santiago silver - Fotolia
When it comes to cybersecurity, what differentiates highly successful enterprise technology organizations from their less successful counterparts can often be found in the metrics. Extremely effective cybersecurity organizations can detect a potential attack, determine whether it is or isn't an attack, and contain the damage in a matter of minutes. Less-successful organizations can take days to weeks to do the same.
To find out why some cybersecurity teams are so much more successful, it's also important to look at what technologies these enterprises use.
Cybersecurity technologies used by successful cybersecurity teams are likely to be in widespread use in the next few years. The bellwether technologies discussed below are often indicators of what's to come.
Advanced endpoint security's step up
One such bellwether cybersecurity technology is advanced endpoint security (AES). AES is software that protects endpoints from malware using a variety of mechanisms -- typically containerization or microsegmentation. AES represents an architectural step function increase over older whitelist- or blacklist-based antimalware and aligns with key strategic initiatives, such as zero-trust security.
Advanced endpoint security doesn't directly affect operational security metrics in terms of how quickly organizations can detect attacks and contain them, but it can harden endpoints against potential attacks.
AES providers include specialty companies like Bromium, CrowdStrike, Sophos/Invincea, Tanium and Carbon Black. More mainstream providers, such as Trend Micro, McAfee, Symantec and Microsoft, are also beginning to implement AES.
Behavioral threat analytics reduce time to understand
Another bellwether technology is behavioral threat analytics (BTA). As the name implies, BTA software integrates multiple sources of data, such as logs, analytics platforms like Splunk, and SEIM -- to capture and display anomalous user, device and system behavior.
BTA can dramatically reduce the time required to understand whether something is or isn't an attack, enabling security analysts to focus their efforts on a real threat rather than a red herring.
Providers of BTA tools include Bay Dynamics, Gurucul, Exabeam and Splunk/Caspida.
The bottom line on improving cybersecurity
If you're seeking to improve the success of your organization's cybersecurity initiatives, investigate the following technologies that correlate to better metrics to pinpoint attacks and contain the damage:
- Advanced endpoint security.
- Behavioral threat analytics.
- Cloud security -- including CASB, cloud DLP and single sign-on as a service.
- As for risk dashboards, consider investigating your options, as they will likely correlate with cybersecurity success in the future.
Trio of cloud-based apps and resources
Successful cybersecurity teams are taking the lead on securing cloud-based applications and resources. A trio of cloud-related cybersecurity technologies is among the bellwether technologies they use: cloud access security brokers (CASB), cloud digital loss prevention (DLP) and cloud-based single sign-on as a service. CASB is an on-premises- or cloud-based software tool or service that automatically detects cloud usage by employee, assesses business and technical risks, and enforces policies.
Providers of these cloud tools include Bitglass, Blue Coat/Symantec, Microsoft and Skyhigh Networks.
As the name implies, cloud DLP is software that protects cloud-based files and data from unauthorized access, and it provides an automated login trail to show who has accessed data and when. Cloud DLP providers include many CASB providers, as well as GTB, CipherCloud and Vormetric.
Finally, cloud-based single sign-on as a service provides one-stop single-sign-on for on premises and cloud-based resources. These providers include Microsoft, Okta and Ping.
Risk dashboards moving up
Last but not least on the list of bellwether cybersecurity technologies are risk dashboards. These tools and technologies purport to translate cybersecurity risk into business risk.
Providers of risk dashboard technology include RSA Archer, Bay Dynamics, IBM, MetricStream and RiskVision. A range of consulting firms also offer several tools based on techniques developed by the Fair Institute, which specializes in the issue of risk quantification.
Interestingly, risk dashboards are the only tools that didn't correlate with success in Nemertes research. So why mention them? Our working hypothesis is that when this research was conducted in 2017 and 2018, the tools were too immature to deliver much value. But the more forward-looking companies are revisiting the issue of risk dashboards.
As you continue your cybersecurity work, keep a close eye on risk and risk dashboards and their place in cybersecurity technology success.