Gartner will debate the 10 main technologies for Information Security and their implications for companies in 2016, during the Gartner Security and Risk Management Conference, which will take place on August 2nd and 3rd, at the Sheraton São Paulo WTC Hotel (SP).
"Information Security and Infrastructure teams must adapt to emerging digital business requirements while being prepared to deal with an increasingly hostile environment. Security and Risk Management leaders need to learn to work with the latest technology trends if they want to define, achieve and maintain effective programs that simultaneously deliver digital business opportunities in line with risk management," said Neil MacDonald, Vice President, Analyst Emeritus and Fellow Emeritus at Gartner.
The 10 main technologies for Information Security are:
Cloud Access Security Agents - Cloud Access Security Brokers (CASBs) help Information Security professionals take critical control of secure usage in compliance with Cloud services from their various providers. Many Software as a Service (SaaS) have limited visibility and control options. However, adoption of SaaS is becoming commonplace in enterprises, which exacerbates the sense of frustration for security teams that want visibility and control of applications and the IT environment as a whole. CASB solutions fill many of the blanks in individual services stored in the Cloud and allow CISOs (Chief Information Security Officers) to perform their tasks simultaneously, including managing Infrastructure as a Service (IaaS) providers ) and Platforms as a Service (Platform as a Service – PaaS). In this way, the CASB complies with fundamental requirements for CISOs to establish policies, monitor behavior and manage risks of all the companies' Cloud services.
Endpoint Detection and Response (EDR) - The Endpoint Detection and Response (EDR) market is growing rapidly to meet the most effective protection needs, detecting and reacting more quickly to failures. EDR tools record various network events and endpoints and store this information locally or in a centralized database. Like Behavior Analytics, machine learning techniques and Known Indicators of Compromise (IOC) databases are used to continuously search for information to identify failures (including insider threats) and quickly respond to them. attacks.
Unsigned Approaches to Endpoint Prevention – Signature-only approaches to malware prevention are ineffective against advanced and targeted attacks. Several techniques that improve these traditional approaches have emerged, including memory protection and prevention against exploit, which prevent the most common forms of threats from entering systems, and automated prevention against learning-based malware, which uses mathematical models as signatures to identify and block threats.
User and company behavior analytics - User and Entity Behavior Analytics (UEBA) allows for a broader security analysis, much like Security Information and Event Management. Event Management – SIEM) that enable comprehensive security monitoring. UEBAs provide user-centric Analytics capable of analyzing their behavior and other factors such as endpoints, networks and applications. Correlating multi-factor analytics makes results more accurate and threat detection more effective.
Microsegmentation and flow visibility – When attacks gain access to corporate systems, they can freely move sideways ("east/west") to other systems, even before they are actually detected. To address this issue, there is a new requirement for "microsegmentation" (more granular segmentation) of traffic ("east/west") in corporate networks. In addition, many solutions also provide visibility and monitoring of communication flows. Visualization tools allow operations and security administrators to understand flow patterns, establish segmentation policies, and monitor any divergences. Several technology vendors offer optional encryption of network traffic (typically IPsec point-to-point tunnels) between workloads to protect data in motion and provide encrypted isolation between workloads.
Security Testing for DevOps (DevSecOps) – Security needs to become an integral part of business workflows (DevOps — DevSecOps), aligning the development team with the operations team, in relation to processes, tools and responsibilities. DevSecOps operating models are emerging and use certificates, templates and standards to drive implicit security infrastructure configuration, including policies such as testing applications during development or network connectivity. In addition, many solutions perform automatic assessments to find weaknesses during the development process, even before the system is released to production. Security, whether driven by models, standards or a set of tools, will have the desired concept and result, with an automated, transparent configuration in accordance with the security infrastructure desired by the company and based on policies that reflect the loads of current work.
Intelligence-based Security Operational Center orchestration solutions – The intelligence-based Security Operations Center (SOC) goes beyond event-focused monitoring and preventive technologies. Such a SOC should be used to report every aspect of security operations. To meet the challenges of the new detection and response paradigm, an intelligence-based SOC also needs to go beyond traditional defenses, with an adapted architecture and the use of context-sensitive components. To support the changes required in Information Security programs, the traditional SOC must develop to become an intelligence-based model, with the automation and orchestration of processes, positioning itself as a fundamental enabler.
Remote Browser – Most attacks start by targeting malware delivered via email or by accessing addresses (URLs) or websites at risk to end users. A new approach related to this risk is remote browser access through a "browsing server" (usually on Linux) that runs on-premises or in the Cloud. By isolating the navigation function from the rest of the Endpoint and the company's network, the malware stays off the end user's PC and the company significantly reduces its attack area by shifting the risk to server divisions that can be easily rebooted every browsing session, or every opening of a new page.
Deception Technology - Deception technologies are defined by the use of tricks or tricks designed to impede or eliminate the attacker's cognitive processes, interrupt their automation tools, delay their activities, or prevent the failure from progressing. Fraud capabilities create, for example, deceptive vulnerabilities, systems, shares and cookies that, when triggered, start the invasion, as a legitimate user should not see or attempt to access them. Deception technologies are emerging for networks, applications, endpoints and data with the best systems combining various techniques. Gartner predicts that by 2018, 10% of enterprises will use Deception technology tools and tactics against attackers.
Universal Security Services – The IT area and the Security departments of companies are being called on to extend their protection capabilities to operational technology and the Internet of Things (IoT). As such, new models must emerge to deliver and manage reliability at scale. Security services must be designed to elevate and support the needs of billions of devices. Companies looking for large-scale distributed reliability should focus on delivering security, data integrity, confidentiality, and device identity and authentication. Some leading-edge approaches use distributed reliability and lock chain architectures to manage data integrity on a large scale.
