4 Takeaways From Gartner Security Summit
But to ensure you’re ready for what comes next, you have to understand the state of security today. With that in mind, here are four key takeaways from Gartner Security & Risk Management Summit 2017:
HTTPS Decryption is Imperative
According to Gartner, by 2020, more than 60 percent of organizations will fail to properly decrypt HTTPS traffic and miss most targeted web malware.
HTTPS traffic is more than 50 percent of the web, and the ability to decrypt HTTPS traffic to scan for hidden attacks will continue to increase in importance. This is especially necessary as the percentage of malware samples using TLS continues to grow.
CSOs and security pros should include data protection and encryption in their next security purchases, Gartner recommends.
The DDoS Boom Has Just Begun
DDoS attacks have grown exponentially in size and scope. The peak DDoS attack size exceeded 1Tbps for the first time in 2016, fueled by the Mirai malware. That’s a massive increase over the peak of 309Gbps in 2014, 100Gbps in 2010 and 24Gbps in 2008.
Gartner says that 99 percent of these attacks are volume attacks at the infrastructure layer, and the rise and weaponization of Internet of Things (IoT) devices will continue to fuel growth of DDoS of Things attacks across all verticals, including financial services, airlines, health care, education, federal and local government and more.
Organizations require DDoS solutions that deliver not only high performance, but can mitigate multi-vector DDoS attacks and protect network infrastructure.
Cloud and SaaS Rule
If your security strategy doesn’t already incorporate cloud- and SaaS-based applications, you’ve already fallen behind.
Gartner estimates that by 2021, 25 percent of corporate data traffic will bypass perimeter security and flow directly from mobile and portable devices to the cloud. That’s up from 10 percent today.
While making the move to the cloud-based services, it’s important to understand the common obstacles, which according to Gartner are:
- Privacy and regulatory issues, especially in Europe
- Bandwidth concerns due to high costs in some geographies
- Latency issues as some cloud service’s points of presence are far away
Devise a Container Security Strategy
As the use of containers increases, Gartner advises organizations to think of containers as another unit of encapsulation of a workload to scan – physical, virtual machines, VMs in Infrastructure-as-a-Service and containers – that must be protected.
It’s important to develop a container security strategy and evaluate point solutions to address gaps. Container security must start in development and by scanning for known vulnerabilities and misconfigurations.
Gartner also recommends using application control and whitelisting for runtime protection. And in the short term, Gartner cautions to avoid mixing and matching containers of vastly different rust levels on the same shared host OS.
Lastly, Gartner advises to get involved in DevOps initiatives. While containers aren’t necessary for DevOps and DevOps isn’t necessary for containers, they are often used together.
What were your key takeaways from Gartner Security & Risk Management Summit 2017? Leave us a message in the comments and let us know.