Top key threats, strong trends and promising technologies. Gartner forecasts for the next few years
We constantly monitor new trends, opinions and publications on information security. All this amount of information is systematized and "decomposed" in grocery niches. As a result, a single picture of how analysts see our future is formed. We decided to share one more summary of the most interesting and powerful trends that we are talking about in our reports and Gartner presentations. Someone this information is useful for speeches, someone - to justify the budget, and someone just allow you to "check watches" with the industry and be aware of what is now considered the "hot" topics themselves.
So where does Gartner think the industry is heading?
Security Operation Center and Managed Security Providers Service
User Entity and Behavior Analytics (UEBA) and Security information and event management (SIEM)
Access Control Systems (IdM)
Information Leak Prevention (DLP)
Web Application Firewalls (WAF)
Vulnerabilities, threats and incidents
Summarizing, we can say that Gartner predicts a great future for the direction of User Entity and Behavior Analytics and, of course, the migration of everything and everything to the clouds.
')
For the Russian market, the topic of UEBA is still quite new, but a number of vendors are already showing interest in these developments. Gartner sees great promise in using UEBA in DLP and SIEM systems (predictably), and also predicts that by 2020, UEBA modules will be in every fourth such solution. Given that Russian companies can hardly count on the absorption of Western vendors UEBA, it remains only to wait for Russian developments in this area.
On the contrary, the transition of IB solutions to the clouds has been talked about for a long time, and we see movement in this direction from the customers, but so far slower than Gartner had predicted. Here, the difficulty lies not so much in the distrust of customers, as in the reluctance of many vendors to switch to the cloud model.
Well, with great pessimism, Gartner looks at the level of protection of companies from cyber attacks. The late response to IS threats, shadow IT, subordination of information security to the IT service are all named as pain points and, alas, very well known to Russian organizations. But, of course, I would like to hope that analysts are wrong here, and companies will approach information security more carefully, responsibly and systematically.
So where does Gartner think the industry is heading?
Security Operation Center and Managed Security Providers Service
- By 2020, 65% of MSSP providers will offer services to identify and counter cyber attacks.
- By 2020, 60% of corporate budgets for information security will be spent on rapid detection and response to cyber attacks (in 2016, this figure did not exceed 30%).
User Entity and Behavior Analytics (UEBA) and Security information and event management (SIEM)
- By 2018, at least 30% of large vendors of SIEM will include in-depth analytics and UEBA functionality in their solutions.
- By 2018, a quarter of all security solutions used to detect threats will have in-built depth analytics modules.
- By 2018, a predictive analysis will be embedded in at least 10% of all UEBA solutions.
- By 2018, at least 4 acquisitions of UEBA vendors by companies producing SIEM, DLP, or other information security solutions are expected.
- By 2020, at least 60% of the largest CASB (cloud access security broker) vendors and 25% of the largest SIEM and DLP vendors will integrate UEBA functionality into their solutions - thanks to acquisitions, technology partnerships or their own development.
- By 2020, less than 5 independent UEBA vendors will remain on the market, others will focus on narrower information security tasks.
Access Control Systems (IdM)
- By 2018, 25% of organizations - today there are only 5% - will reduce the number of data leaks by monitoring sessions of privileged users.
- By 2018, half of the organizations will use alternative authentication methods instead of passwords (currently 20%).
- By 2019, 40% of projects for the implementation of access control systems will be implemented using the SaaS model (today the share of such projects is 10%).
Information Leak Prevention (DLP)
- By 2018, 40% of large companies will deal with data leaks, controlling the use of cloud storage and mobile devices, bypassing the traditional DLP model.
- By 2018, 90% of organizations will use DLP in one form or another (as opposed to the current 50%).
- By 2018, less than 10% of organizations using DLP will be able to boast that they have a model of information security management (now their number is close to zero).
Web Application Firewalls (WAF)
- By the end of 2020, the share of public web applications using WAF as a cloud service or as virtual software will increase from 25% to 70%.
- Until at least 2020, the security gateway market for small and large businesses will remain a separate niche.
Vulnerabilities, threats and incidents
- By 2018, 40% of large organizations will have a clear plan to counter cyber attacks aimed at disrupting their business (now, according to Gartner, almost no one has built and formalized action plans in the event of an attack).
- Due to the inability of the information security divisions to manage risks, by 2020 60% of companies doing business on the Internet will suffer from serious problems with the availability of services.
- By 2020, one third of successful cyber attacks will fall on “shadow IT”.
- Up to 2020, 99% of exploited vulnerabilities will remain known to IT / IB services for at least a year (ie, the speed of detection of vulnerabilities will continue to be much faster than the rate of their elimination).
- By 2020, organizations where IT security budgets allocate information security will suffer from gaps in protection three times more often than companies where information security costs are determined by management.
- By 2020, high-level cybercriminals will be able to crack 90% of companies defending themselves with advanced analytical systems.
Summarizing, we can say that Gartner predicts a great future for the direction of User Entity and Behavior Analytics and, of course, the migration of everything and everything to the clouds.
')
For the Russian market, the topic of UEBA is still quite new, but a number of vendors are already showing interest in these developments. Gartner sees great promise in using UEBA in DLP and SIEM systems (predictably), and also predicts that by 2020, UEBA modules will be in every fourth such solution. Given that Russian companies can hardly count on the absorption of Western vendors UEBA, it remains only to wait for Russian developments in this area.
On the contrary, the transition of IB solutions to the clouds has been talked about for a long time, and we see movement in this direction from the customers, but so far slower than Gartner had predicted. Here, the difficulty lies not so much in the distrust of customers, as in the reluctance of many vendors to switch to the cloud model.
Well, with great pessimism, Gartner looks at the level of protection of companies from cyber attacks. The late response to IS threats, shadow IT, subordination of information security to the IT service are all named as pain points and, alas, very well known to Russian organizations. But, of course, I would like to hope that analysts are wrong here, and companies will approach information security more carefully, responsibly and systematically.
Source: https://habr.com/ru/post/322858/
All Articles