JANUARY 2017

These emerging tools and services promise to make a difference this year. Are they on your company’s list? >>

Powered by

Five Security Technologies to Watch in 2017

By Jaikumar Vijayan

Previous Next

Previous Next

DownloadDownload

RegisterRegister

SubscribeSubscribe

Previous Next

Previous Next

January 2017 2darkreading.com

Previous Next

Previous Next

DownloadDownload

RegisterRegister

SubscribeSubscribe

Previous Next

Previous Next

These emerging tools and services promise to make a difference in 2017. Are they on your company’s list?

As enterprises prepare for another year of fighting against cyberattacks, their confidence in their defenses continues to wane. In a 2016 survey, 72% of IT security professionals attending the Black Hat conference said it is likely that they will have to respond to a major se-

curity breach in the next 12 months (see chart, p. 6). Nearly three-quarters said they don’t believe they have enough staff or budget to meet the threat (see chart, p. 7).

And so the search for technological solutions continues. After spending nearly $74 billion on information security products in 2016, analyst firm IDC estimates that businesses worldwide will spend even more in the coming year — and a staggering $101.6 billion in 2020.

Where will those dollars go? Much of the spending will be focused on securing new computing environments, such as cloud services and the Internet of Things (IoT), which present the potential for new

By Jaikumar Vijayan

Five Security Technologies to Watch in 2017

A Network Manager’s Guide to Ransomware

Content Spotlight

Provided by:

Previous Next

Previous Next

DownloadDownload

RegisterRegister

SubscribeSubscribe

Previous Next

Previous Next

darkreading.com

threats. Other investments are designed to help the enterprise integrate and harness its existing security technologies and data. And finally, most enterprises are looking for help with the IT security skills shortage, which has made it difficult for companies to hire all of the talent they need to meet the challenge ahead.

In this special issue of the Dark Reading Tech Digest, we take a closer look at five emerging technologies and services that enterprises are expected to invest in dur-ing the coming year: cloud access security brokers (CASBs); IoT security tools; security orchestration; threat intelligence platforms (TIPs); and third-party professional services.

Cloud Access Security BrokersEnterprises moving workloads to the cloud need a way to ensure their data is safe from unauthorized access, theft, and various other forms of compromise. They need visibility over all of their data and apps in the cloud; who’s using them, when, where, and how. Traditional security tools designed for on-premises use — such as network and web fire-walls, host-based antivirus, and file integrity monitoring products — are not agile enough to keep up with the cloud, where workers can

access enterprise data from anywhere at any time and with virtually any device.

Enter CASBs. Cloud access security bro-kers sit between your workers and the cloud services they are trying to access. They give you a way to enforce security policies by ensuring that all traffic from your end user devices — desktop, mobile, remote, and on-premises — is routed through what is essentially a central gateway.

A CASB gives administrators a way to in-spect all cloud-bound traffic for malware, data leaks, and signs of unusual activity, and to detect the use of unsanctioned cloud services by employees. These “cloud security gateways” can also be used to encrypt data while it is in transit to the cloud platform or while it is being stored there, and to decrypt it on the way back to the user. CASBs may

also be hooked directly to the application programming interface of software-as-a-service (SaaS) applications to monitor user activity and data in a cloud application.

Gartner defines CASBs as “on-premises, or cloud-based security enforcement points” that sit between cloud services consumers and cloud service providers. They can be used to enforce a slew of security policies, including those pertaining to user authen-tication, single sign-on, device profiling, en-cryption, malware detection, and alerting, Gartner observes.

“Any organization that is leveraging the cloud for consuming services through SaaS applications or delivering services through the cloud via infrastructure-as-a-service or platform-as-a-service should be using a CASB for visibility, compliance, data security, and threat protection,” says Rohit Gupta VP of product management at Oracle. Gupta is the founder of Palerra, a CASB technology vendor recently acquired by Oracle.

“Traditional security controls are gener-ally reactive and focused on protecting the front door to applications and data,” Gupta says. “These controls are absolutely impor-tant and required for a defense-in-depth

[ Five Security Technologies to Watch in 2017 ]

72% of IT security professionals said it is

likely that they will have to

respond to a major security breach

in the next 12 months.

