Realize That Big Security Data Is Not Big Security Nor Big Intelligence

Size: px
Start display at page:

Download "Realize That Big Security Data Is Not Big Security Nor Big Intelligence"

Transcription

1 G Realize That Big Security Data Is Not Big Security Nor Big Intelligence Published: 19 April 2013 Analyst(s): Joseph Feiman Security intelligence's ultimate objective, enterprise protection, is mainly fulfilled by security policy enforcement and scanner technologies, not by big security data repositories. Security leaders should prioritize their security strategies and investments based on that fact. Key Challenges Security repositories, even filled with "big" amounts of security data, inherently possess a fundamental weakness: They cannot protect enterprise assets. Enterprises often mistakenly equate "big" amounts of security data (such as SIEM) with security intelligence. Enterprises often mistakenly believe that only big security data repositories are intelligent, while policy enforcers and scanners are not. Recommendations Prioritize investments in policy enforcers and scanners, because they often yield better returns than big security repositories. Invest in having policy enforcement and scanning technologies interact and share their platform-specific intelligence directly. Architect big security data repositories to support security intelligence protection and detection capabilities fulfilled by policy enforcers and scanners. Strategic Planning Assumption Through 2016, 80% of organizations will fail to make big security data useful. Introduction There are two fundamental flaws in the common assumptions about security intelligence (SI):

2 1. SI is analogous to business intelligence (BI). 2. "Big" collection of security data for example, security information and event management (SIEM) is SI or a mandatory component of SI, and is the key to enterprise security. In this research, we will challenge both assumptions. There is an unfortunate tendency to draw a direct analogy between BI and SI. Yet, there is a fundamental difference between them: BI enables business analytics and advice, while SI must above all enable enterprise asset protection: blocking attacks, filtering malicious input, raising real-time alerts and detecting vulnerabilities with high precision. Policy enforcement is the class of technologies that fulfills the main security objective protection. These technologies include network firewalls, intrusion prevention systems (IPSs), Web application firewalls (WAFs), database audit and protection (DAP), data loss prevention (DLP) and authorization management systems. There is another class of security technologies that plays a critical role: security scanners, such as application, network and database vulnerability scanners. These technologies conduct security analysis, offer remediation advice and can provide input directly to the policy enforcement technologies (such as WAF or IPS) in order to increase efficiency of the latter. Repositories stoked with security data such as SIEM are unable to achieve the ultimate security objective, which is protection of assets. Therefore, they are not SI. They can be part of SI architecture, but they are not the incarnation of SI. Postfactum analytics (typically fulfilled by SIEM and other big security data repositories) is an important component of SI, but its role is to support SI protection and detection capabilities by making them more accurate, cross-siloed and multilayered. It helps to create a unified view of security events across the enterprise, which enables rapid detection of targeted attacks that bypass protection technologies. We argue that the key to security resides in the interaction of numerous detection and protection technologies: network and application firewalls; intrusion prevention systems; authentication managers; database monitors; and application, data and network security scanners of all kinds. They are intelligent technologies capable of detection, analysis and unlike repositories protection against attacks (such as termination or blocking of malicious sessions), rather than just notification after the fact which is the essence of repositories. When practical, they should feed their input into big security data repositories and get back the results of analysis conducted on this big security data. Policy enforcers, monitors and scanners on the one hand and big security data repositories on the other are intelligent, but their intelligence is achieved and expressed differently. Both types of intelligence have their advantages and weaknesses, and should be utilized differently. Policy enforcers and scanners have built-in intelligence, enabling them to act fast, detect vulnerabilities, raise alerts and deter attacks in real time. Big security data repositories have to learn their intelligence: They collect and normalize data, correlate it with contextual data, and then conduct contextual analysis. This enables them to conduct cross-siloed analysis, but does not allow for real-time detection and protection. Page 2 of 7 Gartner, Inc. G

