Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Gartner Essentials: Top CybersecurityTrends for 2016-2017

4,477 views

Published on

Gartner Essentials: Top CybersecurityTrends for 2016-2017

Published in: Technology
  • Want to preview some of our plans? You can get 50 Woodworking Plans and a 440-Page "The Art of Woodworking" Book... Absolutely FREE  http://ishbv.com/tedsplans/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • There are over 16,000 woodworking plans that comes with step-by-step instructions and detailed photos, Click here to take a look ➤➤ http://ishbv.com/tedsplans/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Get access to 16,000 woodworking plans, Download 50 FREE Plans... ■■■ http://tinyurl.com/yy9yh8fu
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Gartner Essentials: Top CybersecurityTrends for 2016-2017

  1. 1. CONFIDENTIAL AND PROPRIETARY This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other intended recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner Essentials: Top Cybersecurity Trends for 2016 — 2017 Carsten Casper Gartner Briefing 28 Apr 2016 | Vienna, Austria
  2. 2. 1 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Security for the Next Generation of Threat A pervasive digital presence is expanding into business, industry and society Once networked, this digital presence substantively alters risk for digital businesses Digital security is the next evolution in cybersecurity to protect this pervasive digital presence
  3. 3. 2 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Security Macro Trends You Face in the Age of the Pervasive Digital Presence Risk and Resilience Seek Balance Security Disciplines Converge Secure Digital Supply Chain Needs Grow Security Skills Options Expand Adaptive Security Architecture Embraced Security Infrastructure Adapts Data Security Governance Arrives Digital Business Drives Digital Security
  4. 4. 3 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Risk and Resilience Seek Balance
  5. 5. 4 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Security Moves to an Embedded State in the Organization Governance Compliance Control Protection Reliability Speed Assurance Transparency RISK RESILIENCE Privacy Safety Value Cost
  6. 6. 5 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Security Principles for Trust and Resilience Business Outcomes Risk-Based Data Flow Facilitator Detect and Respond Principle of Trust and Resilience People-Centric
  7. 7. 6 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. People-Centric Security Continues to Be Embraced Accountability Responsibility Immediacy Autonomy Proportionality Community Transparency Educate Monitor Rights Responsibilities
  8. 8. 7 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Take-Aways for Risk and Resilience Balance Revisit the security organizational structure to ensure it reflects current mission Revise the methods used to calculate IT risk to incorporate new variables and factors Develop fast-track methods of addressing security requirements Refine the security communication and education process to emphasize agility
  9. 9. 8 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Security Disciplines Converge
  10. 10. 9 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Digital Security for the Pervasive Digital Presence Defense Offense Reactive Proactive IoT Security Information Security IT Security OT Security Physical Security You Are Here Digital Security
  11. 11. 10 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. "Digital Safety" Becomes a New Force and Responsibility The CIAS Model of Digital Security Integrity Data People Environments Confidentiality Availability Safety Graphics: Can Stock Photo
  12. 12. 11 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Take-Aways for Security Convergence Establish security governance and planning relationships with physical and industrial counterparts Improve cross-discipline procurement methods for security requirements Modify security architecture to include additional layers where required Investigate changes in security management and operations that may be required to accommodate convergence
  13. 13. 12 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Secure Digital Supply Chain Needs Grow
  14. 14. 13 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Integrated Digital Security for the Supply Chain(s) SUPPLY CHAIN DIGITAL SUPPLY CHAIN DIGITAL SECURITY FOR THE SUPPLY CHAIN(S) IoT Security Information Security IT Security OT Security Physical Security Digital Security
  15. 15. 14 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. SIEM Software Asset Management Expanding (and Confusing) SaaS Control Add-On Markets Today's enterprise suffers from coordination frustration. Encouraging evolution of multicloud, multifunction management consoles. Activity Threat Control Archive and Recovery Cloud Access Security Broker EMM Confidentiality IDaaS SaaS Aggregation Tool Mobile Device Management Before and During Login After Login Service Monitoring Malware Control
  16. 16. 15 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Take-Aways for Securing the Cloud (Supply Chain) Develop an enterprise public cloud strategy. Implement and enforce policies on usage responsibility and cloud risk acceptance. Follow a cloud life cycle governance approach. Develop expertise in the security and control each cloud model used. Implement technologies to fight cloud diffusion complexity. Conduct Risk Assessment (decision establishes requirements for technical and process controls) Medium Exposure Potential Impact of Security Failure BusinessContribution (ValueofService) Low High Always Allowed Low High DoNotAllowDoNotAllow
  17. 17. 16 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Security Skills Options Expand
  18. 18. 17 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Assess the Most Critical Skills Impacts of Digital Security Already, Traditional Security Strategies Are Shifting To: Contextual Security Monitoring and Response Ubiquitous Identity Management Data Classes, Data Governance Security Awareness, Privacy & Behavior 01011 Embedded Security Network Segmentation, Engineering Physical Security Automation
  19. 19. 18 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Key Take-Aways to Accelerate Skills Generation and Convergence Build a long-term security workforce plan. Make coaching and skills development first task. Embed security skills within the lines-of-business. Change security specialists to "versatilists." Mix traditional and agile recruitment techniques. Evaluate current skills gaps.
