Greg YoungI was honored to be the lead author for the 2009 Hype Cycle for Infrastructure Protection (limited to Gartner customers).
First in thanks and second to demonstrate the depth the depth of work and research we do at Gartner, I’d like to thank my 15 co-authors:
Vic Wheatman, Joseph Feiman, Neil MacDonald, Adam Hils, Jeffrey Wheatman, Peter Firstbrook, John Pescatore, John Girard, Kelly M. Kavanagh, Lawrence Orans, Mark Nicolett, Arabella Hallawell, L. Frank Kenney, Ray Wagner, and David Norton.
Infrastructure Protection is composed of the ‘keeping the bad guys out’ security technologies. This year we see considerable forward movement in the technologies as driven by the relentless and constantly changing threats.
The technologies listed in this edition include(in no particular order):
Web Application Firewalls
E-Mail Security Boundary
DDoS Defense
HIPS on Servers
Stateful Firewalls
Software Composition Analysis
Application Inspection
Penetration Testing Tools
"In the Cloud" Security Services
Security in the Switch
Database Activity Monitoring (DAM)
Open-Source Security Tools
SMB Multifunction Firewall
Endpoint Deep Packet Inspection
Endpoint Protection Platform
Network Security Silicon
Application Control
Mobile Data Protection
Data Masking
Static Application Security Testing
HIPS on PCs
Network Access Control
Network IDS
Next-Generation Firewalls
Secure Web Gateways
WLAN IPS
XML Firewalls
Dynamic Application Security Testing
Network IPS
There is a great top level summary in the Gartner’s Hype Cycle Special Report for 2009. The Infrastructure Protection Hype Cycle is a companion to the other security Hype Cycles:
- Hype Cycle for Governance, Risk and Compliance Technologies, 2009
- Hype Cycle for Data and Application Security, 2009
- Hype Cycle for Identity and Access Management Technologies, 2009
Category: Uncategorized Tags:
4 responses so far ↓
1 Rob Lewis August 10, 2009 at 10:24 am
Hi Greg,
John Pescatore commented oh his blog back on March 26th, that there are major different drivers between “let the good guys in” and “keep the bad guys out”.
If “Infrastructure Protection is composed of the ‘keeping the bad guys out’ security technologies, how oe where does Gartner make that distinction, or do they, and for that matter, where would a cross domain solution that operates on a least privilege, default deny basis fit into its’ analysis?
Cheers.
2 Greg Young August 10, 2009 at 10:35 am
Hi Rob:
What you describe is primarily identity and access management (IAM), since it is based upon who the user is to moderate access. A trusted guard acting merely as a data diode would be infrastructure protection, whereas a guard basing decisions on the identity would be IAM.
There are some overlaps within products as your point indicates, for example Microsoft ISA/IAG has both classes of safeguard, however Gartner finds that when you consider the end use case they do tend to line up nicely as a means of looking at competing products and technologies.
Thanks for the comment –
Greg
3 Adam Hils August 10, 2009 at 10:46 am
NAC is one that coupld go in both categories – especially pre-admission NAC. Identity-based networking, to the extent that it uses user ID, has some kinship with “Letting the good guys in”.
I agree, though, Greg. The categories are largely discrete.
4 Rob Lewis August 12, 2009 at 2:32 pm
Maybe it’s a matter of degee Greg.
I see examples of authentication acting as a proxy for authorization all over the place.
What Iam referring to by ” cross domain solution ” is MLS that scales across distributed networks, or “let the good guys in” at the data file level. I really don’t see how we fit in with anything else.