Realize That Big Security Data Is Not Big Security Nor Big Intelligence
|
|
- Barnaby Taylor
- 8 years ago
- Views:
Transcription
1 G Realize That Big Security Data Is Not Big Security Nor Big Intelligence Published: 19 April 2013 Analyst(s): Joseph Feiman Security intelligence's ultimate objective, enterprise protection, is mainly fulfilled by security policy enforcement and scanner technologies, not by big security data repositories. Security leaders should prioritize their security strategies and investments based on that fact. Key Challenges Security repositories, even filled with "big" amounts of security data, inherently possess a fundamental weakness: They cannot protect enterprise assets. Enterprises often mistakenly equate "big" amounts of security data (such as SIEM) with security intelligence. Enterprises often mistakenly believe that only big security data repositories are intelligent, while policy enforcers and scanners are not. Recommendations Prioritize investments in policy enforcers and scanners, because they often yield better returns than big security repositories. Invest in having policy enforcement and scanning technologies interact and share their platform-specific intelligence directly. Architect big security data repositories to support security intelligence protection and detection capabilities fulfilled by policy enforcers and scanners. Strategic Planning Assumption Through 2016, 80% of organizations will fail to make big security data useful. Introduction There are two fundamental flaws in the common assumptions about security intelligence (SI):
2 1. SI is analogous to business intelligence (BI). 2. "Big" collection of security data for example, security information and event management (SIEM) is SI or a mandatory component of SI, and is the key to enterprise security. In this research, we will challenge both assumptions. There is an unfortunate tendency to draw a direct analogy between BI and SI. Yet, there is a fundamental difference between them: BI enables business analytics and advice, while SI must above all enable enterprise asset protection: blocking attacks, filtering malicious input, raising real-time alerts and detecting vulnerabilities with high precision. Policy enforcement is the class of technologies that fulfills the main security objective protection. These technologies include network firewalls, intrusion prevention systems (IPSs), Web application firewalls (WAFs), database audit and protection (DAP), data loss prevention (DLP) and authorization management systems. There is another class of security technologies that plays a critical role: security scanners, such as application, network and database vulnerability scanners. These technologies conduct security analysis, offer remediation advice and can provide input directly to the policy enforcement technologies (such as WAF or IPS) in order to increase efficiency of the latter. Repositories stoked with security data such as SIEM are unable to achieve the ultimate security objective, which is protection of assets. Therefore, they are not SI. They can be part of SI architecture, but they are not the incarnation of SI. Postfactum analytics (typically fulfilled by SIEM and other big security data repositories) is an important component of SI, but its role is to support SI protection and detection capabilities by making them more accurate, cross-siloed and multilayered. It helps to create a unified view of security events across the enterprise, which enables rapid detection of targeted attacks that bypass protection technologies. We argue that the key to security resides in the interaction of numerous detection and protection technologies: network and application firewalls; intrusion prevention systems; authentication managers; database monitors; and application, data and network security scanners of all kinds. They are intelligent technologies capable of detection, analysis and unlike repositories protection against attacks (such as termination or blocking of malicious sessions), rather than just notification after the fact which is the essence of repositories. When practical, they should feed their input into big security data repositories and get back the results of analysis conducted on this big security data. Policy enforcers, monitors and scanners on the one hand and big security data repositories on the other are intelligent, but their intelligence is achieved and expressed differently. Both types of intelligence have their advantages and weaknesses, and should be utilized differently. Policy enforcers and scanners have built-in intelligence, enabling them to act fast, detect vulnerabilities, raise alerts and deter attacks in real time. Big security data repositories have to learn their intelligence: They collect and normalize data, correlate it with contextual data, and then conduct contextual analysis. This enables them to conduct cross-siloed analysis, but does not allow for real-time detection and protection. Page 2 of 7 Gartner, Inc. G