— Black Hat Attendee Survey, 2016

January 2017 3

Ensure Your Communications and Collaboration Systems Are Secured Against Attacks

Modern communications environments can be a complex mix of technologies, from legacy PBX systems, UC platforms, and SIP trunks, to new API-enabled and sometimes browser-based real-time voice and video tools. There’s only one event that provides you with the in-depth, objective, vendor-neutral expertise to ensure your organization is safe from attackers, hackers, phreakers, and anybody else looking to do harm to or through your enterprise communications environment: Enterprise Connect Orlando, held March 27-30. Save $100 on Entire Event and Tue-Thu Conference passes or get a FREE Expo pass with Marketing Code: DARKREADING.

Previous Next

Previous Next

DownloadDownload

RegisterRegister

SubscribeSubscribe

Previous Next

Previous Next

darkreading.com

Previous Next

Previous Next

DownloadDownload

RegisterRegister

SubscribeSubscribe

Previous Next

Previous Next

model, but are often insufficient for today’s modern threats.”

Eric Andrews, VP of cloud security at Sy-mantec, says that for all the functionality delivered by CASBs, the technology can of-fer a lot more. “CASB is in its infancy,” he says. “Looking ahead, CASB solutions will evolve to apply state of the art security technolo-gies for malware analysis, sandboxing, ran-somware detection, enterprise-class [data leak protection], adaptive identity manage-ment, and encryption.”

Enterprises should also expect to see bet-ter controls for shadow IT cloud app usage and better integrations with endpoint tech-nologies, Andrews says. “We predict CASB will become a new central point of control and integration for the full stack of enterprise security technologies as they extend out from the enterprise to safeguard enterprise data assets and activity in the cloud,” he says.

IoT Connection Security IoT connection security is an emerging category of products that are designed to help enterprises detect, onboard, and monitor IoT devices for compliance with security policies. The need for such capa-bilities is becoming critical, as evidenced

by the series of massive distributed denial of service (DDoS) attacks in late 2016 that took advantage of tens of thousands of compromised home routers, webcams, and other IoT products.

Gartner has predicted that over the next few years, enterprises and consumers will connect a staggering 20.8 billion ‘things’ to the Internet, ranging from network-con-nected consumer products like smart re-frigerators and home security systems to industry-class systems such as IP-enabled sensors in manufacturing floors, smart ve-hicles, and medical devices. Based on the evidence from the 2016 attacks, it appears that a large number of these devices will have few security controls; many of them are protected only by default or hardcoded passwords and cannot be remotely patched or updated against security flaws.

“As we saw in the recent IoT DDoS attacks, many of these devices have poor built-in security,” says Manish Rai, VP of marketing at Great Bay Software, a company that spe-cializes in IoT connection security products, especially for the healthcare industry. “Re-source constraints on IoT devices, which are purposely built to solve specific problems at affordable price points, have led to security limitations like lack of support for 802.1X” network security standards, he says.

IoT devices often use older versions of op-erating systems with known vulnerabilities and little to no support for remote patching. While PCs, notebooks, and other conven-tional endpoint devices can be protected against threats via antivirus and antimal-ware tools, IoT endpoints rarely support the use of third-party security agents. Not sur-prisingly, many enterprises do not track all of the IoT devices on their network and don’t understand the risk they represent, Rai says.

IoT connection security products are designed to address these security challenges, including visibility, monitor-ing, enforcement, and onboarding. They can be used to monitor the behavior of any connected IoT device and to detect and flag behavior that is anomalous or

[ Five Security Technologies to Watch in 2017 ]

5 Steps to Implement an Effective Insider Threat

Detection Program

Content Spotlight

Provided by:

Traditional security controls “are

absolutely important and required

for a defense-in-depth model but

are often insufficient for today’s

modern threats.” — Rohit Gupta, VP of product

management, Oracle

January 2017 4

Previous Next

Previous Next

DownloadDownload

RegisterRegister

SubscribeSubscribe

Previous Next

Previous Next

darkreading.com

unexpected. For example, if the same device shows up in two different sub-nets, or if a printer that is not supposed to communicate over FTP suddenly begins to do so, there’s a good chance something is wrong, Rai says.

