5 emerging security technologies are waiting for you

  • New categories of sophisticated protection are emerging almost daily.

  • Application vulnerabilities account for up to a third of all breaches.

  • The next evolution of SIEM tools can forecast a breach beforehand.

If you’re an information security professional, nobody needs to tell you that your job is more complex than ever. While you may be doing a good job protecting the home-front — guarding the perimeter with firewalls, adding a security information/event management (SIEM) platform, applying intrusion detection and prevention systems (IDS/IPS) and strong password protection — you probably haven’t gone far enough. Entire new categories of sophisticated protection are emerging almost daily, and established providers are racing to keep up with cutting-edge solutions and services.

To protect against today’s sophisticated attacks, consider the following solution categories:

1. Cloud security and software-defined security (SDS).

Cloud-based security services have long been available. What’s new is the host of security offerings that are specifically designed to protect cloud-based resources, particularly in a virtual environment. These tools protect on a per-workload basis, spinning up to manage a workload, and shutting down when the workload is terminated. They integrate into leading-edge technology frameworks like VMWare’s NSX and Cisco’s ACI.

2. Dynamic application security.

Application vulnerabilities are responsible for up to a third of all breaches, and the number of records exposed per breach is typically in the tens to hundreds of millions. The good news is that vendors are developing dynamic application security that can inspect executing code (either during testing or production) and confirm that it’s free of known vulnerabilities, without requiring a battalion of experts.

 3. User behavioral analytics.

The next evolution of SIEM is advanced security analytics, which includes tools that can forecast a breach before it happens, based on unusual user and system behavior. It’s time to get familiar with this technology.

4. Big Data protection.

Speaking of Big Data, protecting those NoSQL databases and Hadoop and Cassandra platforms isn’t a top priority for many infosec professionals. But it should be. Due to the way these platforms and databases are architected, scalability and performance issues make them hard to protect. But once again, tools are emerging to provide real-time, in-depth protection.

5. Mobile security.

All too often, information security professionals treat mobile security as their own silo, and a less-important one than security for “real” computing. That’s a mistake. Yet, according to a recent Google study, Microsoft now represents just 25% of computing devices. So even if your organization has gone BYOD, protecting those devices is a must. Another mistake is assuming mobile device management (MDM) platforms are sufficient. They’re not; you also need to consider emerging tools and technologies that integrate mobile devices, applications, and data into an overarching protection umbrella.

The bottom line: If your security architecture dates back to 2013, you’re well behind the curve. It’s time for an overhaul!

What are you doing to boost your organization’s security technology?


Johna Till Johnson is the author of this blog post and the President and Senior Founder of Nemertes Research.  AT&T has sponsored this blog post.

Johna Till Johnson President and Senior Founder Nemertes Research About Johna Till