3 Analysis Understand the Intelligence of Policy Enforcers, Monitors and Scanners Policy enforcers, monitors and scanners do not need to transform security and context data into information, and information into knowledge but such transformations have been preliminarily done, because scanners and policy enforcers have direct access to a built-in knowledge repository and can conduct their detection and protection capabilities intelligently at their runtime. For example, an application security testing technology such as static application security testing (SAST) uses knowledge of hundreds of security programming best practices to check the tested application's code for compliance with these practices, which results in the intelligent detection of a potential vulnerability in the code. Technologies such as dynamic application security testing (DAST) use knowledge of hundreds of attack scenarios to verify whether or not these attacks can harm an application. Technologies such as WAF use their knowledge of attack patterns to see whether these patterns are present in the data stream approaching an application, and therefore can intelligently react to a detected attack (for example, ring an alarm or block the session). Direct access to the knowledge repository enables detection actions, followed by reporting and recommendation on how to remediate and protect after the fact of detection. These enabled actions are mostly automated real-time protection actions and real-time responses to threats (for example, dynamic masking of sensitive data, or blocking SQL injection sessions). One challenge that policy enforcers, monitors and scanners face is that their knowledge repositories are usually siloed (for example, they contain knowledge of only data security, application security or network security), so they have an incomplete view of the attack and defense surface. Another challenge is that enforcers, scanners and monitors often produce only reports of their discoveries and actions, instead of, or in addition to, storing their results in some repository for postfactum analysis that might serve in the enterprise's risk management and resource and budget planning. We recommend having these results stored and shared among various enforcers, monitors and scanners in other words, cross-siloing them, like SIEM does. Utilize the Intelligence of Big Security Data Repositories When Appropriate Big security data repositories or SIEM, as intelligence enablers, offer the advantage of integrating and correlating data across multiple security silos. They can also collect context and enable correlation of security and context. Analyzed security and contextual information becomes knowledge, engendering intelligent (that is, optimal) risk and business decisions, strategic planning, and resource, budget and skill management. It also enables analytics that could be fed into scanners, monitors and policy enforcers to add to the intelligence of the latter. It helps with early breach detection, as well as early detection of targeted attacks and employee misuse of privileges that bypass policy enforcers. SIEM also has challenges. Intelligent actions are based on the analysis, often conducted manually by security personnel, that is conducted not at the real-time moment that the event (such as an attack) occurs. Some analyses are automated and fast enough for SIEM uses cases, but not for real-time protection. SIEM has been expanding its capabilities toward quasi-real-time actions, such Gartner, Inc. G Page 3 of 7

4 as alerts and session blocking. It begins profiling applications and other assets and events for anomaly detection, which can be used to call an API to block a transaction in real time. Architect Policy Enforcers, Monitors and Scanners to Interact and Share Their "Not Big" Security Data Most organizations have already invested (and will keep investing) in firewalls, IPSs, WAFs, DLP and DAP, as well as in network, database and application security scanners. We have demonstrated in this research that policy enforcers, monitors and scanners are intelligent technologies. Many (if not most) scanners, monitors and policy enforcers have their own scaleddown repositories that enable platform-specific analytics. These repositories contain such security data as application security vulnerabilities detected by application scanners, or suspicious IP addresses detected by network firewalls. This data can be and often is analyzed in search of better remediation, detection, or protection patterns and practices. There is an evolving trend of having scanners, monitors and policy enforcers interact with one another and share their accumulated knowledge. One of the fundamental principles of SI is to make different technologies work together (see "Prepare for the Emergence of Enterprise Security Intelligence"). The essence of this principle is straightforward: When several technologies collaborate, they can achieve the following critical advantages: (1) The accuracy of detection and effectiveness of protection rises, because discoveries made by one technology can be confirmed or disproved by another, different technology; and (2) the breadth of coverage is expanding, because several technologies, when they work together, typically cover a broader spectrum of phases and processes than each technology can in isolation. For example, a DAST scanner can share its knowledge with a WAF, making the WAF more accurate in attack prevention. 1 In turn, a WAF monitor can share its knowledge with DAST, making DAST more accurate in its security vulnerability detection (see "Application Security Detection and Protection Must Interact and Share Knowledge"). Today, many policy enforcers are used in monitoring mode due to a fear of their inaccuracy, but their interaction and knowledge sharing with other technologies such as DAST make organizations more willing to turn a WAF from monitoring to enforcing mode because of increased accuracy. A static data masking (SDM) technology can share its knowledge of discovered (scanned) sensitive data with a dynamic data masking (DDM) monitor, thus making the latter more intelligent (for example, more accurate) for real-time data protection (see "Securing Production Data With Dynamic Data Masking"). SAST and DAST scanners share their knowledge to improve the overall accuracy of vulnerability detection. An interactive application security testing (IAST) technology enhances accuracy of vulnerability detection by making static and dynamic components of its technology interact in real time (see "Evolution of Application Security Testing: From Silos to Correlation and Interaction"). This interaction of scanners and monitors does not require big security data repositories like SIEM. Their interaction among themselves is cost-effective and technologically effective, and yields strong detection, prevention and protection capabilities. We believe that the next wave of market consolidation will be fulfilled by policy enforcer or monitor vendors acquiring scanner vendors (and Page 4 of 7 Gartner, Inc. G

