Cyber security is one of the hottest topics in technology today, with rhetoric flying thick and fast from vendors.
But this creates a lot of hype and noise in the market, creating confusion for partners seeking clarity around where future opportunities lies.
"In 2017, the threat level to enterprise IT continues to be at very high levels, with daily accounts in the media of large breaches and attacks," Gartner analyst Neil MacDonald said.
"As attackers improve their capabilities, enterprises must also improve their ability to protect access and protect from attacks.
"Security and risk leaders must evaluate and engage with the latest technologies to protect against advanced attacks, better enable digital business transformation and embrace new computing styles such as cloud, mobile and DevOps."
According to Gartner, the top technologies for information security in 2017 are:
Cloud workload protection platforms and cloud access security brokers
Modern data centres support workloads that run in physical machines, virtual machines (VMs), containers, private cloud infrastructure and almost always include some workloads running in one or more public cloud infrastructure as a service (IaaS) providers.
Hybrid cloud workload protection platforms (CWPP) provide information security leaders with an integrated way to protect these workloads using a single management console and a single way to express security policy, regardless of where the workload runs.
In addition, cloud access security brokers (CASBs) address gaps in security resulting from the significant increase in cloud service and mobile usage. CASBs provide information security professionals with a single point of control over multiple cloud service concurrently, for any user or device.
The continued and growing significance of software as a service (SaaS), combined with persistent concerns about security, privacy and compliance, continues to increase the urgency for control and visibility of cloud services.
Remote browser
Almost all successful attacks originate from the public internet, and browser-based attacks are the leading source of attacks on users. Information security architects can't stop attacks, but can contain damage by isolating end-user internet browsing sessions from enterprise endpoints and networks.
By isolating the browsing function, malware is kept off of the end-user's system and the enterprise has significantly reduced the surface area for attack by shifting the risk of attack to the server sessions, which can be reset to a known good state on every new browsing session, tab opened or URL accessed.
Deception
Deception technologies are defined by the use of deceits, decoys and/or tricks designed to thwart, or throw off, an attacker's cognitive processes, disrupt an attacker's automation tools, delay an attacker's activities or detect an attack.
By using deception technology behind the enterprise firewall, enterprises can better detect attackers that have penetrated their defences with a high level of confidence in the events detected. Deception technology implementations now span multiple layers within the stack, including endpoint, network, application and data.
Endpoint detection and response
Endpoint detection and response (EDR) solutions augment traditional endpoint preventative controls such as an antivirus by monitoring endpoints for indications of unusual behaviour and activities indicative of malicious intent.
Gartner predicts that by 2020, 80 per cent of large enterprises, 25 per cent of midsize organisations and 10 per cent of small organisations will have invested in EDR capabilities.
Network traffic analysis
Network traffic analysis (NTA) solutions monitor network traffic, flows, connections and objects for behaviours indicative of malicious intent.