3 Analysis Understand the Intelligence of Policy Enforcers, Monitors and Scanners Policy enforcers, monitors and scanners do not need to transform security and context data into information, and information into knowledge but such transformations have been preliminarily done, because scanners and policy enforcers have direct access to a built-in knowledge repository and can conduct their detection and protection capabilities intelligently at their runtime. For example, an application security testing technology such as static application security testing (SAST) uses knowledge of hundreds of security programming best practices to check the tested application's code for compliance with these practices, which results in the intelligent detection of a potential vulnerability in the code. Technologies such as dynamic application security testing (DAST) use knowledge of hundreds of attack scenarios to verify whether or not these attacks can harm an application. Technologies such as WAF use their knowledge of attack patterns to see whether these patterns are present in the data stream approaching an application, and therefore can intelligently react to a detected attack (for example, ring an alarm or block the session). Direct access to the knowledge repository enables detection actions, followed by reporting and recommendation on how to remediate and protect after the fact of detection. These enabled actions are mostly automated real-time protection actions and real-time responses to threats (for example, dynamic masking of sensitive data, or blocking SQL injection sessions). One challenge that policy enforcers, monitors and scanners face is that their knowledge repositories are usually siloed (for example, they contain knowledge of only data security, application security or network security), so they have an incomplete view of the attack and defense surface. Another challenge is that enforcers, scanners and monitors often produce only reports of their discoveries and actions, instead of, or in addition to, storing their results in some repository for postfactum analysis that might serve in the enterprise's risk management and resource and budget planning. We recommend having these results stored and shared among various enforcers, monitors and scanners in other words, cross-siloing them, like SIEM does. Utilize the Intelligence of Big Security Data Repositories When Appropriate Big security data repositories or SIEM, as intelligence enablers, offer the advantage of integrating and correlating data across multiple security silos. They can also collect context and enable correlation of security and context. Analyzed security and contextual information becomes knowledge, engendering intelligent (that is, optimal) risk and business decisions, strategic planning, and resource, budget and skill management. It also enables analytics that could be fed into scanners, monitors and policy enforcers to add to the intelligence of the latter. It helps with early breach detection, as well as early detection of targeted attacks and employee misuse of privileges that bypass policy enforcers. SIEM also has challenges. Intelligent actions are based on the analysis, often conducted manually by security personnel, that is conducted not at the real-time moment that the event (such as an attack) occurs. Some analyses are automated and fast enough for SIEM uses cases, but not for real-time protection. SIEM has been expanding its capabilities toward quasi-real-time actions, such Gartner, Inc. G Page 3 of 7
4 as alerts and session blocking. It begins profiling applications and other assets and events for anomaly detection, which can be used to call an API to block a transaction in real time. Architect Policy Enforcers, Monitors and Scanners to Interact and Share Their "Not Big" Security Data Most organizations have already invested (and will keep investing) in firewalls, IPSs, WAFs, DLP and DAP, as well as in network, database and application security scanners. We have demonstrated in this research that policy enforcers, monitors and scanners are intelligent technologies. Many (if not most) scanners, monitors and policy enforcers have their own scaleddown repositories that enable platform-specific analytics. These repositories contain such security data as application security vulnerabilities detected by application scanners, or suspicious IP addresses detected by network firewalls. This data can be and often is analyzed in search of better remediation, detection, or protection patterns and practices. There is an evolving trend of having scanners, monitors and policy enforcers interact with one another and share their accumulated knowledge. One of the fundamental principles of SI is to make different technologies work together (see "Prepare for the Emergence of Enterprise Security Intelligence"). The essence of this principle is straightforward: When several technologies collaborate, they can achieve the following critical advantages: (1) The accuracy of detection and effectiveness of protection rises, because discoveries made by one technology can be confirmed or disproved by another, different technology; and (2) the breadth of coverage is expanding, because several technologies, when they work together, typically cover a broader spectrum of phases and processes than each technology can in isolation. For example, a DAST scanner can share its knowledge with a WAF, making the WAF more accurate in attack prevention. 