5 vice versa) to enable a higher degree of security intelligence through interaction of those technologies. However, big security data repositories offer important analytical capabilities. Their immediate value is apparent when an exploit has taken place and preventive controls have proven ineffective. Repositories can help to identify the combination of events that could lead to an exploit, and help to enable early detection of breaches. Such analysis can help advance the accuracy of detection and prevention systems, and postfactum analytics of big repositories can feed security policy enforcers and scanners with additional knowledge, thus enabling them to act with higher accuracy. This is the area that distinguishes enforcers and scanners from repositories: Security policy enforcers and scanners enable attack protection and prevention, while security data repositories increase the potential to enhance accuracy and breadth of enforcers and scanners. Recommendations: Security leaders seeking to increase their enterprises' SI: Invest in having already owned policy enforcement, monitor and scanning technologies interact with one another. Evolve "not big" platform-specific data repositories collected by monitors, policy enforcers and scanners, and make them share knowledge with one another. When possible or necessary, invest in acquisition and operation of SIEM or any other big security data repositories. Recommended Reading Some documents may not be available as part of your current Gartner subscription. "Prepare for the Emergence of Enterprise Security Intelligence" "Application Security Detection and Protection Must Interact and Share Knowledge" "Evolution of Application Security Testing: From Silos to Correlation and Interaction" "Enterprise Content-Aware DLP Architecture and Operational Practices" "Best Practices for Managing Identity Data and Log Models to Optimize Identity Data Quality" Evidence 1 Sample vendors enabling DAST-to-WAF knowledge sharing: DAST vendor WhiteHat Security offers native integration with F5 and Imperva WAFs, as well as Sourcefire's Snort IPS engine. Other vendors' WAF or IPS can be supported via XML API. Gartner, Inc. G Page 5 of 7

6 DAST vendor Cenzic offers a feature that exposes generic XML-based vulnerability protection information produced by its DAST analysis for Barracuda Networks, Citrix, F5, Imperva and Trustwave WAFs. DAST vendor NT OBJECTives introduced technology that generates rules for WAF and IPS, with-out-of-the-box support for ModSecurity, Sourcefire Snort, Nitro Snort, Imperva and DenyAll. Page 6 of 7 Gartner, Inc. G

7 GARTNER HEADQUARTERS Corporate Headquarters 56 Top Gallant Road Stamford, CT USA Regional Headquarters AUSTRALIA BRAZIL JAPAN UNITED KINGDOM For a complete list of worldwide locations, visit Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner s prior written permission. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines for Gartner Services posted on gartner.com. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner s research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see Guiding Principles on Independence and Objectivity. Gartner, Inc. G Page 7 of 7

Market Guide for Data-Centric Audit and Protection

Market Guide for Data-Centric Audit and Protection G00263059 Market Guide for Data-Centric Audit and Protection Published: 21 November 2014 Analyst(s): Brian Lowans, Earl Perkins Organizations that have not developed data-centric security policies to coordinate

More information

Managing the Risks of Running Windows Server 2003 After July 2015

Managing the Risks of Running Windows Server 2003 After July 2015 G00263054 Managing the Risks of Running Windows Server 2003 After July 2015 Published: 1 April 2014 Analyst(s): Carl Claunch Windows Server 2003 and Windows Server 2003 R2 reach the end of their extended

