10 Emerging Security Technologies Gaining Interest, Adoption12:00 PM EST Mon. Jun. 17, 2013
Gartner forecasts the security technology and services market to reach $67.2 million in 2013, up 8.7 percent from 61.8 billion in 2012. The market is expected to grow to more than $86 billion by 2016. The growth is partly due to interest in a new set of emerging security technologies and a return of more capable defenses that address mobile security, authentication weaknesses and threats to data in the cloud.
At the 2013 Gartner Security and Risk Management Summit, chief security officers and Gartner analysts described to CRN the new areas gaining interest. From new antimalware technologies designed to identify sophisticated attacks to application containers made to keep threats from gaining access to sensitive business data, a whole new line of technologies are being evaluated and adopted. Here are 10 security areas that are quickly gaining industry interest, as well as the solution providers that are paving the way.
IT teams are rapidly learning that applying controls to an employee's personally owned device is not easy, according to Gartner. To address the bring-your-own-device phenomenon, security is moving to the application level. Several vendors, including Good Technology, Mocana and Apperian offer application containers or wrappers that enable businesses to extend security controls to the individual mobile app.
Browser components are getting their own sandbox, so why shouldn't browsers or commonly used applications? Fairfax, Va.-based Invincea uses virtualization and a lightweight Windows app to move Web browsers, PDF readers, Office suite and executable files into a secure virtual container. Attacks are contained and uploaded to either an on-premise appliance or Invincea's cloud-based service.
Cupertino, Calif.-based Bromium is also gaining interest with its hardware isolation, providing a microvisor that isolates system processes. Although it currently only supports systems running the Intel i3, i5, i7 processor, analysts at the summit were praising the product.
Security experts are recommending businesses consider detection, containment and analysis capabilities when it comes to attacks. Put simply, prevention isn't working. For that reason, Milpitas, Calif.-based FireEye has been gaining the attention of businesses because its platform no longer relies on signatures to detect attacks, according to Gartner. The virtual machine-based security platform sits inline and tests suspicious files in a virtual sandbox. Additionally, Cupertino, Calif.-based Taasera sells a virtual appliance that looks for early behavioral evidence of malware. Some network appliance makers are making advances as well. Finnish firewall maker Stonesoft, recently acquired by McAfee, uses a detection engine that looks for malware using anti-detection techniques.
The mobile device management market is predicted to come to an end, according to Gartner analyst John Girard. But, the MDM market is experiencing growth mainly from vendors that sell cloud-based MDM. It's more cost-effective, according to Gartner. A few vendors that deserve a look, according to analysts at the show, are Fiberlink, AirWatch, BoxTone and Citrix XenMobile. Gartner recommends that organizations evaluating MDM vendors look to whether they provide mobile application management capabilities or application containers.
Crowdsourcing has proven successful for organizations or individuals seeking assistance on a project from a larger group of people. Some technology vendors are applying it to security. Santa Clara, Calif.-based Palo Alto Networks has been gaining attention with the crowdsourcing capabilities associated with its network security appliances. The company's Wildfire platform uses a cloud-based malware analysis environment that shares threat information with all subscribers to the service. Columbia, Md.-based Sourcefire sells its FireAmp appliance line with crowdsourcing antimalware capabilities.
The Verizon Data Breach Investigations Report points out that vulnerability management and configuration weaknesses are common targets of attackers. Security software vendors are now offering cloud-based software security scanning services in hopes the message will sink in among small and midsize businesses. To meet those needs, Santa Clara, Calif.-based WhiteHat offers Sentinel for SaaS-based Web application scanning. Meanwhile, Burlington, Mass.-based Veracode sells a SaaS-based application code analysis service and is seeking channel partners. Industry analysts say the cloud-based services are increasingly used by businesses that don't have the deep pockets to invest heavily in a software security program.
Account credentials have become more expensive on the black market than credit card numbers, according to security researchers. Employees use weak and duplicate passwords for online services and access to corporate systems. The scourge of password breaches has renewed interest in two-factor authentication. RSA, the security division of EMC Corp., sells hardware tokens used by a range of organizations, from large defense contractors and government agencies to biotechnology firms and pharmaceutical manufacturers. Other popular vendors include Amsterdam-based Gemalto and Belcamp, Md.-based SafeNet, according to Gartner.
Targeted attacks designed to steal intellectual property have been gaining attention of security researchers. Comprehensive risk assessments should give organizations a clearer picture of the attackers that may have an interest in the company's sensitive business data. Part of the process includes identifying and classifying data within the organization, according to penetration testers and consultants who help businesses with assessments. On the technology front, an emerging vendor set on identifying an organization's threat actors and taking a more proactive approach is Irvine, Calif.-based CrowdStrike. The firm is introducing its cloud-based Falcon platform that claims to provide attribution on attackers. Meanwhile, San Francisco-based Mykonos Software offers an appliance to profile attackers, fingerprinting cybercriminals based on their intent and skills and injecting the attack platform used with a token to block future attacks.
In its 2013 Technology Vision document, management consulting firm Accenture said identity and access management systems are being updated to include better ways to authenticate users and authorize them to use systems based on their location, time of day and other factors. Systems that can put login attempts in context and make risk-based decisions based on certain behaviors could help thwart attackers using stolen account credentials, Accenture said. The systems are more complicated, but can build end-user profiles based on their daily activities. For example, an employee that rarely travels and suddenly attempts to login from a location in India would be challenged by the system.
Honey Pots have been around for years, but security experts say the technology is being made more widely available in an attempt to thwart attackers. Decoy documents and bogus systems can be set up to make attacks take longer, providing a greater chance detection systems will trigger. Accenture cited two firms, New York City-based Allure Security Technology, which uses decoy documents to track attackers, and Tempe, Ariz.-based DataSoft, which offers a device that denies an attacker access to real network data, instead of revealing bogus network information.