Sergey Nivens - Fotolia
Published: 10 May 2016
The game plan is set: Your company will undergo a digital transformation. The next-generation architecture has been redesigned to focus on supporting cloud-native, mobile-enabled applications. And lean, agile, and business-aligned are the new buzzwords. But what does all this mean for security? The traditional notion of a security perimeter -- a contained environment that can be protected -- is dissolving. How can security professionals move forward to protect this next-generation enterprise, even as it's becoming more nimble, more open and more distributed?
What security perimeter?
Leading-edge security organizations have been grappling with the network's vanishing security perimeter, and related issues, for the past several years, and they're seizing on a set of next-generation security technologies that are rapidly becoming the cornerstones for the new digital enterprise. These are sometimes termed bellwether technologies because the deployment state of these technologies serves as a good measure of how mature a company's thinking is when it comes to security.
In a recent benchmark study, Nemertes Research quantified the maturity of a group of select security organizations. Then they subdivided the group into more mature and less mature, and looked for differences in technology deployment.
Nemertes found that more mature organizations were significantly more likely than the group overall to deploy these bellwether technologies. These technologies typically deliver a strategic advantage to companies that deploy them, either by delivering unprecedented capabilities (i.e., enabling the security teams to do something that previously couldn't be done) or by automating previously manual capabilities (i.e., dramatically reducing the effort, time and operational cost required to detect and mitigate a threat).
Bellwether tech for 21st century security
For security pros concerned about the increasingly hard-to-find network security perimeter, here's a look at eight key bellwether technologies -- what they are and how they work:
- Cloud Access Security Brokers (CASBs) are on-premises or cloud-based software tools that automatically detect cloud usage by employees, assess business and technical risk, and enforce security policies. Companies are moving increasingly to cloud services, and not all employees are waiting for IT's sign off before putting sensitive data in the cloud. CASBs can return control to IT without standing in the way of employee initiatives; these products come from vendors like Bitglass, Blue Coat, Microsoft and Skyhigh Networks. Companies with mature security organizations are three times as likely to be using CASBs as organizations overall.
- Endpoint security is software that protects endpoints from malware using a variety of mechanisms (such as microsegmentation and containerization). This technology goes far beyond the list-based or algorithmic protection the traditional antimalware software offers; it provides execution-level "virtual firewalls" around endpoint applications to ensure they can't behave maliciously. Endpoint security thus represents an architectural and technical "step function" increase over existing technology, and it aligns well with next-gen architectures that are typically based on the concept of virtualization. Companies like Bromium, CrowdStrike and Invincea make this software, and more mature companies are two-and-a-half times more likely to be using it than organizations overall.
- User Behavioral Analytics (UBA) is software that integrates multiple sources of data (logs, SIEM and analytics platforms such as Splunk) to capture and display anomalous behavior of users, devices and systems. UBA tools provide proactive protection against attacks. There are a host of vendors with products, including Bay Dynamics, Gurucul, Exabeam, Splunk/Caspida; more mature companies are three times more likely to be using UBA.
- Automated application security testing tools include static application security testing (SAST), dynamic application security testing (DAST), interactive application security testing (IAST), and runtime application security testing (RAST). They're key to implementing next-generation development methodologies like Agile and DevOps. Providers include Contrast, HP/Fortify and Veracode. Sophisticated security organizations are almost twice as likely to be using these tools.
- Risk management software automated the process of translating information security vulnerabilities into business risk. These products come from vendors like Archer, IBM, MetricStream and RiskVision. Mature security organizations are 30% more likely to be using them than organizations overall.
- Threat, compliance and risk (TCR) networks (also known as threat intelligence networks) are subscription-based services that provide users with real-time insight into the emergence of threats. They come from vendors like Anomali, Cyveillance, Dell SecureWorks and Symantec. More mature companies are 60% more likely to be using them than companies overall.
- Managed and professional services include all third-party services that review logs, manage security equipment (e.g., firewalls) or conduct assessments and testing (e.g., penetration testing). Companies that provide these services run the gamut from Ernst & Young, which is famous for its pen testing, to carriers like Verizon and AT&T. And specialized security firms too numerous to list here also show up.
Strictly speaking, these aren't "technologies" -- nor are they necessarily "bellwether," as mature organizations are as likely to use them as organizations overall. But they're important to consider because they are increasingly useful in offloading routine or repetitive work from security professionals. However, more mature companies were, unsurprisingly, more likely to take advantage of more sophisticated services.
- Automation encompasses the use of tools and technologies (both third-party and homegrown) to automate security processes. Once again, this isn't strictly speaking a technology, and it's not possible to list vendors, since every security tool includes some form of automation. But in practice, mature security organizations are more than four times as likely as organizations overall to be in the process of fully automating key business processes, as opposed to having a limited-to-nonexistent emphasis on automation.
This isn't a comprehensive list of technologies that security organizations deploy -- there are many others that are equally critical. Nor is every technology right for every organization. Nor is it the case that every company must deploy these technologies or risk stagnating at a lower maturity level. Some companies, for instance, may have few to no employees outside the firewall, making the concept of endpoint security less relevant.
But at a bare minimum, security professionals concerned with the network's security perimeter should be aware of these bellwether technologies and the advantages they can provide -- and a have a go-forward plan for evaluating them and deploying them if and when the time is right.
About the Author
Johna Till Johnson is CEO and Senior Founding Partner of Nemertes Research, where she sets research direction and works with strategic clients. She served as CTO at Greenwich Technology Partners, an infrastructure consulting and engineering firm; headed the Global Networking Strategies Service business unit of META Group; and oversaw the lab-testing program at Data Communications magazine. She holds a Bachelor of Science in electrical engineering and computer science (BSEE/CS) from Johns Hopkins University.
Read our CASB report from the 2016 RSA Conference.
Get more detail on RAST and DAST, from expert Gary McGraw.
What security tools are TechTarget readers investing in?
Where should you spend your cybersecurity budget now?