More information

Understanding Vulnerability Management Life Cycle Functions

Understanding Vulnerability Management Life Cycle Functions Research Publication Date: 24 January 2011 ID Number: G00210104 Understanding Vulnerability Management Life Cycle Functions Mark Nicolett We provide guidance on the elements of an effective vulnerability

More information

This research note is restricted to the personal use of christine_tolman@byu.edu

This research note is restricted to the personal use of christine_tolman@byu.edu Burton IT1 Research G00234483 Identity Management Published: 9 July 2012 Analyst(s): Ian Glazer, Bob Blakley Identity management (IdM) has become a distinct aggregation of functions for the maintenance

More information

Market Guide for Network Sandboxing

Market Guide for Network Sandboxing G00271317 Market Guide for Network Sandboxing Published: 2 March 2015 Analyst(s): Lawrence Orans, Jeremy D'Hoinne Choosing a network sandboxing solution is challenging due to the wide array of options

More information

What's a Digital Marketing Platform? What Isn't?

What's a Digital Marketing Platform? What Isn't? G00252512 What's a Digital Marketing Platform? What Isn't? Published: 26 June 2013 Analyst(s): Jake Sorofman, Andrew Frank, Bill Gassman, Adam Sarner, Mike McGuire The rise of digital marketing has amplified

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Agenda Overview for Emerging Marketing Technology and Trends, 2015

Agenda Overview for Emerging Marketing Technology and Trends, 2015 G00270688 Agenda Overview for Emerging Marketing Technology and Trends, 2015 Published: 18 December 2014 Analyst(s): Andrew Frank The best digital marketers exploit emerging trends and technologies to

More information

Organizations Should Implement Web Application Security Scanning

Organizations Should Implement Web Application Security Scanning Research Publication Date: 21 September 2005 ID Number: G00130869 Organizations Should Implement Web Application Security Scanning Amrit T. Williams, Neil MacDonald Web applications are prone to vulnerabilities

More information

Make Migration From Windows Server 2003 a Priority, Before Support Ends in July 2015

Make Migration From Windows Server 2003 a Priority, Before Support Ends in July 2015 G00263819 Make Migration From Windows Server 2003 a Priority, Before Support Ends in July 2015 Published: 18 June 2014 Analyst(s): Carl Claunch Support for Windows Server 2003 will end in July 2015. Production

More information

IBM Security QRadar Risk Manager

IBM Security QRadar Risk Manager IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to

More information

Selecting a Mobile App Development Vendor

Selecting a Mobile App Development Vendor G00246304 Selecting a Mobile App Development Vendor Published: 27 December 2012 Analyst(s): Ken Parmelee Ensuring that mobile app development vendors meet requirements and are viable requires an understanding

More information

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking

More information

IBM Security QRadar Vulnerability Manager

IBM Security QRadar Vulnerability Manager IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk

More information

Rethinking IT and IT Security Strategies in an Era of Advanced Attacks, Cloud and Consumerization

Rethinking IT and IT Security Strategies in an Era of Advanced Attacks, Cloud and Consumerization Rethinking IT and IT Security Strategies in an Era of Advanced Attacks, Cloud and Consumerization Neil MacDonald VP and Gartner Fellow Gartner Information Security, Privacy and Risk Research Twitter @nmacdona

More information

1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5

1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5 KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski May 2015 is a business-critical application security solution for SAP environments. It provides a context-aware, secure and cloud-ready platform

More information

Establishing a Strategy for Database Security Is No Longer Optional

Establishing a Strategy for Database Security Is No Longer Optional Establishing a Strategy for Database Security Is No Longer Optional Published: 29 November 2011 G00226793 Analyst(s): Jeffrey Wheatman The options for securing increasingly valuable databases are very

More information

IAM can utilize SIEM event data to drive user and role life cycle management and automate remediation of exception conditions.

IAM can utilize SIEM event data to drive user and role life cycle management and automate remediation of exception conditions. Research Publication Date: 1 September 2009 ID Number: G00161012 SIEM and IAM Technology Integration Mark Nicolett, Earl Perkins Integration of identity and access management (IAM) and security information

More information

Responsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users

Responsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users Research Publication Date: 17 October 2006 ID Number: G00144061 Responsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users Amrit T. Williams, John Pescatore, Paul E. Proctor

More information

Organizations Must Employ Effective Data Security Strategies

Organizations Must Employ Effective Data Security Strategies Research Publication Date: 30 August 2005 ID Number: G00123639 Organizations Must Employ Effective Data Security Strategies Rich Mogull Organizations can best protect data through a hierarchical data security

More information

How To Manage Security On A Networked Computer System

How To Manage Security On A Networked Computer System Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Protect the data that drives our customers business. Data Security. Imperva s mission is simple: The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent

More information

Breaking down silos of protection: An integrated approach to managing application security

Breaking down silos of protection: An integrated approach to managing application security IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity

More information

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks Business white paper Missioncritical defense Creating a coordinated response to application security attacks Table of contents 3 Your business is under persistent attack 4 Respond to those attacks seamlessly

More information

Q1 Labs Corporate Overview

Q1 Labs Corporate Overview Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,

More information

Future of Money: Digital Payment Advisors Will Transform the Payment Landscape

Future of Money: Digital Payment Advisors Will Transform the Payment Landscape G00248422 Future of Money: Digital Payment Advisors Will Transform the Payment Landscape Published: 11 April 2013 Analyst(s): Alistair Newton DPAs are applications on a customer's mobile device that recommend

More information

Security and Identity Management Auditing Converge

Security and Identity Management Auditing Converge Research Publication Date: 12 July 2005 ID Number: G00129279 Security and Identity Management Auditing Converge Earl L. Perkins, Mark Nicolett, Ant Allan, Jay Heiser, Neil MacDonald, Amrit T. Williams,

More information

The Edge Manifesto: Digital Business, Rich Media, Latency Sensitivity and the Use of Distributed Data Centers

The Edge Manifesto: Digital Business, Rich Media, Latency Sensitivity and the Use of Distributed Data Centers G00290109 The Edge Manifesto: Digital Business, Rich Media, Latency Sensitivity and the Use of Distributed Data Centers Published: 31 July 2015 Analyst(s): Bob Gill The edge manifesto calls for the placement

More information

FIVE PRACTICAL STEPS

FIVE PRACTICAL STEPS WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND

More information

Agenda Overview for Social Marketing, 2015

Agenda Overview for Social Marketing, 2015 G00270737 Agenda Overview for Social Marketing, 2015 Published: 19 December 2014 Analyst(s): Julie Hopkins Social marketing programs are maturing; executives increasingly expect ROI to follow social marketing

More information

Extreme Networks Security Analytics G2 Vulnerability Manager

Extreme Networks Security Analytics G2 Vulnerability Manager DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering

More information

How to Develop an Effective Vulnerability Management Process

How to Develop an Effective Vulnerability Management Process Research Publication Date: 1 March 2005 ID Number: G00124126 How to Develop an Effective Vulnerability Management Process Mark Nicolett IT organizations should develop vulnerability management processes

More information

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure

More information

Agenda Overview for Marketing Management, 2015

Agenda Overview for Marketing Management, 2015 G00270720 Agenda Overview for Marketing Management, 2015 Published: 18 December 2014 Analyst(s): Richard Fouts Increased participation in strategic business decisions and an evolving organization put new

More information

The Outlook for IT. 2014 to 2017. Michael Smith VP Distinguished Analyst January 31, 2014

The Outlook for IT. 2014 to 2017. Michael Smith VP Distinguished Analyst January 31, 2014 The Outlook for IT Michael Smith VP Distinguished Analyst January 31, 2014 2014 to 2017 Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed

More information

Getting Started with Web Application Security

Getting Started with Web Application Security Written by Gregory Leonard February 2016 Sponsored by Veracode 2016 SANS Institute Since as far back as 2005, 1 web applications have been attackers predominant target for the rich data that can be pulled

More information

IBM Security QRadar Risk Manager

IBM Security QRadar Risk Manager IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns

More information

Key Issues for Data Management and Integration, 2006

Key Issues for Data Management and Integration, 2006 Research Publication Date: 30 March 2006 ID Number: G00138812 Key Issues for Data Management and Integration, 2006 Ted Friedman The effective management and leverage of data represent the greatest opportunity

More information

Top 10 Technology Trends, 2013: Cloud Computing and Hybrid IT Drive Future IT Models