Traditional endpoint control tools, such as antivirus software, don’t work on IoT devices, which is why so many enterprises are interested in IoT connection security tools, adds Jamison Utter, VP at Senrio, IoT security tool vendor. IoT security tech-nology is “useful for nearly anyone,” Utter says. “Carriers need better protection and visibility into the home space. Home users need better privacy and safety from the devices they might be using. Enterprises need it more and more while they ex-pand and decentralize networks, from old model hub and spokes to mesh and cloud networks.”

In the short term, Utter says, expect to see IoT connection products integrate more machine learning and automation with existing network border controls. IoT connection monitoring features will likely begin to appear in home user equipment, carrier equipment, and enterprise tech-nology over the next two to five years, he predicts. Over the longer term, IoT devices will have additional code in their firmware, enabling machine analytics and device troubleshooting.

Security Orchestration and AutomationIf enterprises are having trouble securing their networks against new and emerg-ing threats, it certainly isn’t because they lack security tools. In recent years, the market for security products has been flooded with a dizzying array of tools and services designed to address an equally dizzying array of technology and busi-ness requirements. For many organiza-tions, the problem is not that they don’t have enough security tools but that they have too many. Most enterprises are looking for a way to manage the del-uge of data and alerts they receive from

this surfeit of security technology. Security orchestration tools are designed

to help address the situation by giving en-terprises a way to connect disparate secu-rity tools and bring their data together on a single console, improving threat detection and automated response. Many security automation and orchestration products use so-called “playbooks” to manage dif-ferent types of security incidents through their lifespan. Each playbook contains code and processes for detecting, analyzing, and responding to incidents — like terminating processes, disabling a user ID, or reimaging a firewall — in an automated fashion. By acting as a connective layer across security technologies, orchestration tools give ad-ministrators a way to automate responses to security incidents and reduce the time between threat detection and mitigation.

Security orchestration tools help address the problems caused by an overabundance of security alert data and the shortage of first responders, says Ryan Stolte, founder and CTO of Bay Dynamics. “The fundamen-tal issue is that we have got far too many problems or issues than we can reasonably deal with as humans,” Stolte says. “We have

[ Five Security Technologies to Watch in 2017 ]

IoT devices often use older

versions of operating systems with

known vulnerabilities and little to

no support for remote patching.

January 2017 5

Meet Security’s Best and Brightest

The brightest minds in security will return to Singapore for Black Hat Asia 2017. This four-day event will be held at the Marina Bay Sands and opens with two days of practical, hands-on Training courses March 28-29, followed by the Briefings, Business Hall, Arsenal, and more March 30-31. Register by January 27 to Save.

Previous Next

Previous Next

DownloadDownload

RegisterRegister

SubscribeSubscribe

Previous Next

Previous Next

Previous Next

Previous Next

DownloadDownload

RegisterRegister

SubscribeSubscribe

Previous Next

Previous Next

darkreading.com

got this wealth of information from this wealth of technologies that we have in-vested in over time.” But the information is rarely correlated, making it difficult to know the whole story of a compromise.

As attacks become increasingly auto-mated, organizations are under pressure to bring all their security data together and quickly boil it down to the threats that re-ally matter, so that they can be fixed quickly — and, when possible, automatically, Stolte says. “Security orchestration tools help pin-point and accentuate the things to look for. Instead of just saying this is a vulnerability, you can start triangulating things” and initi-ate responses automatically, based on the severity of the threat.

Oliver Friedrichs, CEO and founder of security orchestration startup Phantom, says there are four major factors driving interest in such tools: a massive shortage of people, too many security products, a lack of interconnectedness among the security tools, and the need for faster re-sponse times.

Policy automation and orchestration tools can help reduce response times to seconds instead of minutes and hours. But to be

able to benefit from them, an organization first needs to have the right security tools in place.

“You need to have something that pro-duces some kind of high fidelity informa-tion” that is actionable, Friedrichs says. Many organizations that are exploring the use of security orchestration tools already have robust security information and event management (SIEM) capabilities or a big

data analytics engine in place, he says. The effectiveness of orchestration and

automation tools depends largely on the number of security products with which they connect. With more than 1,500 ven-dors competing in the security market, any security orchestration tool must be able to work with a plethora of systems to be effec-tive, Friedrichs says.