1 In turn, a WAF monitor can share its knowledge with DAST, making DAST more accurate in its security vulnerability detection (see "Application Security Detection and Protection Must Interact and Share Knowledge"). Today, many policy enforcers are used in monitoring mode due to a fear of their inaccuracy, but their interaction and knowledge sharing with other technologies such as DAST make organizations more willing to turn a WAF from monitoring to enforcing mode because of increased accuracy. A static data masking (SDM) technology can share its knowledge of discovered (scanned) sensitive data with a dynamic data masking (DDM) monitor, thus making the latter more intelligent (for example, more accurate) for real-time data protection (see "Securing Production Data With Dynamic Data Masking"). SAST and DAST scanners share their knowledge to improve the overall accuracy of vulnerability detection. An interactive application security testing (IAST) technology enhances accuracy of vulnerability detection by making static and dynamic components of its technology interact in real time (see "Evolution of Application Security Testing: From Silos to Correlation and Interaction"). This interaction of scanners and monitors does not require big security data repositories like SIEM. Their interaction among themselves is cost-effective and technologically effective, and yields strong detection, prevention and protection capabilities. We believe that the next wave of market consolidation will be fulfilled by policy enforcer or monitor vendors acquiring scanner vendors (and Page 4 of 7 Gartner, Inc. G
5 vice versa) to enable a higher degree of security intelligence through interaction of those technologies. However, big security data repositories offer important analytical capabilities. Their immediate value is apparent when an exploit has taken place and preventive controls have proven ineffective. Repositories can help to identify the combination of events that could lead to an exploit, and help to enable early detection of breaches. Such analysis can help advance the accuracy of detection and prevention systems, and postfactum analytics of big repositories can feed security policy enforcers and scanners with additional knowledge, thus enabling them to act with higher accuracy. This is the area that distinguishes enforcers and scanners from repositories: Security policy enforcers and scanners enable attack protection and prevention, while security data repositories increase the potential to enhance accuracy and breadth of enforcers and scanners. Recommendations: Security leaders seeking to increase their enterprises' SI: Invest in having already owned policy enforcement, monitor and scanning technologies interact with one another. Evolve "not big" platform-specific data repositories collected by monitors, policy enforcers and scanners, and make them share knowledge with one another. When possible or necessary, invest in acquisition and operation of SIEM or any other big security data repositories. Recommended Reading Some documents may not be available as part of your current Gartner subscription. "Prepare for the Emergence of Enterprise Security Intelligence" "Application Security Detection and Protection Must Interact and Share Knowledge" "Evolution of Application Security Testing: From Silos to Correlation and Interaction" "Enterprise Content-Aware DLP Architecture and Operational Practices" "Best Practices for Managing Identity Data and Log Models to Optimize Identity Data Quality" Evidence 1 Sample vendors enabling DAST-to-WAF knowledge sharing: DAST vendor WhiteHat Security offers native integration with F5 and Imperva WAFs, as well as Sourcefire's Snort IPS engine. Other vendors' WAF or IPS can be supported via XML API. Gartner, Inc. G Page 5 of 7
6 DAST vendor Cenzic offers a feature that exposes generic XML-based vulnerability protection information produced by its DAST analysis for Barracuda Networks, Citrix, F5, Imperva and Trustwave WAFs. DAST vendor NT OBJECTives introduced technology that generates rules for WAF and IPS, with-out-of-the-box support for ModSecurity, Sourcefire Snort, Nitro Snort, Imperva and DenyAll. Page 6 of 7 Gartner, Inc. G
7 GARTNER HEADQUARTERS Corporate Headquarters 56 Top Gallant Road Stamford, CT USA Regional Headquarters AUSTRALIA BRAZIL JAPAN UNITED KINGDOM For a complete list of worldwide locations, visit Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner s prior written permission. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines for Gartner Services posted on gartner.com. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner s research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see Guiding Principles on Independence and Objectivity. Gartner, Inc. G Page 7 of 7
Market Guide for Data-Centric Audit and Protection
G00263059 Market Guide for Data-Centric Audit and Protection Published: 21 November 2014 Analyst(s): Brian Lowans, Earl Perkins Organizations that have not developed data-centric security policies to coordinate
More informationManaging the Risks of Running Windows Server 2003 After July 2015
G00263054 Managing the Risks of Running Windows Server 2003 After July 2015 Published: 1 April 2014 Analyst(s): Carl Claunch Windows Server 2003 and Windows Server 2003 R2 reach the end of their extended
More informationUnderstanding Vulnerability Management Life Cycle Functions
Research Publication Date: 24 January 2011 ID Number: G00210104 Understanding Vulnerability Management Life Cycle Functions Mark Nicolett We provide guidance on the elements of an effective vulnerability
More informationThis research note is restricted to the personal use of christine_tolman@byu.edu
Burton IT1 Research G00234483 Identity Management Published: 9 July 2012 Analyst(s): Ian Glazer, Bob Blakley Identity management (IdM) has become a distinct aggregation of functions for the maintenance
More informationMarket Guide for Network Sandboxing
G00271317 Market Guide for Network Sandboxing Published: 2 March 2015 Analyst(s): Lawrence Orans, Jeremy D'Hoinne Choosing a network sandboxing solution is challenging due to the wide array of options
More informationWhat's a Digital Marketing Platform? What Isn't?