Top 10 Technology Trends, 2013: Cloud Computing and Hybrid IT Drive Future IT Models G00237716 Top 10 Technology Trends, 2013: Cloud Computing and Hybrid IT Drive Future IT Models Published: 6 February 2013 Analyst(s): David W. Cearley, Donna Scott, Joe Skorupa, Thomas J. Bittman Cloud

More information

How To Manage A Privileged Account Management

How To Manage A Privileged Account Management Four Best Practices for Passing Privileged Account Audits October 2014 1 Table of Contents... 4 1. Discover All Privileged Accounts in Your Environment... 4 2. Remove Privileged Access / Implement Least

More information

SIEM and IAM Technology Integration

SIEM and IAM Technology Integration SIEM and IAM Technology Integration Gartner RAS Core Research Note G00161012, Mark Nicolett, Earl Perkins, 1 September 2009, RA3 09302010 Integration of identity and access management (IAM) and security

More information

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats

More information

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing

More information

Now Is the Time for Security at the Application Level

Now Is the Time for Security at the Application Level Research Publication Date: 1 December 2005 ID Number: G00127407 Now Is the Time for Security at the Application Level Theresa Lanowitz Applications must be available, useful, reliable, scalable and, now

More information

Fortify. Securing Your Entire Software Portfolio

Fortify. Securing Your Entire Software Portfolio Fortify 360 Securing Your Entire Software Portfolio Fortify Fortify s holistic approach to application security truly safeguards our enterprise against today s ever-changing security threats. Craig Schumard,

More information

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security

More information

IBM Security Intelligence Strategy

IBM Security Intelligence Strategy IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational

More information

A Strategic Approach to Web Application Security The importance of a secure software development lifecycle

A Strategic Approach to Web Application Security The importance of a secure software development lifecycle A Strategic Approach to Web Application Security The importance of a secure software development lifecycle Rachna Goel Technical Lead Enterprise Technology Web application security is clearly the new frontier

More information

What is Security Intelligence?

What is Security Intelligence? 2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the

More information

IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING

IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY How runtime application security monitoring helps enterprises make smarter decisions on remediation 2 ABSTRACT Enterprises today

More information

Worldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares

Worldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares EXCERPT Worldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares IN THIS EXCERPT Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015

More information

2012 North American Managed Security Service Providers Growth Leadership Award

2012 North American Managed Security Service Providers Growth Leadership Award 2011 South African Data Centre Green Excellence Award in Technology Innovation Cybernest 2012 2012 North American Managed Security Service Providers Growth Leadership Award 2011 Frost & Sullivan 1 We Accelerate

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

The SIEM Evaluator s Guide

The SIEM Evaluator s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,

More information

X.509 Certificate Management: Avoiding Downtime and Brand Damage

X.509 Certificate Management: Avoiding Downtime and Brand Damage G00226426 X.509 Certificate Management: Avoiding Downtime and Brand Damage Published: 4 November 2011 Analyst(s): Eric Ouellet, Vic Wheatman Organizations are often not aware of the scope or the validity

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

Use a TCO Model to Estimate the Costs of Your Data Center

Use a TCO Model to Estimate the Costs of Your Data Center G00233221 Use a TCO Model to Estimate the Costs of Your Data Center Published: 26 June 2012 Analyst(s): David J. Cappuccio The cost to own and run a data center is significantly higher than many IT managers

More information

Agenda Overview for Digital Commerce, 2015

Agenda Overview for Digital Commerce, 2015 G00270685 Agenda Overview for Digital Commerce, 2015 Published: 18 December 2014 Analyst(s): Jennifer Polk Marketing is making a greater impact on, and taking more responsibility for, digital commerce.

