IT security teams and infrastructures are adapting to the needs of digital business, and this requires coping with increasingly sophisticated threats. CISOs and risk managers need to embrace technology trends to define, implement and maintain effective security and risk management programs. These 10 security technologies have managed to become mainstream in recent years:
Cloud access security brokers (known as CASBs) enable cloud computing to be conducted securely. Many SaaS tools offer limited visibility and control capabilities. BCSAs fill these gaps. They give the CISO a complete overview of all cloud computing services used in the enterprise, whether IaaS, PaaS or SaaS. This enables the implementation of company-specific security policies for all the tools they use, regardless of the cloud provider.
There are more and more ways to detect and respond to threats on endpoints. Such tools record logs from various devices connected to the network and store this information locally or in a centralized database. Compromise indicators, data analytics, and machine learning techniques are used to detect threats early and respond quickly to attacks.
Signature-only approaches to malware attack prevention are ineffective against advanced and targeted attacks. Many techniques are now emerging to go beyond these limitations. These include memory protection and machine learning techniques based on mathematical models.
Studying the behavior of users and their devices enables broad security analysis. Roughly, SIEM (Security Information Management System) tools provide broad spectrum monitoring.
UEBA (User and Entity Behavioral Analytics) tools analyze the behavior of users, endpoints, networks, and applications. Correlating the analyses of these different entities refines the results and improves threat detection.
Once attackers gain a foothold in one of the building blocks of a company's information system, they can typically move seamlessly to other layers of the system. To remedy this situation, the technique of "micro-segmentation" is emerging.
The idea is to prevent threats from circulating within corporate networks. To do this, solutions provide visibility and monitoring of communication flows. These visualization tools allow for a better understanding of the structure of flows according to defined segmentation policies and to monitor deviations.
Finally, some vendors offer encryption of network traffic to protect data in transit and isolate it from each other. For example, using point-to-point IPsec tunnels.
Security should be an integral part of Devops. The idea is to use models that allow security tests to be performed during application development and network connectivity tests to be performed at runtime. In addition, this authorizes automatic security scans to detect vulnerabilities during development before the application is put into production.
An analytics-driven Security Operations Center (SOC) goes beyond technologies for preventive control and perimeter monitoring of an enterprise information system. The SOC should be used to inform all aspects of security operations. This means having an adaptive architecture and context-aware components. Automation and orchestration of SOC processes is a key factor in this evolution.
Most attacks start with users receiving malware via email, URLs, or malicious websites. A new approach to combat this risk is to host the session on a "browser server," usually Linux-based, typically in cloud computing mode.
By isolating the browser function from the rest of the terminal and the corporate network, we prevent malware from entering the end user's system. The company, in turn, reduces the attack surface by shifting the risk to that server.
Deception technologies are the use of deceptive techniques and tricks designed to disrupt or confuse attackers' cognitive processes, disrupt their automation tools, and delay an attack. Fake vulnerabilities, fake systems, fake cookies - there are many tools for this. If an attacker attempts to attack these fake resources, this is an important sign that an attack has begun, as there is no reason for a legitimate user to seek to access them.
New security models are now emerging to enforce and manage trust at this scale - billions of devices, most of which have limited processing power. These new services must guarantee data integrity, confidentiality, device identification, and user authentication. This is where blockchain technology comes into full play.