GARTNER:2016 Ten years of information security technology (including interpretation)

Source: Internet
Author: User
Tags devsecops

At the end of the 2016 Gartner Security and Risk Management Summit, the 2016 Ten Information Security Technology (HTTP://WWW.GARTNER.COM/NEWSROOM/ID/3347717) was released. The 10 major technologies mentioned here have been described in detail in previous reports. The 10 major technologies are:

1) Cloud Access Security agent (CASB): CASB equivalent to an application proxy security gateway, securely connect users and multiple cloud service providers, belonging to the scope of cloud security identity management. This is Gartner's technology for cloud computing security, with a number of special reports and frequent customers of hype cycle, which is not much to say. Note: CASB is rare in China, it may be related to the level of cloud computing development in China, especially the SaaS is still in embryonic stage.


2) terminal detection and Response (EDR): This technology was ranked in 2014. Gartner also has a dedicated analysis report, which is listed in one of five ways to detect advanced threats. The EDR tool typically records a large number of terminal and network events and stores the data in a terminal local or centralized database. This data is then performed on IOC, behavioral analysis and machine learning to continuously analyze the data, identify information leaks (including internal threats), and respond quickly to attacks. "Note: EDR in the country is also gradually in the trend, this year RSA Conference on a startup company showed this kind of products"


3) Terminal Defense technology based on non-signature method : including memory protection technology and exploit blocking technology, used to block the common channel of malicious code into the system, using mathematical model to construct malicious code blocking technology based on machine learning. "Note: This is the existing terminal management technology, terminal Anti-virus technology Upgrade"


4) User and Entity behavior Analysis (UEBA) technology : Ueba is a hot spot in security analytics, user-centric analysis of user behavior, as well as analysis of the behavior of other entities such as endpoints, networks, and applications. Furthermore, correlating these entity analyses can make the results more accurate and threat detection more effective. "Note: Ueba is a breach of the current security analysis, there have been a large number of such professional companies, there has been a large number of such mergers and acquisitions, Gartner in 2015 has a special market guidance report. As shown in the "

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/82/DB/wKioL1dismyjK8YZAAQPx5kzarc879.png-wh_500x0-wm_3 -wmp_4-s_312089206.png "title=" 1.png "alt=" Wkiol1dismyjk8yzaaqpx5kzarc879.png-wh_50 "/>

In that report, Gartner said that the current Ueba global market size of about $50 million, but the growth rate is obvious, mergers and acquisitions frequently. The report presents 4 scenarios for Ueba, including large-scale security management, data leakage, IAM, and internal threat analysis. I also spoke at the annual meeting of the Institute of Electrical Engineering in 2015 and had the opportunity to share it later. This module was released by our team in the 2014 on the pipe platform.


5) micro-isolation and flow visibility (Visibility) technology : In a broad sense, micro-isolation is a finer-grained network isolation technique that is designed to block the horizontal translation (or move) of an attack after it enters the corporate network. Flow visibility technology enables security operations and managers to see the flow of internal network information, enabling micro-isolation to better set policies and assist in rectifying corrections. In addition, some vendors provide traffic encryption options for data transfer between different workloads. Note: In practice, micro-isolation is primarily used for security in cloud computing environments, especially for the security of traffic to and from the cloud. Also, the flow here is flows, not traffic (traffic), there are a lot of people convection and traffic is not clear. Our team made the Stream Analytics module in 2011, and in 2014 released a popular analysis module for the internal network "


6)DevOps Security Testing Technology : Security must be an essential part of DevOps, known as Devsecops. Gartner also has a special report on this. It uses a security approach driven by models, blueprints, templates, toolchain, and more to self-protect the development and operations process, such as application testing at development, runtime application testing, development/Pre-launch security vulnerability scanning. It is an automated, transparent, compliant, policy-based approach to the configuration of the underlying security architecture. "Note: I also with Ali's Blackscreen consulted this aspect question, Ali's Cnbird also is engaged in this aspect the work." Blackscreen believes that the core of devsecops is the automated continuous monitoring and response of script-based (application-wide lifecycle). such as

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/82/DB/wKioL1diuCiRomcBAAEkNDMI3zs166.png-wh_500x0-wm_3 -wmp_4-s_622749780.png "title=" 2.png "alt=" Wkiol1diuciromcbaaekndmi3zs166.png-wh_50 "/>

This involves a very important technical--rasp (runtime application Self-protection), and Gartner has a special explanation for this. In addition, there are people in the industry to separate Devsecops and Secdevops to express.


