Infosec 2016 technical roadmap - Make a choice – Based on your business constraints and technological realities !!!

Infosec 2016 technical roadmap - Make a choice – Based on your business constraints and technological realities

When we go for security solution design, it is important that we understand the business problem, need or opportunity. Our approach and methodologies should be based on that. Also we need to optimize architecture across customer needs, business constraints, and technological realities. For that we need to follow the industry trends and standards, both from a business and technical standpoint.

As a Security team, we need to closely watch the technology developments to ensure that our organization is effectively positioned to respond to any of the security threats. We need to develop technical roadmaps for future implementations across the enterprise to ensure the soundness of the solution. We also need to maintain a forward looking perspective on emerging technology developments and their relevance to both business and technology strategies.

Here I would like to discuss about the key information security areas and the top vendors associated that we should look for in 2016. I admit that this is not a comprehensive list, but hope that this will help you to some extent when you go for designing and selecting a security solution.

Note –

The technologies mentioned below are some of the key areas where I think there is going to be a huge growth in 2016.

The vendors were selected as per my own research and there could be better vendors that offer better solutions. As I mentioned above, your choice should be based on your business constraints and technological realities.

There is no order for the ranking; I have given the order in alphabetic order.

Technology areas

  1. Application Security
  2. Cloud Security
  3. Data Security
  4. Email Security
  5. Endpoint security
  6. Governance, Risk and Compliance
  7. Identity and Access Management
  8. Infrastructure /Perimeter security
  9. IOT Security
  10. Security Operation Center

1. Application Security

If we review the last few year breaches, we would understand that majority of breaches come through business applications. But still most of the organizations won’t test their critical applications. It may be of various reasons. But going forward, application security is one area we need to give more focus.

I am dividing the main application technology streams into two – Web Application Firewall (WAF), Application Security Testing

Top vendors to consider for 2016

Web Application Firewall

  1. Akamai (Kona)
  2. Barracuda (WAF)
  3. Cisco (Ace)
  4. Citrix (Netscaler)
  5. F5 (BigIP Application security manager)
  6. Fortinet (Fortiweb)
  7. Indusface (Indusguard)
  8. Imperva (Securesphere)
  9. Radware (Appwal)
  10. Trustwave(formerly Webdefend)

Application Security Testing

  1. Acunetix (Web Vulnerability Scanner)
  2. Checkmarx (CxSAST)
  3. HP (Webinspect)
  4. IBM (Appscan)
  5. Portswigger (Burpsuite)
  6. Qualys (Web Application Scanning)
  7. Rapid 7 (Appsider)
  8. Trustwave (Appscanner, Formerly Cenzic)
  9. Veracode (Appsec testing)
  10. Whitehat Security

Cloud Security

Cloud adoption has created new security and compliance challenges. I have already shared the significance of CAB with regards Cloud security in my previous article,

Top vendors to consider for 2016

 Cloud Access Security Brokers

  1. Adallom- Microsoft
  2. Bitglass
  3. Ciphercloud
  4. Cloudlock
  5. Elastica
  6. Firelayers
  7. Imperva (Skyfence)
  8. Netskope
  9. Perspecsys – Bluecoat
  10. SkyHigh

Data Security

2015 was a terrible year in terms of data privacy and security. We heard about lot of data breaches over the last few years.  With a Data Leakage Protection (DLP) solution, it can identify, monitor and protect data in use, data in transition, and data at rest.

Data Leakage Protection

Top vendors to consider for 2016

  1. CA Data Protection (formerly CA Dataminder)
  2. Code green DLP (TrueDLP)
  3. Infowatch (Traffic monitor)
  4. McAfee DLP
  5. RSA – EMC DLP
  6. Trend Micro DLP
  7. Trust Wave DLP
  8. Symantec DLP
  9. Websense DLP (Triton AP-DATA)
  10. Verdasys

Email Security

We all know how important Email Security is. A good solid email security appliance can reduce the risk of infection from spam and viruses.