G00252512 What's a Digital Marketing Platform? What Isn't? Published: 26 June 2013 Analyst(s): Jake Sorofman, Andrew Frank, Bill Gassman, Adam Sarner, Mike McGuire The rise of digital marketing has amplified
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationAgenda Overview for Emerging Marketing Technology and Trends, 2015
G00270688 Agenda Overview for Emerging Marketing Technology and Trends, 2015 Published: 18 December 2014 Analyst(s): Andrew Frank The best digital marketers exploit emerging trends and technologies to
More informationOrganizations Should Implement Web Application Security Scanning
Research Publication Date: 21 September 2005 ID Number: G00130869 Organizations Should Implement Web Application Security Scanning Amrit T. Williams, Neil MacDonald Web applications are prone to vulnerabilities
More informationMake Migration From Windows Server 2003 a Priority, Before Support Ends in July 2015
G00263819 Make Migration From Windows Server 2003 a Priority, Before Support Ends in July 2015 Published: 18 June 2014 Analyst(s): Carl Claunch Support for Windows Server 2003 will end in July 2015. Production
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to
More informationSelecting a Mobile App Development Vendor
G00246304 Selecting a Mobile App Development Vendor Published: 27 December 2012 Analyst(s): Ken Parmelee Ensuring that mobile app development vendors meet requirements and are viable requires an understanding
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationRethinking IT and IT Security Strategies in an Era of Advanced Attacks, Cloud and Consumerization
Rethinking IT and IT Security Strategies in an Era of Advanced Attacks, Cloud and Consumerization Neil MacDonald VP and Gartner Fellow Gartner Information Security, Privacy and Risk Research Twitter @nmacdona
More information1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5
KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski May 2015 is a business-critical application security solution for SAP environments. It provides a context-aware, secure and cloud-ready platform
More informationEstablishing a Strategy for Database Security Is No Longer Optional
Establishing a Strategy for Database Security Is No Longer Optional Published: 29 November 2011 G00226793 Analyst(s): Jeffrey Wheatman The options for securing increasingly valuable databases are very
More informationIAM can utilize SIEM event data to drive user and role life cycle management and automate remediation of exception conditions.
