Gartner has revealed what it predicts to be the top information security technologies in 2017 that may stave off attacks.
Gartner VP Neil MacDonald says that threat levels towards enterprise IT continue to stay at high levels, as must the protection against those threats.
Those threats and top areas for protection provide opportunities for managed security service providers and the channel as enterprises continue to defend their operations.
Amongst the top technologies are cloud workload protection, remote browsing, network traffic analysis and microsegmentation, and container security.
"Security and risk leaders must evaluate and engage with the latest technologies to protect against advanced attacks, better enable digital business transformation and embrace new computing styles such as cloud, mobile and DevOps," MacDonald says.
Below is the full list of Gartner's top security technologies.
Cloud workload protection platforms
According to Gartner, modern data centres offer workload support across multiple infrastructures including physical, virtual, containers, private and public cloud.
The company believes that hybrid cloud workload protection platforms are able to provide integrated security for workloads through a single management console and one way to express security policy, no where the workload is.
Gartner says that almost all successful attacks come from public internet and browser-based attacks. Isolation technologies can separate the browsing function from the malware, reducing the organisation's surface attack area. This shifts risk to server sessions, which can be reset to working and known states on every new browsing session, tab opened or URL accessed, Gartner explains.
Deception technologies are able to use decoys and trickery that can hijack an attacker's methods, tools, delay activities and detect attacks. Gartner says that deception technology can be used behind an enterprise firewall through multiple stack layers, providing better attack detection at higher confidence levels.
Endpoint detection and response (EDR)
EDR solutions are able to complement solutions such as AV for indication of unusual behaviour and malicious intent. Gartner predicts that 80% of large enterprises, 25% of midsize firms and 10% of SMBs will use EDR in some way.
Managed detection and response
Provided by specialist managed detection and response providers, these services deliver better threat detection, incident response and continuous monitoring for customers. This is gaining ground in the SMB and small enterprise space.
"MDR services hit a "sweet spot" with these organisations, due to their lack of investment in threat detection capabilities," Gartner states.
Once attackers are in a system, they can move laterally and take over multiple systems. Microsegmentation within data centres is able to limit damage from breaches by isolating and segmenting data.
Network traffic analysis
These tools can monitor network traffic, flows, connections and objects for indicators of malicious activity. Gartner says that it is useful for organisations that wish to take a networked-based approach to security to identify attacks that have made it past the firewall.
Cloud access security brokers (CASBs)
CASBs deal with security resulting from mobile and cloud service usage. These allow for a single point of control for concurrent and multiple clous services for every user and device. Gartner says this area is growing, particularly as SaaS, privacy and compliance concerns call for better cloud control and visibility.
OSS security scanning and software composition analysis (SCA) for DevSecOps
Security controls can be automatically incorporated without manual input through a DevSecOps process, but those controls must also be transparent to DevSecOps teams. If they aren't, they may impede agility. They must also confirm to legal and regulatory compliance requirements and manage risk.
"Software composition analysis (SCA) tools specifically analyse the source code, modules, frameworks and libraries that a developer is using to identify and inventory OSS components and to identify any known security vulnerabilities or licensing issues before the application is released into production," Gartner states.
As they are currently built, containers use a shared operating system. Any breach against the host operating system could expose all containers. Developers are often deploying containers in an insecure manner with little guidance from security teams. On top of that, traditional security solutions do not recognise containers.
Gartner says that container security solutions are able to protect containers' entire life cycle from creation and production, while providing scanning and monitoring tools.
Software-defined perimeters (SDPs)
These define a logical set of disparate network-connected participants within a secure computing environment. They may not be publicly discoverable and may be restricted to access through a trust broker. By the end of this year, 10% of enterprise organisations will use SDP to isolate sensitive environments, Gartner predicts.