According to estimates from Research and

[ Five Security Technologies to Watch in 2017 ]

How likely do you think it is that your organizationwill have to respond to a major security breachin the next 12 months?

Base: 250 respondents in 2016 and 460 respondents in 2015Data: UBM survey of security professionals, June 2016

I have no doubt that we will have to respond to a major incident in the next 12 months

Don’t know/not sure

It’s highly unlikely

It’s somewhat unlikely

It’s somewhat likely

It’s highly likely

15%

25%

32%

15%

7%

6%

January 2017 6

Previous Next

Previous Next

DownloadDownload

RegisterRegister

SubscribeSubscribe

Previous Next

Previous Next

darkreading.com

Markets, the market for security orchestration tools will grow from $826 million in 2016 to nearly $1.7 billion in 2021. Driving this de-mand are concerns over security breaches and trends like mobility and cloud deploy-ment, the research firm says.

Threat Intelligence Platforms Like security orchestration tools, TIPs are an emerging class of technology designed to help correlate security data and improve an enterprise’s ability to respond to new threats. But while security orchestration is focused primarily on data collected inter-nally, TIPs collect and correlate data from external sources of threat data as well.

Today’s enterprise has access to many “feeds” of threat data, ranging from public sources such as US-CERT to commercial collectors of information about current at-tacks and exploits happening on the Web. Enterprises can get reports on a wide vari-ety of potential security threats, including malicious IP addresses and URLs, mali-cious files, phishing sites, hacker groups, and zero-day vulnerabilities. But as with internal security data, many organizations are inundated with data from multiple

external threat feeds. The sheer volume of data often makes it hard for analysts to spot the threats that matter to their orga-nization so that they can apply the proper updates to their security controls. The situation is often exacerbated by the non-standard formats of threat intelligence data, the poor quality of some feeds, and the need to sift through and weed out du-plicative information from the feeds.

Threat intell igence platforms fi l l a gap between the hunters of security information and the detection platforms that monitor network activity, says Ryan

Trost, co-founder and chief technology officer at ThreatQuotient, a TIP vendor. “Historically, before intelligence platforms, the analyst effort was purely tactical, as each analyst would maintain a daily spreadsheet of the latest malicious indicators of compromise” and develop responses for them.

Besides being completely non-scalable and time-consuming, this manual approach also created pockets of intelligence across the security operations center, Trost says.

The value of TIPs lies in their ability to automate the ingestion of threat feeds and

[ Five Security Technologies to Watch in 2017 ]

Does your organization have enough security staffto defend itself against current threats?

Yes

What staff

No, we are completely underwater

No, we could use a little help

26%

55%

15%

4%

Base: 250 respondents in 2016 and 460 respondents in 2015Data: UBM survey of security professionals, June 2016

January 2017 7

See the Future of IT Come to Life

Attend Interop ITX 2017, the industry’s most trusted, independent conference for technology leaders. Join us May 15-19 at the MGM Grand in Las Vegas for five days of education on infrastructure, security, cloud, data and analytics, DevOps, and leadership and professional development. Uncover new solutions and services in our Business Hall featuring 100+ of the industry’s most innovative technology vendors.

Previous Next

Previous Next

DownloadDownload

RegisterRegister

SubscribeSubscribe

Previous Next

Previous Next

darkreading.com

Previous Next

Previous Next

DownloadDownload

RegisterRegister

SubscribeSubscribe

Previous Next

Previous Next

the distribution of the data to the detection platforms, Trost observes. They free the an-alyst to focus on higher-value tasks, such as maintaining a big-picture view of ad-versary efforts, instead of spending hours copying and pasting MD5 hashes from malware reports to their endpoint con-trols, he says. And because a TIP consoli-dates data into a single system, it allows analysts to collaborate.

Analyst firm IT-Harvest pegs the overall threat intelligence market in 2015 at $190 million and growing at 85% annually. TIPs accounted for $61 million of this figure, and the category is growing at 84% a year — more than three times the pace of the overall security industry.

