Marina Bay
IoT devices often use older nology over the next two to five years, he automation and orchestration products Sands and opens with two days
versions of operating systems with predicts. Over the longer term, IoT devices use so-called playbooks to manage dif- of practical, hands-on Training
courses March 28-29, followed
known vulnerabilities and little to will have additional code in their firmware, ferent types of security incidents through by the Briefings, Business Hall,
enabling machine analytics and device their lifespan. Each playbook contains code Arsenal, and more March 30-31.
no support for remote patching. Register by January 27 to Save.
troubleshooting. and processes for detecting, analyzing, and
responding to incidents like terminating
Traditional endpoint control tools, such Security Orchestration and Automation processes, disabling a user ID, or reimaging Register
Previous Next

as antivirus software, dont work on IoT If enterprises are having trouble securing a firewall in an automated fashion. By
devices, which is why so many enterprises their networks against new and emerg- acting as a connective layer across security Previous Next

are interested in IoT connection security ing threats, it certainly isnt because they technologies, orchestration tools give ad- Previous Next

tools, adds Jamison Utter, VP at Senrio, lack security tools. In recent years, the ministrators a way to automate responses
IoT security tool vendor. IoT security tech- market for security products has been to security incidents and reduce the time
Previous Next

nology is useful for nearly anyone, Utter flooded with a dizzying array of tools and between threat detection and mitigation.
Download
says. Carriers need better protection and services designed to address an equally Security orchestration tools help address
visibility into the home space. Home users dizzying array of technology and busi- the problems caused by an overabundance
need better privacy and safety from the ness requirements. For many organiza- of security alert data and the shortage of Subscribe
devices they might be using. Enterprises tions, the problem is not that they dont first responders, says Ryan Stolte, founder
need it more and more while they ex- have enough security tools but that and CTO of Bay Dynamics. The fundamen-
pand and decentralize networks, from old they have too many. Most enterprises tal issue is that we have got far too many
model hub and spokes to mesh and cloud are looking for a way to manage the del- problems or issues than we can reasonably
networks. uge of data and alerts they receive from deal with as humans, Stolte says. We have Reg
Previous Next

darkreading.com January 2017 5


[ Five Security Technologies to Watch in 2017 ]

got this wealth of information from this


wealth of technologies that we have in- How likely do you think it is that your organization
vested in over time. But the information is will have to respond to a major security breach
rarely correlated, making it difficult to know in the next 12 months?
the whole story of a compromise. I have no doubt that we will have to respond to a major incident in the next 12 months
As attacks become increasingly auto- 15%
mated, organizations are under pressure Its highly likely
to bring all their security data together and 25%
quickly boil it down to the threats that re- Its somewhat likely
ally matter, so that they can be fixed quickly 32%
and, when possible, automatically, Stolte Its somewhat unlikely
says. Security orchestration tools help pin- 15%
Its highly unlikely
point and accentuate the things to look for.
7%
Instead of just saying this is a vulnerability,
you can start triangulating things and initi- Dont know/not sure
6%
ate responses automatically, based on the
Base: 250 respondents in 2016 and 460 respondents in 2015
severity of the threat. Data: UBM survey of security professionals, June 2016

Oliver Friedrichs, CEO and founder of


security orchestration startup Phantom, able to benefit from them, an organization data analytics engine in place, he says.
says there are four major factors driving first needs to have the right security tools The effectiveness of orchestration and
interest in such tools: a massive shortage in place. automation tools depends largely on the
of people, too many security products, You need to have something that pro- number of security products with which
a lack of interconnectedness among the duces some kind of high fidelity informa- they connect. With more than 1,500 ven-
security tools, and the need for faster re- tion that is actionable, Friedrichs says. dors competing in the security market, any
sponse times. Many organizations that are exploring the security orchestration tool must be able to
Policy automation and orchestration tools use of security orchestration tools already work with a plethora of systems to be effec-
can help reduce response times to seconds have robust security information and event tive, Friedrichs says.
instead of minutes and hours. But to be management (SIEM) capabilities or a big According to estimates from Research and Reg
Previous Next

darkreading.com January 2017 6


[ Five Security Technologies to Watch in 2017 ]

Markets, the market for security orchestration


tools will grow from $826 million in 2016 to Does your organization have enough security staff See the Future of IT
nearly $1.7 billion in 2021. Driving this de- to defend itself against current threats? Come to Life
mand are concerns over security breaches Attend Interop ITX 2017,
Yes the industrys most trusted,
and trends like mobility and cloud deploy- 26% independent conference for
ment, the research firm says. No, we could use a little help technology leaders. Join us May
55% 15-19 at the MGM Grand in Las
Vegas for five days of education
Threat Intelligence Platforms No, we are completely underwater on infrastructure, security, cloud,
15% data and analytics, DevOps, and
Like security orchestration tools, TIPs are an
What staff leadership and professional
emerging class of technology designed to 4% development. Uncover new
help correlate security data and improve solutions and services in our
Base: 250 respondents in 2016 and 460 respondents in 2015 Business Hall featuring 100+ of
an enterprises ability to respond to new Data: UBM survey of security professionals, June 2016
the industrys most innovative
threats. But while security orchestration is technology vendors.
focused primarily on data collected inter-
nally, TIPs collect and correlate data from external threat feeds. The sheer volume Trost, co-founder and chief technology
Register
external sources of threat data as well. of data often makes it hard for analysts to officer at ThreatQuotient, a TIP vendor. Previous Next