Research Publication Date: 1 September 2009 ID Number: G00161012 SIEM and IAM Technology Integration Mark Nicolett, Earl Perkins Integration of identity and access management (IAM) and security information
More informationResponsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users
Research Publication Date: 17 October 2006 ID Number: G00144061 Responsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users Amrit T. Williams, John Pescatore, Paul E. Proctor
More informationOrganizations Must Employ Effective Data Security Strategies
Research Publication Date: 30 August 2005 ID Number: G00123639 Organizations Must Employ Effective Data Security Strategies Rich Mogull Organizations can best protect data through a hierarchical data security
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationBreaking down silos of protection: An integrated approach to managing application security
IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity
More informationBusiness white paper. Missioncritical. defense. Creating a coordinated response to application security attacks
Business white paper Missioncritical defense Creating a coordinated response to application security attacks Table of contents 3 Your business is under persistent attack 4 Respond to those attacks seamlessly
More informationQ1 Labs Corporate Overview
Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,
More informationFuture of Money: Digital Payment Advisors Will Transform the Payment Landscape
G00248422 Future of Money: Digital Payment Advisors Will Transform the Payment Landscape Published: 11 April 2013 Analyst(s): Alistair Newton DPAs are applications on a customer's mobile device that recommend
More informationSecurity and Identity Management Auditing Converge
Research Publication Date: 12 July 2005 ID Number: G00129279 Security and Identity Management Auditing Converge Earl L. Perkins, Mark Nicolett, Ant Allan, Jay Heiser, Neil MacDonald, Amrit T. Williams,
More informationThe Edge Manifesto: Digital Business, Rich Media, Latency Sensitivity and the Use of Distributed Data Centers
G00290109 The Edge Manifesto: Digital Business, Rich Media, Latency Sensitivity and the Use of Distributed Data Centers Published: 31 July 2015 Analyst(s): Bob Gill The edge manifesto calls for the placement
More informationFIVE PRACTICAL STEPS
WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND
More informationAgenda Overview for Social Marketing, 2015
G00270737 Agenda Overview for Social Marketing, 2015 Published: 19 December 2014 Analyst(s): Julie Hopkins Social marketing programs are maturing; executives increasingly expect ROI to follow social marketing
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationHow to Develop an Effective Vulnerability Management Process
Research Publication Date: 1 March 2005 ID Number: G00124126 How to Develop an Effective Vulnerability Management Process Mark Nicolett IT organizations should develop vulnerability management processes
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationAgenda Overview for Marketing Management, 2015
G00270720 Agenda Overview for Marketing Management, 2015 Published: 18 December 2014 Analyst(s): Richard Fouts Increased participation in strategic business decisions and an evolving organization put new
More informationThe Outlook for IT. 2014 to 2017. Michael Smith VP Distinguished Analyst January 31, 2014
The Outlook for IT Michael Smith VP Distinguished Analyst January 31, 2014 2014 to 2017 Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed
More informationGetting Started with Web Application Security
Written by Gregory Leonard February 2016 Sponsored by Veracode 2016 SANS Institute Since as far back as 2005, 1 web applications have been attackers predominant target for the rich data that can be pulled
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns
More informationKey Issues for Data Management and Integration, 2006
Research Publication Date: 30 March 2006 ID Number: G00138812 Key Issues for Data Management and Integration, 2006 Ted Friedman The effective management and leverage of data represent the greatest opportunity
More informationTop 10 Technology Trends, 2013: Cloud Computing and Hybrid IT Drive Future IT Models
G00237716 Top 10 Technology Trends, 2013: Cloud Computing and Hybrid IT Drive Future IT Models Published: 6 February 2013 Analyst(s): David W. Cearley, Donna Scott, Joe Skorupa, Thomas J. Bittman Cloud
More informationHow To Manage A Privileged Account Management
Four Best Practices for Passing Privileged Account Audits October 2014 1 Table of Contents... 4 1. Discover All Privileged Accounts in Your Environment... 4 2. Remove Privileged Access / Implement Least
More informationSIEM and IAM Technology Integration
SIEM and IAM Technology Integration Gartner RAS Core Research Note G00161012, Mark Nicolett, Earl Perkins, 1 September 2009, RA3 09302010 Integration of identity and access management (IAM) and security
More informationEffective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention
Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats
More informationTake the Red Pill: Becoming One with Your Computing Environment using Security Intelligence
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing
More informationNow Is the Time for Security at the Application Level
Research Publication Date: 1 December 2005 ID Number: G00127407 Now Is the Time for Security at the Application Level Theresa Lanowitz Applications must be available, useful, reliable, scalable and, now
More informationFortify. Securing Your Entire Software Portfolio
Fortify 360 Securing Your Entire Software Portfolio Fortify Fortify s holistic approach to application security truly safeguards our enterprise against today s ever-changing security threats. Craig Schumard,
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationIBM Security Intelligence Strategy
IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational
More informationA Strategic Approach to Web Application Security The importance of a secure software development lifecycle
A Strategic Approach to Web Application Security The importance of a secure software development lifecycle Rachna Goel Technical Lead Enterprise Technology Web application security is clearly the new frontier
More informationWhat is Security Intelligence?
