THE IT SECURITY TOOLS THAT YOU SHOULD BE PAYING ATTENTION TO

Security tools at the enterprise level are so much more than virus scanners and firewalls, and security professionals and chief security officers need to evaluate, deploy and manage technologies that include cloud access security brokers, endpoint detection and response tools, and security testing for DevOps.

BY GARY HILSON

 


GARTNER’S PETER FIRSTBROOK
Enterprise security invokes thoughts of dangers such as malware and ransomware that wreak havoc for employees and threat customer confidence. But in an era of cloud computing and pervasive SaaS adoption, security tools at the enterprise level are so much more than virus scanners and firewalls.

At its recent Security & Risk Management Summit, research firm Gartner outlined 10 tools and technology concepts that it feels are the most significant to enterprises this year, all a part of what Toronto-based Gartner Research VP Peter Firstbrook said fall under the umbrella of a digital risk strategy that an organization’s executive team and board of directors can under-stand and sign off on.

In the meantime, security professionals and chief security officers need to evaluate, deploy and manage technologies that include cloud access security brokers, endpoint detection and response tools, security testing for DevOps (DevSecOps), and pervasive trust services as they look for greater visibility and control.




MISSISSAUGA, ONT.-BASED CASB IS SLATED TO BECOME PART OF SYMANTEC
Cloud Access Security Brokers (CASBs) enable IT teams to identify shadow cloud apps, but also to apply policies to secure them. Depending on the service, a broker can give infosec pros the ability to encrypt data in transit, or replace data with a to-ken. In this day and age, it’s hard to find an organization that doesn’t have a least one employee who flaunted company policy by signing up for a cloud app. And because these apps store data in the cloud, they open vulnerabilities in cloud security.

Enterprises have a number of choices for CASBs, including Mississauga, Ont.-based Blue Coat (formerly known as Perspecsys Inc. and about to be acquired by Symantec.), as well as SkyHigh Networks, Netskope, Adallom, CloudLock, Zscaler, Actifio, Bitglass, and Trend Micro’s SecureCloud.




ENDPOINT DETECTION AND RESPONSE SOLUTIONS SUCH AS THOSE FROM SENTINELONE LEVERAGE SOPHISTICATED ALGORITHMS, MACHINE LEARNING AND ARTIFICIAL INTELLIGENCE TO DETECT UNKNOWN MALWARE
The most common way cyber attackers are able to breach enterprise networks is through endpoints, which are proliferating thanks to distributed and mobile computing. Traditionally, endpoints have protected through signature-based solutions from vendors such as Symantec, Trend Micro and McAfee, but it’s hard for them to scale and keep up with the staggering amounts of malware.

Enter the next-generation endpoint detection and response solutions, which eschew signatures and leverage sophisticated algorithms, machine learning and artificial intelligence to improve visibility, and detect and prevent infection, and while they may be just as effective as traditional anti-virus tools against known threats, their strength lies in proactively detecting un-known malware. There are plenty of vendors to choose from, some providing only detection, others offering response as well, including Bromium, Carbon Black, SentinelOne, CrowdStrike, Cybereason and Tanium. As of last November, Forrester was tracking as many as 50 new entrants in endpoint detection segment.

Meanwhile, this new detection and response paradigm have led to the advent of Intelligence-driven security operations centers (ISOCs), which are an evolution of traditional SOCs and provide an adaptive architecture and context-aware components.




ADALLOM LABS, WHICH WAS ACQUIRED BY MICROSOFT A YEAR AGO, USES UEBA TO ENSURE SECURITY AND VISIBILITY INTO ENTERPRISE USE OF SaaS APPLICATIONS
Other tools that are gaining traction as signature-based solutions fail to scale with the proliferation of endpoints and the malware that threaten them are user and entity behavioural analytics (UEBA). In a report released last September, Gartner predicted that over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve.

The research firm also predicts that by 2017, at least 20 per cent of major security vendors with a focus on user controls or user monitoring will incorporate advanced analytics and UEBA into their products. Some vendors, particularly those in the CASB space, already use UEBA functionality to ensure security and visibility into enterprise use of SaaS applications, includ-ing Adallom Labs, which has been acquired by Microsoft.




MICROSEGMENTATION AND FLOW VISIBILITY CAN DISCOVER INTRUDERS AND KEEP THEM FROM MOVING ESAT/WEST IN A SYSTEM
Microsegmentation is a more granular segmentation that can stop attackers who have already managed to gain access to a system from moving laterally to other systems. Once hackers gain access to a system, they use the access levels of a certain user to make lateral moves and ultimately wreak havoc. Microsegmentation coupled with flow visibility by using visualiza-tion tools allow security teams to understand flow patterns, set segmentation policies and monitor for deviations to halt this “east/west” movement.

An effective method to prevent or detect breaches is to envision a kill chain, which is a way to look at how hackers get into a system by compromising a privileged user and what they have to get what they want.




DevSecOps IS OFTEN DESCRIBED AS “SECURITY AS CODE” (Image from AWS re:Invent 2014)
Agile IT is having an impact on security. DevSecOps is the moniker for the marriage of DevOps and security, baking the latter into the workflow so it becomes less of a barrier to the organization and supporting iterative delivery of code and IT services. The goal of DevSecOps is to create a mindset that “everyone is responsible for security” so security decisions can be safely dis-tributed at speed and scale; DevOps and security teams are now actively collaborating as peers and reimagining how operations, engineering, and security can be brought together.

While a more agile approach to IT means the perimeter of the enterprise is more porous, it does create opportunities to improve security and enable new capabilities, such as micro-perimeterization of security controls and per-resource granular security policies, that can be used in complex environments and be operationalized like other DevOps tools such as monitoring and APM.




SPIKE SECURITY’S APPLIANCE PUTS THE BROWSER ON ITS OWN ISLAND OUTSIDE AN ENTERPRISE NETWORK SO THAT USERS ARE PROTECTED FROM MALWARE ATTACKS
Remote browsers are becoming an increasingly popular way to prevent against malicious malware delivered via email, URLs or websites by isolating the browsing function from the endpoint and corporate network. This is done by remotely presenting the browser session from an on-site or cloud-based “browser server.” The server sessions can be reset to a known good state, and this technique reduces the surface area for an attack, shifting the risk to server sessions.

Companies providing remote browser technology include Spikes Security and Fireglass through their threat isolation platforms.




SECURITY STARTUP TrapX’s DeceptionGrid PLATFORM PROTECTS AGAINTS MALICIOUS INSIDERS, LATERAL-MOVEMENT, AND ADVANCED PERSISTENT THREATS (APTs).
Deception tools use deceit or tricks to thwart attacks. The security team creates fake vulnerabilities, systems, shares and cookies to tempt attackers, but legitimate users won’t see or need access to the fake systems. When a real attack on these dummy resources occurs, the security team is alerted of a potential threat. One example of a response would be to send back fake passwords to a hacker. Deception technology has a led to a new category of emerging security startups.




PERVASIVE TRUST SERVICES CAN MANAGE THE NEEDS OF BILLIONS OF DEVICES AND ARE DE-SIGNED TO SCALE
With Internet of Things (IoT) devices expected to be everywhere and increasing dependency on operational technology, secu-rity models must evolve in tandem. Pervasive trust services can manage the needs of billions of devices and are designed to scale and can offer secure provisioning, data integrity, confidentiality, device identity and authentication.