Todays enterprise has access to many spot the threats that matter to their orga- Historically, before intelligence platforms,
feeds of threat data, ranging from public nization so that they can apply the proper the analyst effort was purely tactical, Previous Next

sources such as US-CERT to commercial updates to their security controls. The as each analyst would maintain a daily Previous Next

collectors of information about current at- situation is often exacerbated by the non- spreadsheet of the latest malicious Previous Next

tacks and exploits happening on the Web. standard formats of threat intelligence indicators of compromise and develop
Enterprises can get reports on a wide vari- data, the poor quality of some feeds, and responses for them. Download
ety of potential security threats, including the need to sift through and weed out du- Besides being completely non-scalable
malicious IP addresses and URLs, mali- plicative information from the feeds. and time-consuming, this manual approach
cious files, phishing sites, hacker groups, Threat intelligence platforms fill a also created pockets of intelligence across Subscribe
and zero-day vulnerabilities. But as with gap between the hunters of security the security operations center, Trost says.
internal security data, many organizations information and the detection platforms The value of TIPs lies in their ability to
are inundated with data from multiple that monitor network activity, says Ryan automate the ingestion of threat feeds and Reg
Previous Next

darkreading.com January 2017 7


[ Five Security Technologies to Watch in 2017 ]

the distribution of the data to the detection


platforms, Trost observes. They free the an- Security Spending
How will spending on information security in 2016 compare with 2015?
alyst to focus on higher-value tasks, such
2016
as maintaining a big-picture view of ad-
Dont know
versary efforts, instead of spending hours
copying and pasting MD5 hashes from
Increase
malware reports to their endpoint con-
Decrease 16%
2%
trols, he says. And because a TIP consoli- 36%
dates data into a single system, it allows
analysts to collaborate.
Analyst firm IT-Harvest pegs the overall 46%
threat intelligence market in 2015 at $190
million and growing at 85% annually. TIPs About the same
accounted for $61 million of this figure,
and the category is growing at 84% a year Base: 300 respondents in 2016
Data: Dark Reading Strategic Security Survey of business technology and security professionals at organizations
more than three times the pace of the with 100 or more employees

overall security industry.


Adam Vincent, CEO of TIP vendor Threat- on it, Vincent says. The deficit is currently of years, threat intelligence was only
Connect, says much of the growth is be- measured in hundreds of days, and it has accessible to the largest organizations
ing driven by the need for organizations to been growing. TIPs eliminate the inefficien- with very large security budgets, Vincent
shorten detection and response times. The cies that are created by fragmented people, says. TIPs are making it possible for more
avalanche of data from external threat feeds processes, and technology, allowing secu- companies and agencies to start threat
and internal systems has overwhelmed rity teams to quickly sort through massive intelligence programs either on their
many security organizations and made it amounts of data to identify, manage, and own or with the help of a managed secu-
harder for them to detect the threats that block threats faster, he notes. rity services provider, he adds.
matter. Over the next few years, enterprises can
One of the biggest security gaps is the expect to see TIPs improve their ability Security Consulting and Services
time it takes to detect a threat and then act to view threat data. In the past couple For decades, firms like Ernst & Young, Regi
Previous Next

darkreading.com January 2017 8

Next
[ Five Security Technologies to Watch in 2017 ]

Pricewaterhouse Coopers, KPMG, and consulting services provider Bishop Fox. security consulting services that include
Deloitte have provided audit, tax, and Like some other companies in this space, penetration testing, code review, reverse
IT consulting services to organizations Bishop Fox has an assessment and penetra- engineering, and hardware assessments.
across industries. A growing number of firms tion testing practice that focuses on aspects For example, some of the main uses of
some new and some old are attempt- of offensive security. For instance, one of its IOActives penetration testing services are
ing the same model to deliver a range of services is to run simulation attacks depict- to help organizations identify the effective-
consulting, assessment, and penetration ing real-world scenarios on client networks ness of their security controls and to give
testing services in the security space. to help them identify weaknesses. Bishop them actionable information on how to ad-
Driven by the shortage of security tal- Fox also maintains an enterprise security dress and prioritize gaps.
ent, these services run the gamut of ca- practice that focuses on different aspects of The recommendations collapse into
pabilities, from helping organizations set defensive security. the four or five most important things you
up security programs to identifying gaps As breaches become more of the norm, need to do, from hundreds of possible ac-
in existing programs and recommending companies want a realistic view of the pos- tions, Miessler says. The goal is to give or-
ways to bolster security preparedness sibilities, Ragan says. As a result, theres ganizations recommendations that remove
and meet compliance objectives. Orga- growing interest in red team simulations the largest amount of insecurity and ensure
nizations can hire such services to help that model realistic threats including the best possible use of an organizations
at an enterprise level, or even with indi- social engineering attacks and denial of security team and infrastructure.
vidual projects. Often, such services are service simulations that companies pre- Gartner pegged the security consulting
vendor-agnostic and focus on identifying viously used to avoid because of fears of services market at $16.5 billion in 2015
problems, recommending actions, and disrupting their operations. and projects that it will grow at around
monitoring ongoing issues. The actual From the defensive side, more companies 7.6% annually.
implementation of any recommended ac- are hiring third-party consultants to serve
tion is left to the client. in chief information security officer and Jaikumar Vijayan is a technology writer with over 20
We see three main drivers increasing chief security officer roles, Ragan said. years of experience in IT reporting. He has covered in-
demand for security consulting services Security consulting services help compa- formation security and data privacy issues, as well as a
compliance requirements, customer re- nies prioritize the issues that matter, says variety of other technology topics, including big data,
quests, and data breaches, says Rob Ragan, Daniel Miessler, director of advisory ser- Hadoop, IoT, e-voting, and data analytics. Write to us
managing security associate at security vices at IOActive, a provider of end-to-end at editors@darkreading.com. Regi
Previous Next

darkreading.com January 2017 9

Next

S-ar putea să vă placă și