2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the
More informationIMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING
IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY How runtime application security monitoring helps enterprises make smarter decisions on remediation 2 ABSTRACT Enterprises today
More informationWorldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares
EXCERPT Worldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares IN THIS EXCERPT Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015
More information2012 North American Managed Security Service Providers Growth Leadership Award
2011 South African Data Centre Green Excellence Award in Technology Innovation Cybernest 2012 2012 North American Managed Security Service Providers Growth Leadership Award 2011 Frost & Sullivan 1 We Accelerate
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationX.509 Certificate Management: Avoiding Downtime and Brand Damage
G00226426 X.509 Certificate Management: Avoiding Downtime and Brand Damage Published: 4 November 2011 Analyst(s): Eric Ouellet, Vic Wheatman Organizations are often not aware of the scope or the validity
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationUse a TCO Model to Estimate the Costs of Your Data Center
G00233221 Use a TCO Model to Estimate the Costs of Your Data Center Published: 26 June 2012 Analyst(s): David J. Cappuccio The cost to own and run a data center is significantly higher than many IT managers
More informationAgenda Overview for Digital Commerce, 2015
G00270685 Agenda Overview for Digital Commerce, 2015 Published: 18 December 2014 Analyst(s): Jennifer Polk Marketing is making a greater impact on, and taking more responsibility for, digital commerce.
More informationSelection Requirements for Business Activity Monitoring Tools
Research Publication Date: 13 May 2005 ID Number: G00126563 Selection Requirements for Business Activity Monitoring Tools Bill Gassman When evaluating business activity monitoring product alternatives,
More informationBoosting enterprise security with integrated log management
IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise
More informationHighlights of the 2015 CEO Survey: Business Leaders Are Betting on Tech
G00274032 Highlights of the 2015 CEO Survey: Business Leaders Are Betting on Tech Published: 10 April 2015 Analyst(s): Mark Raskino Gartner's annual survey reveals CEOs' heightened interest in tech-related
More informationKnowledge Management and Enterprise Information Management Are Both Disciplines for Exploiting Information Assets
Research Publication Date: 31 July 2009 ID Number: G00169664 Knowledge Management and Enterprise Information Management Are Both Disciplines for Exploiting Information Assets Regina Casonato This research
More informationKey Issues for Business Intelligence and Performance Management Initiatives, 2008
Research Publication Date: 14 March 2008 ID Number: G00156014 Key Issues for Business Intelligence and Performance Management Initiatives, 2008 Kurt Schlegel The Business Intelligence and Performance Management
More informationThe Sophos Security Heartbeat:
The Sophos Security Heartbeat: Enabling Synchronized Security Today organizations deploy multiple layers of security to provide what they perceive as best protection ; a defense-in-depth approach that
More informationRequirements When Considering a Next- Generation Firewall
White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration
More informationSolution Path: Threats and Vulnerabilities
Solution Path: Threats and Vulnerabilities Published: 24 January 2012 Burton IT1 Research G00226331 Analyst(s): Dan Blum This solution path helps Gartner clients develop a strategy and program for managing
More informationComplete Database Security. Thomas Kyte http://asktom.oracle.com/
Complete Database Security Thomas Kyte http://asktom.oracle.com/ Agenda Enterprise Data Security Challenges Database Security Strategy Oracle Database Security Solutions Defense-in-Depth Q&A 2 Copyright
More informationReal-time hybrid analysis:
Real-time hybrid : Find more, fix faster Technology white paper Brian Chess, Ph.D., Distinguished Technologist, HP Founder and Chief Scientist, HP Fortify Summary Real-time hybrid marks a substantial evolution
More informationEffective Threat Management. Building a complete lifecycle to manage enterprise threats.
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationWhy CEOs Want A Digital Strategy This Year
G00247313 CEO and Senior Executive Survey 2013: Why CEOs Will Want a Digital Strategy This Year Published: 25 March 2013 Analyst(s): Ken McGee Gartner's CEO and senior business executive survey indicates
More informationBest Practices for Confirming Software Inventories in Software Asset Management
Research Publication Date: 24 August 2009 ID Number: G00167067 Best Practices for Confirming Software Inventories in Software Asset Management Peter Wesche, Jane B. Disbrow This research discusses the
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationSmarter Security for Smarter Local Government. Craig Sargent, Solutions Specialist
Smarter Security for Smarter Local Government Craig Sargent, Solutions Specialist SUMMARY 1 Trustwave and SpiderLabs 2 Penetration Testing 3 Web Application Firewall (WAF) 4 Security Information & Event
More informationNiara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning
Niara Security Analytics Automatically detect attacks on the inside using machine learning Automatically detect attacks on the inside Supercharge analysts capabilities Enhance existing security investments
More informationAgenda Overview for Multichannel Marketing, 2015
G00271717 Agenda Overview for Multichannel Marketing, 2015 Published: 19 December 2014 Analyst(s): Adam Sarner, Jennifer S. Beck Multichannel marketing is where content and context meet and where brand
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationHow To Manage Log Management
: Leveraging the Best in Database Security, Security Event Management and Change Management to Achieve Transparency LogLogic, Inc 110 Rose Orchard Way, Ste. 200 San Jose, CA 95134 United States US Toll
More informationSecuring ephi with Effective Database Activity Monitoring. HIMSS Webcast 4/26/2011. p. 1
Securing ephi with Effective Database Activity Monitoring HIMSS Webcast 4/26/2011 p. 1 Agenda Agenda Database Security Primer Industry Trends What Works Integrated DB Security Product Demonstration Questions
More informationReal-Time Security Intelligence for Greater Visibility and Information-Asset Protection
Real-Time Security Intelligence for Greater Visibility and Information-Asset Protection Take the Effort Out of Log Management and Gain the Actionable Information You Need to Improve Your Organisation s
More informationRisk-based solutions for managing application security
IBM Software Thought Leadership White Paper September 2013 Risk-based solutions for managing application security Protect the enterprise from the growing volume and velocity of threats with integrated
More informationWebsite Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?
Datasheet: Website Security End-to-End Application Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-ofbreed
More informationApplication and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium
Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium Organizations need an end-to-end web application and database security solution to protect data, customers, and their businesses.
More informationNEXT GENERATION APPLICATION SECURITY
NEXT GENERATION APPLICATION SECURITY EN A BOOMING MARKET Application security market at a turning point. Jacques Sebag, CEO 99% of web applications are vulnerable 1 13 breaches per application on average
More informationMobile Marketing Primer for 2016
Gartner for Marketers Mobile Marketing Primer for 2016 Adam Sarner Research Vice President Mike McGuire Research Vice President Charles S. Golvin Research Director G00293091 Mobile Marketing Primer for
More informationHow To Create An Insight Analysis For Cyber Security
IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics
More informationThe New PCI Requirement: Application Firewall vs. Code Review
The New PCI Requirement: Application Firewall vs. Code Review The Imperva SecureSphere Web Application Firewall meets the new PCI requirement for an application layer firewall. With the highest security
More informationSurvey Analysis: Adoption of Cloud ERP, 2013 Through 2023
G00261104 Survey Analysis: Adoption of Cloud ERP, 2013 Through 2023 Published: 24 January 2014 Analyst(s): Nigel Rayner This Gartner Research Circle survey conducted in September 2013 shows that some organizations
More informationThe Web AppSec How-to: The Defenders Toolbox
The Web AppSec How-to: The Defenders Toolbox Web application security has made headline news in the past few years. Incidents such as the targeting of specific sites as a channel to distribute malware
More informationSession 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness
Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber
More informationPreempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions
Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com blog.coresecurity.com Preempting
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationThe Value of Integrating Configuration Management Databases With Enterprise Architecture Tools
Research Publication Date: 13 January 2011 ID Number: G00210132 The Value of Integrating Configuration Management Databases With Enterprise Architecture Tools Ronni J. Colville, Patricia Adams As configuration
More informationThe Five Competencies of MRM 'Re-' Defined
Research Publication Date: 14 March 2008 ID Number: G00155835 The Five Competencies of MRM 'Re-' Defined Kimberly Collins This research details the five key competencies of marketing resource management
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationFor more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa.
Global Partner Management Notice Subject: Visa Data Security Alert Malicious Software and Internet Protocol Addresses Dated: April 10, 2009 Announcement: The protection of account information is a responsibility
More information