  20. 20. 19 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Adaptive Security Architecture Is Embraced
  21. 21. 20 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Software-Defined Everything, Including Security "Data Plane" "Control Plane" APIAPI API API APIAPI API Southboun d APIs Northboun d APIs Layers of Abstraction API Platform APIs Applications
  22. 22. 21 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Respond Detect Detect incidents Prevent attacks Confirm and prioritize risk Contain incidents Isolate systems Predict Prevent Harden systems Compliance Policy Monitor posture Adjust posture Implement posture Adjust posture Continuous Visibility and Verification Users Systems System activity Payload Network Investigate incidents/ retrospective analysis Remediate Anticipate threats/ attacks Risk-prioritized exposure assessment Design/Model policy change Baseline systems and security posture Develop an Adaptive Security Architecture
  23. 23. 22 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Threat Intelligence Platforms Allow You to Visualize, Correlate and Gain Context Emerging Threats Shadowserver ZeuS Tracker Abuse.ch Open-Source MRTI Feeds Norse IID Cyveillance Malcovery Commercial Feeds GeoIP Malware Lookup Domain Tools Enrichment Services News RSS Feeds Websites OSINT Sources Threat Intelligence Platform Analytics Threat Intelligence Processing Visualization Reporting Forensics Threat Intelligence Sharing Incident Response SOC Analyst Fraud Threat Analyst Management Malware Analyst Help Desk People Process Circle of Trust Sharing Workflow/ Escalation Communication Fraud Technology Secure Web Gateway NGFW IPS/IDS Logs
  24. 24. 23 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Take-Aways for Adaptive Security Architecture Shift security mindset from "incident response" to "continuous response" Spend less on prevention; invest in detection, response and predictive capabilities Favor context-aware network, endpoint and application security protection platforms Develop a security operations center Architect for comprehensive, continuous monitoring at all layers of the IT stack. Graphics source: istock, http://www.istockphoto.com/photo/life-cycle-of-great-mormon-butterfly-gm505604992-83758525
  25. 25. 24 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Security Infrastructure Adapts
  26. 26. 25 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Embed Application Security Testing into the Life Cycle 1 Analysis 2 Design 3 Programming 4 Test 5 Operations
  27. 27. 26 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Attacks Through Internet or Wireless Networks Attacks Through Local Wireless Networks Lower Defense Capabilities Risk Aggregation Attacks Through Local Wireless Networks and Users/Endpoints Sensors Actuators Things Aggregators Controllers IoT Platform New Network Security Concerns in the Pervasive Digital Presence
  28. 28. 27 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Model of a Trusted Execution Environment (TEE)
  29. 29. 28 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Data Security Governance Arrives
  30. 30. 29 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Develop a Data-Centric Audit and Protection Approach Activity Monitoring Assessment of Users and Permissions User Monitoring and Auditing Data Security Policy Data Classification and Discovery Policy Data Security Controls Protection Analysis and Reporting Blocking, Encryption, Tokenization and Data Masking
  31. 31. 30 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Take-Aways for Data Security Governance Prioritize organization-wide data security governance and policy. Identify and implement risk-appropriate data security controls by data type where possible. Implement a DCAP strategy that includes disciplined and formal product selection. Incorporate big data plans and unique requirements into security strategy. Graphics Source: iStock - http://www.istockphoto.com/photo/undecided-businessman-gm471659278-62910804?st=ccbc429
  32. 32. 31 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Digital Business Drives Digital Security
  33. 33. 32 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Securing a Pervasive Digital Presence (the Internet of Things) Gateways Things Agents Analytics Applications Data Cloud Mobile MES, ERP Partners IoT Platform Middleware Core Business Processes IoT Edge Processing CommunicationsIntegration Integration Communications Security requirements: – Policy creation and management – Monitoring, detection and response – Access control and management – Data protection – Network segmentation Key challenges: – Scale – Diversity (age and type) – Function – Regulation – Privacy – Standardization Recommendations: Focus on small scenarios. Use risk-based prioritization. Emphasize segmentation and access initially.
  34. 34. 33 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Enterprise Consumer Business Disruption Espionage and Fraud Financial Waste Cyber Risks and Consequences in an IoT Solution IoT Platform Platform Hacking Data Snooping and Tampering Sabotaging Automation and Devices Edge Device Impersonation Device Hacking Device Counterfeiting Snooping, Tampering, Disruption, Damage Dev. Prod.
  35. 35. 34 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. IAM Trends of 2015-2016 That Include an Identity of Things IAM Program Management and Governance (Digital) Business and Operational Needs (Digital) Risk Management and Compliance Things People Apps and Data Relationships Interactions
  36. 36. 35 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Take-Aways for Digital Security Balance Risk and Resilience Make the Security Discipline Decision Enhance Digital Security Supply Chains Retool Security Skills Embrace Adaptive Security Architecture Selective Improve Security Infrastructure Embrace Data Security Governance
  37. 37. 36 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. Recommended Gartner Research Cybersecurity Scenario 2020 Phase 2: Guardians for Big Change Earl Perkins and F. Christian Byrnes (G00279414) Predicts 2016: Security for the Internet of Things Ray Wagner, Earl Perkins, Greg Young and Others (G00293187) Designing an Adaptive Security Architecture for Protection from Advanced Attacks Neil MacDonald and Peter Firstbrook (G00259490) Cloud Security and Emerging Technology Security Primer for 2016 Jay Heiser (G00293190) For more information, stop by Gartner Research Zone.

×