"Information Security and Infrastructure teams must adapt to emerging digital business requirements while being prepared to deal with an increasingly hostile environment. Security and Risk Management leaders need to learn to work with the latest technology trends if they want to define, achieve and maintain effective programs that simultaneously deliver digital business opportunities in line with risk management," said Neil MacDonald, Vice President, Analyst Emeritus and Fellow Emeritus at Gartner.
The 10 main technologies for Information Security are:
Cloud Access Security Agents - Cloud Access Security Brokers (CASBs) help Information Security professionals take critical control of secure usage in compliance with Cloud services from their various providers. Many Software as a Service (SaaS) have limited visibility and control options. However, adoption of SaaS is becoming commonplace in enterprises, which exacerbates the sense of frustration for security teams that want visibility and control of applications and the IT environment as a whole. CASB solutions fill many of the blanks in individual services stored in the Cloud and allow CISOs (Chief Information Security Officers) to perform their tasks simultaneously, including managing Infrastructure as a Service (IaaS) providers ) and Platforms as a Service (Platform as a Service – PaaS). In this way, the CASB complies with fundamental requirements for CISOs to establish policies, monitor behavior and manage risks of all the companies' Cloud services.
Endpoint Detection and Response (EDR) - The Endpoint Detection and Response (EDR) market is growing rapidly to meet the most effective protection needs, detecting and reacting more quickly to failures. EDR tools record various network events and endpoints and store this information locally or in a centralized database. Like Behavior Analytics, machine learning techniques and Known Indicators of Compromise (IOC) databases are used to continuously search for information to identify failures (including insider threats) and quickly respond to them. attacks.
Unsigned Approaches to Endpoint Prevention – Signature-only approaches to malware prevention are ineffective against advanced and targeted attacks. Several techniques that improve these traditional approaches have emerged, including memory protection and prevention against exploit, which prevent the most common forms of threats from entering systems, and automated prevention against learning-based malware, which uses mathematical models as signatures to identify and block threats.
User and company behavior analytics - User and Entity Behavior Analytics (UEBA) allows for a broader security analysis, much like Security Information and Event Management. Event Management – SIEM) that enable comprehensive security monitoring. UEBAs provide user-centric Analytics capable of analyzing their behavior and other factors such as endpoints, networks and applications. Correlating multi-factor analytics makes results more accurate and threat detection more effective.
Microsegmentation and flow visibility – When attacks gain access to corporate systems, they can freely move sideways ("east/west") to other systems, even before they are actually detected. To address this issue, there is a new requirement for "microsegmentation" (more granular segmentation) of traffic ("east/west") in corporate networks. In addition, many solutions also provide visibility and monitoring of communication flows. Visualization tools allow operations and security administrators to understand flow patterns, establish segmentation policies, and monitor any divergences. Several technology vendors offer optional encryption of network traffic (typically IPsec point-to-point tunnels) between workloads to protect data in motion and provide encrypted isolation between workloads.
Security Testing for DevOps (DevSecOps) – Security needs to become an integral part of business workflows (DevOps — DevSecOps), aligning the development team with the operations team, in relation to processes, tools and responsibilities. DevSecOps operating models are emerging and use certificates, templates and standards to drive implicit security infrastructure configuration, including policies such as testing applications during development or network connectivity. In addition, many solutions perform automatic assessments to find weaknesses during the development process, even before the system is released to production. Security, whether driven by models, standards or a set of tools, will have the desired concept and result, with an automated, transparent configuration in accordance with the security infrastructure desired by the company and based on policies that reflect the loads of current work.
Intelligence-based Security Operational Center orchestration solutions – The intelligence-based Security Operations Center (SOC) goes beyond event-focused monitoring and preventive technologies. Such a SOC should be used to report every aspect of security operations. To meet the challenges of the new detection and response paradigm, an intelligence-based SOC also needs to go beyond traditional defenses, with an adapted architecture and the use of context-sensitive components. To support the changes required in Information Security programs, the traditional SOC must develop to become an intelligence-based model, with the automation and orchestration of processes, positioning itself as a fundamental enabler.
Remote Browser – Most attacks start by targeting malware delivered via email or by accessing addresses (URLs) or websites at risk to end users. A new approach related to this risk is remote browser access through a "browsing server" (usually on Linux) that runs on-premises or in the Cloud. By isolating the navigation function from the rest of the Endpoint and the company's network, the malware stays off the end user's PC and the company significantly reduces its attack area by shifting the risk to server divisions that can be easily rebooted every browsing session, or every opening of a new page.
Deception Technology - Deception technologies are defined by the use of tricks or tricks designed to impede or eliminate the attacker's cognitive processes, interrupt their automation tools, delay their activities, or prevent the failure from progressing. Fraud capabilities create, for example, deceptive vulnerabilities, systems, shares and cookies that, when triggered, start the invasion, as a legitimate user should not see or attempt to access them. Deception technologies are emerging for networks, applications, endpoints and data with the best systems combining various techniques. Gartner predicts that by 2018, 10% of enterprises will use Deception technology tools and tactics against attackers.
Universal Security Services – The IT area and the Security departments of companies are being called on to extend their protection capabilities to operational technology and the Internet of Things (IoT). As such, new models must emerge to deliver and manage reliability at scale. Security services must be designed to elevate and support the needs of billions of devices. Companies looking for large-scale distributed reliability should focus on delivering security, data integrity, confidentiality, and device identity and authentication. Some leading-edge approaches use distributed reliability and lock chain architectures to manage data integrity on a large scale.
EN 
PT 
