Gartner Security and Risk Summit; Cool Vendors

 

Hi All,

I know I promised a post on the insider threat and how to best manage the risk.. That is on it’s way, it’s a big topic!

In the mean time I attended the first day of the recent Gartner Security and Risk Management Summit earlier this week.

While not deeply technical or focussed on a specific risk topic, the presentation on their top 10 ‘cool vendors’ was quite interesting.  In a similar way to my recent ‘Innovative End User Technology Security’ post, this one will hopefully give you some new vendors to consider when solving issues for your business.

The Gartner definition of ‘Cool Vendors’ is that they are;

  • Technologies that help security leaders embrace;
    • New approaches to business enablement
    • New approaches to threat prevention
    • New responsibilities for IoT, OT and embedded systems
  • On the left of their own ‘hype cycle’

They must however be real vendors with solutions that are available today, not vapourware or soon to be released.

The recommendation is that action, even if it is just investigation and understanding, is needed today.  This is to help ensure the security of your organisation today and tomorrow.

Things you should be asking when looking at your organisations security architecture and defence in depth / diversity strategy;

What technology areas should information security invest in, to;

  • Protect digital assets from advanced and targeted threats?
  • More rapidly adapt to changing digital business requirements?
  • Support building a next-generation intelligent SOC capability?

Which interesting vendors and solutions should be investigated in order to achieve these goals?

The presentation split the ‘cool vendors’ into 10 categories across 3 groups;

  1. Threat Facing
  2. Enablement and Access Facing
  3. Intelligence-Driven SOC

 

  1. Threat Facing

These are technologies primarily aimed at detecting or preventing malware and attackers.

EDR – Endpoint Detection and Response

New solutions that aim to respond to advanced attacks that evade traditional endpoint protection solutions.  If you know compromise is inevitable and are looking at ways to improve your end point protection companies in this space should be considered.

Example players in this space include;

  • Tanium
  • CounterTack
  • Carbon Black
  • Cisco
  • FireEye
  • Cybereason
  • CrowdStrike
  • RSA
  • Ziften
  • Triumfant
  • Confer
  • Bromium
  • Invincea
  • Symantec
  • Intel
  • Trend Micro

Non Signature Approaches for Endpoint Prevention

Solutions that use technologies such as machine learning, exploit prevention and memory injection prevention.  The aim of these is to supplement or replace traditional signature based / ‘heuristic’ anti malware solutions.  Another possible application is where project to implement timely patching and maintenance of systems have stalled and compensating controls are required.

Example players in this space include;

  • Cylance
  • Palo Alto Networks
  • SentinelOne
  • Morphisec
  • Bromium
  • Deep Instinct
  • Invincea

Remote Browser

These are solutions that separate the browser function from the local desktop.  The premise being that a lot of attacks originate from malicious or compromised sites on the internet.  If you can separate the browser into a secure environment and effectively just send a video and audio stream to the desktop you can prevent these attacks.  This is the category that the Garrison solution I previously wrote about fits into.

Example players in this space include;

  • Spikes Security
  • Menlo Security
  • Light Point Security
  • Authentic8
  • Fireglass

Microsegmentation and Flow Visibility

These solutions can provide visibility can control of east-west traffic flows across the enterprise.  The aim of this is to detect and prevent lateral movement of attackers or malicious users across the network.

Example players in this space include;

  • VMware
  • Cisco
  • Illumio
  • vArmour
  • Trend Micro
  • Catbird
  • CloudPassage
  • GuardiCore

Deception

Technologies designed to device attackers into thinking closely monitored security systems are real business systems hosting data they would want to access.  These have been around for a long time and are often referred to as ‘honeypots’ or ‘honey nets’.  Recently some technologies have become a lot more mature and realistically deployable.  Businesses are also increasingly understanding the need for more advanced security solutions.

Example players in this space include;

  • Attivo Networks
  • TrapX Security
  • Cymmetria
  • GuardiCore
  • illusive networks
  • Javelin Networks

 

2. Enablement and Access Facing

Cloud Access Security Brokers (CASB)

The aim of these solutions is to provide a single point of control for cloud use in the organisation.  These can detect, control and apply various security functions such as access control lists and encryption to cloud use.

Example players in this space include;

  • Skyhigh Networks
  • Netskope
  • CipherCloud
  • Microsoft (Adallom)
  • CloudLock
  • Blue Coat (Elastica, Perspecsys)
  • FireLayers
  • Palerra

User and Entity Behavioural Analytics

No presentation this year would be complete without a mention of behavioural analytics of some sort!

The aim or user and entity behavioural analytics is to analyse and correlate user behaviour across systems and networks for indications or malicious behaviour.  This is in order to detect things like compromised accounts or malicious insiders.

Example players in this space include;

  • Securonix
  • Gurucul
  • Fortscale
  • Splunk
  • Niara
  • Interset
  • E8 Security
  • LightCyber
  • Microsoft
  • Rapid7
  • Exabeam
  • Forcepoint
  • Bay Dynamics
  • BottomlineTechnologies
  • CynetSystems
  • DtexSystems

Pervasive Trust Services

This is a particularly interesting area.  These are trust services that are designed to scale to cover billions of devices, including IoT devices that may have limited processing capability.

This requires a fundamental paradigm shift to the web of trust model with distributed consensus.  We must realise trust is shades of grey, not the traditional yes / no authentication.  If the trust is higher than the risk, proceed.

This is another area I’m likely to write up in more detail as it is an exciting space.  Likely to become a lot more relevant as IoT grows, and also as regulations like PSD2 / GDPR come into play that require more identification and authentication for every payment.

Example players in this space include;

  • Certes Networks
  • CSS
  • ForgeRock
  • ARM Holdings (Sansa Security)
  • Guardtime
  • HyperledgerProject
  • Tyfone

Security Testing for DevOps

Tools and solutions that enable the integration of security testing into the automated DevOps workflow.  This enables secure development and applications, without adversely impacting delivery timelines.

Example players in this space include;

  • Hewlett Packard Enterprise(HPE)
  • IBM
  • Veracode
  • Amazon
  • Contrast Security
  • Synopsys (Quotium)
  • Immunio
  • SecuPi
  • Sonatype
  • Black Duck

3. Intelligence-Driven SOC

These are solutions that aim to provide greater intelligence and orchestration to the SOC (Security Operations Centre) in order that it can scale and spot the key security events.  These tools also enable greater use of threat intelligence feeds to support the SOC.

Example players in this space include;

  • CyberSponse
  • Hexadite
  • I.D. Systems
  • Phantom Cyber
  • Swimlane
  • IBM (Resilient Systems)
  • FireEye (Invotas)

 

I hope this has provided a useful overview of some key areas you should be thinking about in your security strategy.  The companies to look into are a mix or new players and more established companies trying to get into new areas either via development or acquisition – as always interesting times in the security space!

Many of these, especially areas like behaviour analytics and trust are getting a lot of hype, so be prepared for questions from your more security aware board members!

Feel free to ask any questions you have.

K