More information

Selection Requirements for Business Activity Monitoring Tools

Selection Requirements for Business Activity Monitoring Tools Research Publication Date: 13 May 2005 ID Number: G00126563 Selection Requirements for Business Activity Monitoring Tools Bill Gassman When evaluating business activity monitoring product alternatives,

More information

Boosting enterprise security with integrated log management

Boosting enterprise security with integrated log management IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise

More information

Highlights of the 2015 CEO Survey: Business Leaders Are Betting on Tech

Highlights of the 2015 CEO Survey: Business Leaders Are Betting on Tech G00274032 Highlights of the 2015 CEO Survey: Business Leaders Are Betting on Tech Published: 10 April 2015 Analyst(s): Mark Raskino Gartner's annual survey reveals CEOs' heightened interest in tech-related

More information

Knowledge Management and Enterprise Information Management Are Both Disciplines for Exploiting Information Assets

Knowledge Management and Enterprise Information Management Are Both Disciplines for Exploiting Information Assets Research Publication Date: 31 July 2009 ID Number: G00169664 Knowledge Management and Enterprise Information Management Are Both Disciplines for Exploiting Information Assets Regina Casonato This research

More information

Key Issues for Business Intelligence and Performance Management Initiatives, 2008

Key Issues for Business Intelligence and Performance Management Initiatives, 2008 Research Publication Date: 14 March 2008 ID Number: G00156014 Key Issues for Business Intelligence and Performance Management Initiatives, 2008 Kurt Schlegel The Business Intelligence and Performance Management

More information

The Sophos Security Heartbeat:

The Sophos Security Heartbeat: The Sophos Security Heartbeat: Enabling Synchronized Security Today organizations deploy multiple layers of security to provide what they perceive as best protection ; a defense-in-depth approach that

More information

Requirements When Considering a Next- Generation Firewall

Requirements When Considering a Next- Generation Firewall White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration

More information

Solution Path: Threats and Vulnerabilities

Solution Path: Threats and Vulnerabilities Solution Path: Threats and Vulnerabilities Published: 24 January 2012 Burton IT1 Research G00226331 Analyst(s): Dan Blum This solution path helps Gartner clients develop a strategy and program for managing

More information

Complete Database Security. Thomas Kyte http://asktom.oracle.com/

Complete Database Security. Thomas Kyte http://asktom.oracle.com/ Complete Database Security Thomas Kyte http://asktom.oracle.com/ Agenda Enterprise Data Security Challenges Database Security Strategy Oracle Database Security Solutions Defense-in-Depth Q&A 2 Copyright

More information

Real-time hybrid analysis:

Real-time hybrid analysis: Real-time hybrid : Find more, fix faster Technology white paper Brian Chess, Ph.D., Distinguished Technologist, HP Founder and Chief Scientist, HP Fortify Summary Real-time hybrid marks a substantial evolution

More information

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Effective Threat Management. Building a complete lifecycle to manage enterprise threats. Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive

More information

The Business Case for Security Information Management

The Business Case for Security Information Management The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un

More information

Why CEOs Want A Digital Strategy This Year

Why CEOs Want A Digital Strategy This Year G00247313 CEO and Senior Executive Survey 2013: Why CEOs Will Want a Digital Strategy This Year Published: 25 March 2013 Analyst(s): Ken McGee Gartner's CEO and senior business executive survey indicates

More information

Best Practices for Confirming Software Inventories in Software Asset Management

Best Practices for Confirming Software Inventories in Software Asset Management Research Publication Date: 24 August 2009 ID Number: G00167067 Best Practices for Confirming Software Inventories in Software Asset Management Peter Wesche, Jane B. Disbrow This research discusses the

More information

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Seven Things To Consider When Evaluating Privileged Account Security Solutions Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?

More information

Smarter Security for Smarter Local Government. Craig Sargent, Solutions Specialist

Smarter Security for Smarter Local Government. Craig Sargent, Solutions Specialist Smarter Security for Smarter Local Government Craig Sargent, Solutions Specialist SUMMARY 1 Trustwave and SpiderLabs 2 Penetration Testing 3 Web Application Firewall (WAF) 4 Security Information & Event

More information

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning Niara Security Analytics Automatically detect attacks on the inside using machine learning Automatically detect attacks on the inside Supercharge analysts capabilities Enhance existing security investments

More information

Agenda Overview for Multichannel Marketing, 2015

Agenda Overview for Multichannel Marketing, 2015 G00271717 Agenda Overview for Multichannel Marketing, 2015 Published: 19 December 2014 Analyst(s): Adam Sarner, Jennifer S. Beck Multichannel marketing is where content and context meet and where brand

More information

CyberArk Privileged Threat Analytics. Solution Brief

CyberArk Privileged Threat Analytics. Solution Brief CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect

More information

How To Manage Log Management

How To Manage Log Management : Leveraging the Best in Database Security, Security Event Management and Change Management to Achieve Transparency LogLogic, Inc 110 Rose Orchard Way, Ste. 200 San Jose, CA 95134 United States US Toll

More information

Securing ephi with Effective Database Activity Monitoring. HIMSS Webcast 4/26/2011. p. 1

Securing ephi with Effective Database Activity Monitoring. HIMSS Webcast 4/26/2011. p. 1 Securing ephi with Effective Database Activity Monitoring HIMSS Webcast 4/26/2011 p. 1 Agenda Agenda Database Security Primer Industry Trends What Works Integrated DB Security Product Demonstration Questions

More information

Real-Time Security Intelligence for Greater Visibility and Information-Asset Protection

Real-Time Security Intelligence for Greater Visibility and Information-Asset Protection Real-Time Security Intelligence for Greater Visibility and Information-Asset Protection Take the Effort Out of Log Management and Gain the Actionable Information You Need to Improve Your Organisation s

More information

Risk-based solutions for managing application security

Risk-based solutions for managing application security IBM Software Thought Leadership White Paper September 2013 Risk-based solutions for managing application security Protect the enterprise from the growing volume and velocity of threats with integrated

More information

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula? Datasheet: Website Security End-to-End Application Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-ofbreed

More information

Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium

Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium Organizations need an end-to-end web application and database security solution to protect data, customers, and their businesses.

More information

NEXT GENERATION APPLICATION SECURITY

NEXT GENERATION APPLICATION SECURITY NEXT GENERATION APPLICATION SECURITY EN A BOOMING MARKET Application security market at a turning point. Jacques Sebag, CEO 99% of web applications are vulnerable 1 13 breaches per application on average

More information

Mobile Marketing Primer for 2016

Mobile Marketing Primer for 2016 Gartner for Marketers Mobile Marketing Primer for 2016 Adam Sarner Research Vice President Mike McGuire Research Vice President Charles S. Golvin Research Director G00293091 Mobile Marketing Primer for

More information

How To Create An Insight Analysis For Cyber Security

How To Create An Insight Analysis For Cyber Security IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics

More information

The New PCI Requirement: Application Firewall vs. Code Review

The New PCI Requirement: Application Firewall vs. Code Review The New PCI Requirement: Application Firewall vs. Code Review The Imperva SecureSphere Web Application Firewall meets the new PCI requirement for an application layer firewall. With the highest security

More information

Survey Analysis: Adoption of Cloud ERP, 2013 Through 2023

Survey Analysis: Adoption of Cloud ERP, 2013 Through 2023 G00261104 Survey Analysis: Adoption of Cloud ERP, 2013 Through 2023 Published: 24 January 2014 Analyst(s): Nigel Rayner This Gartner Research Circle survey conducted in September 2013 shows that some organizations

More information

The Web AppSec How-to: The Defenders Toolbox

The Web AppSec How-to: The Defenders Toolbox The Web AppSec How-to: The Defenders Toolbox Web application security has made headline news in the past few years. Incidents such as the targeting of specific sites as a channel to distribute malware

More information

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber

More information

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com blog.coresecurity.com Preempting

More information

PCI Requirements Coverage Summary Table

PCI Requirements Coverage Summary Table StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2

More information

The Value of Integrating Configuration Management Databases With Enterprise Architecture Tools

The Value of Integrating Configuration Management Databases With Enterprise Architecture Tools Research Publication Date: 13 January 2011 ID Number: G00210132 The Value of Integrating Configuration Management Databases With Enterprise Architecture Tools Ronni J. Colville, Patricia Adams As configuration

More information

The Five Competencies of MRM 'Re-' Defined

The Five Competencies of MRM 'Re-' Defined Research Publication Date: 14 March 2008 ID Number: G00155835 The Five Competencies of MRM 'Re-' Defined Kimberly Collins This research details the five key competencies of marketing resource management

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa.

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa. Global Partner Management Notice Subject: Visa Data Security Alert Malicious Software and Internet Protocol Addresses Dated: April 10, 2009 Announcement: The protection of account information is a responsibility

More information