7) intelligence-driven Security operations center and Orchestration Solution Technology : intelligence-driven SoCs transcend traditional border defense technologies and event-based monitoring technologies. ISOC must be intelligence-centric, using adaptive and situational-aware technologies to address the challenges of the new "detection and response" era. In the process of moving towards ISOC, automation and choreography are key enabling technologies for the ISOC process to be landed. "Note: There is no doubt that ISOC is my focus, Gartner has specifically launched a special report, I also analyzed (http://yepeng.blog.51cto.com/3101105/1718678). ISOC can be understood as an intelligence-driven, intelligent Soc, and its core features are:

    • Operational threat intelligence on strategic and tactical

    • Bring security intelligence to the ground with advanced analytics

    • Automation to the best of our ability

    • Hunting and investigation (detection and hunting)

    • Deploy an adaptive security architecture

Automation Orchestration Technology is needless to say, this year's RSA Conference on the Innovation Sandbox link, phantom rob the limelight, triggering a ripple in the country. In recent mergers and acquisitions, the technology has also been highly sought after by the capital. 】


8) Remote browser technology : "Note: This technique is more interesting" since browsers tend to be the portals of attacks, someone deploys the browser to a remote browser server pool (usually Linux-based). Users use these remote browsers for Web page access. As a result, these browsers are located in a server that is isolated from the terminal and network in the environment where the user resides. As a result, the exposed surface of the customer's network is greatly reduced, and the risk is shifted to the browser server pool. In the browser server pool, you can implement special security protection and control. Further, this browser server pool can be packaged as a cloud service (SaaS) and, of course, can be run on the isolated client side. "Note: Imagine that the browser page that the customer sees is an image, a bit like a virtual desktop feel. This technology must address a range of issues that users interact with the browser, such as downloading files, uploading information, copying and pasting locally, and so on. 】


9) Camouflage technology : The essence of this technology is targeted to the attacker's network, application, terminal and data camouflage, deceive attackers, especially the attacker's tool in the various features identified, so that those tools to fail, disturb the attacker's vision, to introduce it into a dead end, delay the attacker's time. For example, you can set a pseudo-target/decoy to trick an attacker into attacking it, triggering an attack alarm. Gartner predicts that by 2018, 10% of companies will use such technologies to proactively confront hackers. "Note: Information camouflage, network camouflage, host camouflage and so on technology has been around for a long time, this technology is typically extended from the military field, threat intelligence is also." This kind of technology belongs to the category of active defense technology, and it is also an embodiment of active defense and positive confrontation thought. The ultimate goal of this idea is not to stop any attack, but to delay the attack as much as possible, delaying the attacker's time, in order to buy time to find a solution. Network defense is often a time to seize the battle, who get more time, who will be more likely to master the initiative of Confrontation , and master the initiative means more likely to win the confrontation. I interviewed in April last year, "Big data analysis-information security next stop" in the article "Defensive thought Change" part of the special interpretation. 】


(pervasiveTrust Services) technology : In the area of OT and IoT (ie, industrial and Internet of Things) security, new security models must emerge, Trust configuration and management for scale-up (for example, 1 billion-scale devices). This large-scale trust service includes security pre-configuration, data integrity and privacy, device identity and authentication services. Some of the most advanced methods also use distributed trust architectures and blockchain-like architectures to manage large-scale distributed trust and data integrity.


"Finally, we're looking at these 10 technologies, what have we found?" Don't see big data, threat intelligence, what are the hottest technologies in the country today? Yes, these are the top ten technologies of the 2014, and threat intelligence is no longer presented separately (into the ISOC). Domestic speculation in the time, foreign countries have begun to fall! 】

is the top ten information security technology of the 2014 (my blog was written in 2014):

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/38/18/wKiom1OykhyjIT3uAAHYXHCEUT0764.jpg "title=" QQ picture 20140701184307.jpg "alt=" Wkiom1oykhyjit3uaahyxhceut0764.jpg "/>

What else did you find? CASB and EDR continuously ranked? Is it the manufacturers that don't give the power? Or is the customer not buying it? Or did Gartner look wrong? Or these two things are cows? Anyway, Gartner decided to be very good!

Well, don't be sad, do it quickly! Speaking of better to do!


Reference

Gartner: Five characteristics of intelligent soc/intelligence-driven SOC

Big Data Analysis--Information security next stop


GARTNER:2016 Ten years of information security technology (including interpretation)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.