Security Focus Shifts to DetectionGartner's Pingree: Market Emphasis Now on Detection, Response
While the security of cutting-edge technologies has been much talked about over the past six months, the Internet of Things remains at a concept stage, with a lot of new products and service offerings in the works. We're a little ahead of the game as far as topics such as IoT security are concerned, says Lawrence Pingree, Research Director at Gartner. [Also See: IoT: Security Must Be Built In.]
"The real emphasis globally is on behavioral analytics, looking at different variables such as devices, IP addresses, users, and time," he says, "and modeling the behaviors across the spectrum of different interactions within an enterprise."
Traditional security event management products are more linear - they are rules-based, and try to track and analyze individual transactions, which makes them extremely CPU intensive and difficult to scale up to current volumes. What machine-learning and behavioral analysis allow you to do is model behavior and then raise a flag when the behavior starts to change, he says.
Advanced threats are the focus of the security market today, Pingree says. To deal with the security issues such threats raise, in addition to behavioral analytics, there is a new class of products hitting the market today called Endpoint Detection and Response. What these products do is provide more visibility into the machines, binaries and processes of the operating system itself. This allows the operators to take telemetry from sandboxing technologies such as FireEye and Blue Coat, and use that intelligence to hunt for anomalies in the endpoints. [Also See: Inside An Elite APT Attack Group.]
"A common problem we are finding in our client base is that once they have the telemetry from these services, they are lacking the visibility to take that and go look for the infections on the endpoint," he says. EDRs are a step in the right direction.
The problem with having a prevention-only focus is that if you're just putting your budget there, most often, you don't have a good solid investment in detection technology and the incident response process, he says. "Most of our clients are challenged with responding to an incident, identifying and incident, and if something does get through, tracking it down and rapidly remediating it."
With roughly 70-90 percent of attacks now being targeted malware attacks, you can imagine what an attacker can do if you are unable to find the malware, he says. In India, there is a strong interest in cloud security, the internet of things, data loss prevention technology and virtualization security, he says. That is more distinguished in the Indian market, than in other markets.
Pingree was a speaker at the Gartner Security & Risk Management Summit, held in Mumbai on September 1 and 2. In this exclusive interview with Information Security Media Group, Pingree takes a step back and looks at the current security landscape, commenting on where he sees security heading today - from a user as well as a vendor point of view. He shares insight on:
- The developments in the landscape, necessitating change in the approach to security;
- Some game-changing trends organizations and vendors can't afford to miss;
- Market slowdown, consolidation expected.
Pingree is a Research Director at Gartner. His responsibilities include the coverage of information security technologies and markets, security program execution, advanced threats, network-based security technologies, and security issues. The emphasis of his research is on providing insights to the security vendor community. His inquiry and research goals are to provide technology providers with critical insights on the latest security market trends, marketing and messaging, technology alignments, and potential partnerships and to aid technology providers competing in the security markets.