When Gartner Vice President Peter Firstbrook took the stage at this year’s Gartner Security & Risk Management Summit, he spoke of two shifts in security: resilience and trust. Organizations must develop resilient security programs that anticipate disruptions and enable them to respond quickly to avoid costly lapses in productivity. He also championed trust within the organization, as opposed to traditional restrictive security controls.
*Gartner Security & Risk Management Summit, National Harbor, MD, Keynote: Build Trust and Resilience at the Speed of Business, Peter Firstbrook, June 13-16, 2016.
Additional sessions throughout the week, including keynotes from the likes of General Colin Powell, reinforced the importance of these concepts, particularly in a world where the lines between physical security and cybersecurity continue to blur. Here are a few key takeaways and insights from the conference.
Some things change while others remain the same. In his session, “Gartner Essentials: Top Security Predictions/SPAs 2016,” Earl Perkins noted that through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.
This issue becomes even more apparent with the increase in the number of IoT and mobile devices in the workplace, which has caused organizations to adjust their strategy to find legacy vulnerabilities on those devices. During his presentation, “The World Is Changing – How Does It Affect My Vulnerability Management Program?” Augusto Barros recommended that vendors integrate enterprise mobility management (EMM) into vulnerability management for asset management, vulnerability assessment and remediation, and that they consider mitigation actions.
Security vendors must provide more out-of-the-box support for containers and other management systems
The emergence of IoT, combined with the prevalence of legacy vulnerabilities, will force security to be integrated earlier in the development process. During his session, "Integrating Security in DevOps: DevSecOps," Gartner VP Distinguished Analyst, Neil MacDonald, recommended vendors of security and management provide out-of-the-box support for containers and management systems.
Detection and response ahead of prevention has been a message received by vendors. However, the sheer amount of data created by detection services, combined with a skill shortage in the industry, has created a pressing need to introduce additional automation capabilities. In his session, "To The Point: What Every Security Vendor Should Know About Security Automation," Gartner Research Director, Eric Ahlm, states that by 2020, security program owners that are able to automate at least 50% of their program will experience half the amount of breaches as their peers that haven't.
Automation can act as a task facilitator and error reducer, especially in the threat detection, threat response, threat investigation, and vulnerability management markets. Consumers of automation products will depend largely upon the maturity of the Security Operations Center (SOC) within the organization.
Security analytics and UEBA
By 2018, at least 30% of major SIEM vendors will incorporate advanced analytics
Along with automation, organizations are using security analytics and User Entity Behavior Analytics (UEBA) strategies to prioritize and take action on the most relevant data. Despite the hype surrounding security analytics, the definition still remains unclear and many UEBA tools are still immature. However, several security vendors are taking notice, and according to Avivah Litan's and Toby Bussa's session, "The Fast-Evolving State of Security Analytics 2016," Gartner expects that by 2018, at least 30% of major SIEM vendors will incorporate advanced analytics and UEBA functionality into their products.
How Tenable can help
As new and emerging technologies change the way we look at security, Tenable continues to transform security technology to meet critical business needs through solutions that provide continuous visibility and critical context, enabling decisive actions to protect organizations. Check out our solutions page today to see how Tenable solves your most pressing security needs such as vulnerability management, continuous monitoring, and security assurance.
All presentations noted were given at the Gartner Security & Risk Management Summit, National Harbor, MD, June 13-16, 2016.