Adam Vincent, CEO of TIP vendor Threat-Connect, says much of the growth is be-ing driven by the need for organizations to shorten detection and response times. The avalanche of data from external threat feeds and internal systems has overwhelmed many security organizations and made it harder for them to detect the threats that matter.

“One of the biggest security gaps is the time it takes to detect a threat and then act

on it,” Vincent says. “The deficit is currently measured in hundreds of days, and it has been growing.” TIPs eliminate the inefficien-cies that are created by fragmented people, processes, and technology, allowing secu-rity teams to quickly sort through massive amounts of data to identify, manage, and block threats faster, he notes.

Over the next few years, enterprises can expect to see TIPs improve their ability to view threat data. “In the past couple

of years, threat intelligence was only accessible to the largest organizations with very large security budgets,” Vincent says. TIPs are making it possible for more companies and agencies to start threat intelligence programs — either on their own or with the help of a managed secu-rity services provider, he adds.

Security Consulting and ServicesFor decades, firms like Ernst & Young,

How will spending on information security in 2016 compare with 2015?Security Spending

Base: 300 respondents in 2016Data: Dark Reading Strategic Security Survey of business technology and security professionals at organizationswith 100 or more employees

36%

46%

2%16% IncreaseDecrease

Don’t know

About the same

2016

[ Five Security Technologies to Watch in 2017 ]

January 2017 8

darkreading.com

[ Five Security Technologies to Watch in 2017 ]

Pricewaterhouse Coopers, KPMG, and Deloitte have provided audit, tax, and IT consulting services to organizations across industries. A growing number of firms — some new and some old — are attempt-ing the same model to deliver a range of consulting, assessment, and penetration testing services in the security space.

Driven by the shortage of security tal-ent, these services run the gamut of ca-pabilities, from helping organizations set up security programs to identifying gaps in existing programs and recommending ways to bolster security preparedness and meet compliance objectives. Orga-nizations can hire such services to help at an enterprise level, or even with indi-vidual projects. Often, such services are vendor-agnostic and focus on identifying problems, recommending actions, and monitoring ongoing issues. The actual implementation of any recommended ac-tion is left to the client.

“We see three main drivers increasing demand for security consulting services — compliance requirements, customer re-quests, and data breaches,” says Rob Ragan, managing security associate at security

consulting services provider Bishop Fox. Like some other companies in this space,

Bishop Fox has an assessment and penetra-tion testing practice that focuses on aspects of offensive security. For instance, one of its services is to run simulation attacks depict-ing real-world scenarios on client networks to help them identify weaknesses. Bishop Fox also maintains an enterprise security practice that focuses on different aspects of defensive security.

“As breaches become more of the norm, companies want a realistic view of the pos-sibilities,” Ragan says. “As a result, there’s growing interest in ‘red team’ simulations that model realistic threats — including social engineering attacks and denial of service simulations — that companies pre-viously used to avoid because of fears of disrupting their operations.”

From the defensive side, more companies are hiring third-party consultants to serve in chief information security officer and chief security officer roles, Ragan said.

Security consulting services help compa-nies prioritize the issues that matter, says Daniel Miessler, director of advisory ser-vices at IOActive, a provider of end-to-end

security consulting services that include penetration testing, code review, reverse engineering, and hardware assessments.

For example, some of the main uses of IOActive’s penetration testing services are to help organizations identify the effective-ness of their security controls and to give them actionable information on how to ad-dress and prioritize gaps.

“The recommendations collapse into the four or five most important things you need to do,” from hundreds of possible ac-tions, Miessler says. The goal is to give or-ganizations recommendations that remove the largest amount of insecurity and ensure the best possible use of an organization’s security team and infrastructure.

Gartner pegged the security consulting services market at $16.5 billion in 2015 and projects that it will grow at around 7.6% annually.

Jaikumar Vijayan is a technology writer with over 20 years of experience in IT reporting. He has covered in-formation security and data privacy issues, as well as a variety of other technology topics, including big data, Hadoop, IoT, e-voting, and data analytics. Write to us at editors@darkreading.com.

January 2017 9

Previous Next

Previous Next

DownloadDownload

RegisterRegister

SubscribeSubscribe

Previous Next

Previous Next