The Internet of Things (IoT), encryption, and synthetic intelligence (AI) top the record of cybersecurity trends that distributors try to assist enterprises deal with, in response to a Forrester report launched Wednesday.
As extra and extra breaches hit headlines, CXOs can discover a flood of recent cybersecurity startups and options available on the market. More than 600 exhibitors attended RSA 2017—up 56% from 2014, Forrester famous, with a ready record rumored to be a number of hundred distributors lengthy. And greater than 300 of those firms self-identify as information security options, up 50% from only a yr in the past.
“You realize that finding the optimal security solution for your organization is becoming more and more challenging,” the report acknowledged.
In the report, titled The Top Security Technology Trends To Watch, 2017, Forrester examined the 14 most necessary cybersecurity trends of 2017, primarily based on the workforce’s observations from the 2017 RSA Conference. Here are the top 5 security challenges going through enterprises this yr, and recommendation for how you can mitigate them.
SEE: Network Security Policy [download] (Tech Pro Research)
1. IoT-specific security merchandise are rising, however challenges stay
The adoption of client and enterprise IoT gadgets and functions continues to develop, together with issues that these instruments can enhance an enterprise’s assault floor, Forrester stated. The Mirai botnet attacks of October 2016 raised consciousness about the necessity to shield IoT gadgets, and many distributors at RSA used this for instance of the threats going through companies. While a rising variety of firms declare to deal with these threats, the market continues to be underdeveloped, and IoT security would require individuals and insurance policies as a lot as technological options, Forrester acknowledged.
“[Security and risk] pros need to be a part of the IoT initiative and extend security processes to encompass these IoT changes,” the report acknowledged. “For tools, seek solutions that can inventory IoT devices and provide full visibility into the network traffic operating in the environment.”
2. Encryption of knowledge in use turns into sensible
Encryption of knowledge at relaxation and in transit has turn into simpler to implement lately, and is essential for defending delicate information generated by IoT gadgets. However, many security professionals wrestle to beat encryption challenges reminiscent of classification and key administration.
Enterprises ought to contemplate homomorphic encryption, a system that lets you maintain information encrypted as you question, course of, and analyze it. Forrester affords the instance of a retailer who might use this methodology to encrypt a buyer’s bank card quantity, and maintain it to make use of for future transactions with out worry, as a result of it could by no means have to be decrypted.
three. Threat intelligence distributors make clear and goal their companies
A powerful risk intelligence companion can assist organizations keep away from assaults and alter security insurance policies to deal with vulnerabilities. However, it may be troublesome to chop by way of the advertising and marketing jargon utilized by these distributors to find out the worth of the answer. At RSA 2017, Forrester famous that distributors try to enhance their messaging to assist clients distinguish between companies. For instance, firms together with Digital Shadows, RiskIQ, and ZeroFOX have embraced the idea of “digital risk monitoring” as a complementary class to the large “threat intelligence” market.
“This trend of vendors using more targeted, specific messaging to articulate their capabilities and value is in turn helping customers avoid selection frustrations and develop more comprehensive, and less redundant, capabilities,” the report acknowledged. To discover one of the best answer for your enterprise, you can begin by growing a cybersecurity technique primarily based in your vertical, measurement, maturity, and different elements, so you possibly can higher assess what distributors provide and if they will meet your wants.
four. Implicit and behavioral authentication options assist combat cyberattacks
A latest Forrester survey discovered that, of corporations that skilled at the least one breach from an exterior risk actor, 37% reported that stolen credentials had been used as a method of assault. “Using password-based, legacy authentication methods is not only insecure and damaging to the employee experience, but it also places a heavy administrative burden (especially in large organizations) on S&R professionals,” the report acknowledged.
Vendors have responded: Identity and entry administration options are incorporating quite a lot of information sources, reminiscent of community forensic info, security analytics information, consumer retailer logs, and shared hacked account info, into their IAM coverage enforcement options. Forrester additionally discovered that authentication options utilizing issues like system location, sensor information, and mouse and touchscreen motion to find out regular baseline habits for customers and gadgets, that are then used to detect anomalies.
Forrester recommends verifying distributors’ claims about computerized behavioral profile constructing, and asking the next questions:
- Does the answer actually detect behavioral anomalies?
- Does the answer present true interception and coverage enforcement options?
- Does the answer combine with present SIM and incident administration options within the SOC?
- How does the answer have an effect on worker expertise?
5. Algorithm wars warmth up
Vendors at RSA 2017 latched onto phrases reminiscent of machine studying, security analytics, and synthetic intelligence (AI) to unravel enterprise security issues, Forrester famous. While these areas maintain nice promise, “current vendor product capabilities in these areas vary greatly,” the report acknowledged. Therefore, it is crucial for tech leaders to confirm that vendor capabilities match their advertising and marketing messaging, to ensure that the answer you buy can really ship outcomes, Forrester stated.
While machine studying and AI do have roles to play in security, they don’t seem to be a silver bullet, Forrester famous. Security professionals ought to focus as an alternative on discovering distributors that remedy issues you might be coping with, and have referenceable clients in your trade.