Gartner analysts Lawrence Orans and Mark Nicolett took a few minutes recently to recap key trends in security and answer questions ahead of our upcoming Gartner Security & Risk Management Summit. Here’s what they had to say.
What are the key trends in IT security today?
The main issue driving IT security is the pressing need to defend against targeted attacks and to quickly detect a security breach before a targeted attack results in data loss.
Dealing with targeted attacks and advanced threats is the major issue confronting security teams in organizations of all sizes. There are staffing and skills issues that our end user clients need to deal with, and there are decisions that need to be made about security technologies and services.
The security industry response is to provide new capabilities either as a feature of a larger security solution or as a pure play, best of breed solution. Examples of security technology segments with many point solution vendors are network traffic analysis and user behaviour analytics. Both of these segments deal with early detection of a security breach. For other security issues such as distributed denial of service attacks, it’s all about proactive strategies before you’re attacked.
In terms of cloud, the trend is toward security services delivered from the cloud. We’re seeing real advances in that area.
Another area where advances are being made is security monitoring technologies and services. We’re still not very good at discovering targeted attacks. A typical organisation does not know about a breach for months. New detection approaches that utilize profiling, anomaly detection, and machine learning, help you discover things that are happening on your network or with your users that are outside the norm, and indicate a security issue. This is an area where security service providers can be helpful, as security staff and talent are often in short supply.
Have there been any big changes since last year’s summit?
Security used to be a hard sell. There wasn’t any budget to properly fund security initiatives for both technology and staffing. These days, with so many high-profile breaches hitting the front page, CIOs and boards are asking, “How good are we at defending against and discovering these attacks?” Suddenly, there’s more budget set aside for security and much more support for security projects.
There is a great deal at stake, after all. If your intellectual property is stolen, you may lose your competitive edge. When customer information and data compromised, we have seen an impact on market share or stock price (at least temporarily). In some cases, there is proof of more lasting damage. There’s just too much at risk now to put off security initiatives.
What’s the right response to growing threats?
The first order of business is to make sure that you are covering the basics. Many successful attacks are exploiting old vulnerabilities that should have been patched 6 months to 2 years prior to the attack. So – more attention needs to be paid to basic activities such as patch management. If there’s too many patches to deal with, prioritize the remediation of vulnerabilities that are actively being targeted. Make those a priority.
There are also many new protection and detection technologies, but organizations need to evaluate their ability to effectively operate a growing number of security functions. You can’t ignore staffing requirements, and service providers may be needed to alleviate staffing and skills shortages.
For DDoS, have a playbook in place so you are ready to respond quickly. Determine beforehand who has authority to contact the DDoS service provider. Decide how you’re going to control messaging both internally and externally. It’s really the same thing for all kinds of breaches. You need to have a plan in place for communications and response.
What are the must-see sessions at this year’s event?
There are so many great new presentations. We’ll be talking about the state of network security and how to adopt more cloud-based security. There’s a session on DDoS challenges. We’ll look at the most cost effective methods to defend against a DDoS attack. We’ll delve into network traffic analysis technologies and how that area will evolve over the next several years.
There will be important sessions on security monitoring, security analytics trends, the threat landscape, network-based approaches to targeted attack defense, application security, data security, and identity and access management. We’ll cover every possible security technology and service topic you could need, as well as management topics such as creating a security and risk management program, risk assessment and security awareness training for employees.
What can companies do to better to prepare for cyberattacks?
Gain management and board level support for security initiatives by describing the risks and through a narrative that explains what could happen (using current and relevant examples). Outline the cost of improving your security posture, including both technology and staffing. Improve incident response. Have a playbook in place ahead of time that covers how to orchestrate your response to a breach. You need to isolate the breach, understand its extent, do data and system recovery and handle external communications. So – do everything you can to make your environment more resilient to an attack, but also plan for breach response.
Want to hear for yourself? Watch here ›