Endpoint detection and response
Endpoint detection and response (EDR) solutions augment traditional endpoint preventative controls such as an antivirus by monitoring endpoints for indications of unusual behaviour and activities indicative of malicious intent.
Gartner predicts that by 2020, 80 per cent of large enterprises, 25 per cent of midsize organisations and 10 per cent of small organisations will have invested in EDR capabilities.
Network traffic analysis
Network traffic analysis (NTA) solutions monitor network traffic, flows, connections and objects for behaviours indicative of malicious intent.
Enterprises looking for a network-based approach to identify advanced attacks that have bypassed perimeter security should consider NTA as a way to help identify, manage and triage these events.
Managed detection and response
Managed detection and response (MDR) providers deliver services for buyers looking to improve their threat detection, incident response and continuous-monitoring capabilities, but don't have the expertise or resources to do it on their own.
Demand from the small or midsize business (SMB) and small-enterprise space has been particularly strong, as MDR services hit a "sweet spot" with these organisations, due to their lack of investment in threat detection capabilities.
Once attackers have gained a foothold in enterprise systems, they typically can move unimpeded laterally ("east/west") to other systems.
Micro-segmentation is the process of implementing isolation and segmentation for security purposes within the virtual data centre. Like bulkheads in a submarine, microsegmentation helps to limit the damage from a breach when it occurs.
Micro-segmentation has been used to describe mostly the east-west or lateral communication between servers in the same tier or zone, but it has evolved to be used now for most of communication in virtual data centres.
A software-defined perimeter (SDP) defines a logical set of disparate, network-connected participants within a secure computing enclave.
The resources are typically hidden from public discovery, and access is restricted via a trust broker to the specified participants of the enclave, removing the assets from public visibility and reducing the surface area for attack.
Gartner predicts that through the end of 2017, at least 10 per cent of enterprise organisations will leverage software-defined perimeter (SDP) technology to isolate sensitive environments.
OSS security scanning and software composition analysis for DevSecOps
Information security architects must be able to automatically incorporate security controls without manual configuration throughout a DevSecOps cycle in a way that is as transparent as possible to DevOps teams and doesn't impede DevOps agility, but fulfils legal and regulatory compliance requirements as well as manages risk.
Security controls must be capable of automation within DevOps tool chains in order to enable this objective.
Software composition analysis (SCA) tools specifically analyse the source code, modules, frameworks and libraries that a developer is using to identify and inventory OSS components and to identify any known security vulnerabilities or licensing issues before the application is released into production.
Sign up for Computerworld eNewsletters.