Top vendors to consider for 2016

  1. Cisco (ESA)
  2. Clearswift
  3. Fortinet (FortiMail)
  4. McAfee (Security for Email Servers)
  5. Microsoft (EOP)
  6. Proofpoint
  7. Sophos
  8. Symantec (Email security)
  9. Trend Micro (Scanmail)
  10. Websense

Endpoint Security

Endpoint protection and Antivirus

Never ever neglect your endpoints - Normally, hackers carry out cyber attack by getting access to the endpoint. It is so important that we need to protect our endpoints. In Defence in depth principle, it is one of the most critical layers of defence.

  1. AVG AV
  2. Eset (Nod32)
  3. F-Secure AV
  4. Kaspersky AV
  5. Landesk AV
  6. McAfee AV
  7. Microsoft (Security Essentials)
  8. Panda AV
  9. Symantec AV
  10. Trend Micro AV

Governance Risk and Compliance

GRC Tool

Management of Governance, Risk and Compliance varies from industry to industry. With the help of a good GRC tool it will help to have a centralized, access-controlled environment for automating enterprise compliance processes, assessing weakness, and managing remediation efforts.

Top vendors to consider for 2016

  1. Agilance (RiskVision)
  2. Archer - RSA
  3. BWise
  4. Compliance 360
  5. FireMon (Security Manager)
  6. IBM (OpenPages)
  7. Lockpath
  8. MetricStream
  9. Modulo (solutions for GRC)
  10. Rsam (solutions for GRC)

Identity and Access Management

Identity and Access Managers

Right individual should access the right resources – Most important piece of Information security. Poorly controlled Identity and Access Management processes may lead to significant risks and will impact your organization security.

Top vendors to consider for 2016

  1. CA
  2. Centrify
  3. Cyberark
  4. Evidan
  5. IBM
  6. Identity Automation
  7. NetIQ
  8. Okta
  9. Ping Identity
  10. Sailpoint

Infrastructure Security

Network Firewalls

In most of the designs, Firewalls are our first layer of defence. Now most of the firewalls offer different capabilities, so it is important to understand your business needs, budget and other layers of defence when you plan to procure a firewall.

Top vendors to consider for 2016

  1. Barracuda Firewall
  2. Checkpoint
  3. Cisco
  4. Dell SonicWall
  5. Fortinet
  6. Hillstone Networks
  7. Juniper
  8. Palo Alto
  9. Sophos
  10. WatchGuard

Security Operation Center

Security Information and Event Management (SIEM)

Lot of talks over the last few years related to SOC and SIEM!!  Having all the infrastructure, it doesn’t mean that you are protected. We need to have good monitoring capabilities as well.

Top vendors to consider for 2016

  1. Alienvault
  2. ArcSight - HP
  3. IBM Qradar
  4. Intel Security (McAfee ESM)
  5. LogRythm
  6. NetIQ (Sentinel)
  7. RSA enVision
  8. Splunk
  9. SolarWinds
  10. Trustwave

Internet Of Things Security

Last year I wrote an article about Car hack and there were other good articles about IOT risks in our forum.

More connected devices over the internet mean that there would be more attack vectors and possibilities for hackers to target us. It is important for us to consider IOT security seriously and do the proper risk assessment before it spins out of our control.

Top vendors to consider for 2016

  1. Argus
  2. Bastille
  3. Bayshore networks
  4. Cryptosoft
  5. Device Authority
  6. Endian
  7. Mocana
  8. Rubicon
  9. SecuriThings
  10. Webroot

As an Information security professional, it is important to provide thought leadership in new technology areas by performing research in the latest security standards and trends. As I mentioned in the beginning, we need to evaluate existing or emerging technologies to consider various factors such as cost, security, compatibility and usability.

Authored by Aju Nair

Rate this article: 
0
No votes yet
Article category: