 |
According to the Survey Report on Cyber Security Awareness of Chinese Internet Users launched by Qihoo 360, 24.1% have a unique password for each account, and 61.4% use different passwords. However, 13.8% use the same password for all accounts, which has high security risks.
Users face different security risks when using public Wi-Fi networks. Statistics show that when connected to public Wi-Fi networks, most users will browse simple web pages, watch videos, or listen to the music. Among them, 25.1% log in to personal mailboxes to send emails and use social accounts for chatting, while 13.6% do online shopping and banking. If a user accidentally connects to a phishing or hacked Wi-Fi, his/her operations may easily lead to account password theft or even loss of money in his/her financial accounts.
Social engineering first appeared as a formal discipline in the 1960s.
Pay attention to news regarding cyber security scams so you are always aware of potential security issues.
Gartner is the world's first information technology research and analysis company. It is also the world's leading research and advisory company.
Cloud workload protection platforms (CWPPs)
The definition provided by Gartner is abstract and complex. In simple terms, a CWPP is a platform that protects services running on the public cloud and private cloud. The current practice is to deploy an agent at all operating systems of the service to communicate with the management console. In this way, a distributed monitoring and centralized management client/server (C/S) architecture is formed, allowing O&M personnel to conveniently monitor the security status of multiple hosts at the same time and deliver handling policies.
Remote browser
The technology isolates the web page browsing sessions from endpoints. For example, the simplest way is to adopt graphical login to remotely log in to a host to browse web pages. Due to the isolation of the web browser by the graphical login, even if the browser is attacked, it will not harm endpoints of the users. After the browsing is complete, the host that performs the browsing task can be reset to the safest state. This technology can be provided as a service and relies on the virtualization technology. Enterprises lease remote browsing servers, and providers maintain these browsing servers.
Deception
A number of fake servers are deployed in an enterprise to decoy or mislead attackers to incorrectly judge the internal network topology of the enterprise, in turn increasing attack costs and affectivity. If an attacker intrudes into a fake server, an alarm will be generated. A fake server can even be directly embedded into a switch.
Endpoint Detection and Response (EDR)
The antivirus software deployed on endpoints is the simplest example of EDR. However, EDR provides more functions, such as identifying suspicious processes and network connections of a device through behavioral analysis. In addition, EDR can use big data technologies to collectively analyze behavior of multiple devices for potential threats. Currently, many mainstream cyber security vendors have launched EDR solutions.
Network traffic analysis
This technology detects abnormal network data through all-round enterprise or campus traffic monitoring and big data analysis technologies. For example, the technology mirrors all traffic passing through the switch to the analysis device for comprehensive decoding and statistical analysis. The technology then visualizes and displays the data to allow administrators to intuitively view the security posture of the entire network.
Managed detection and response
In simple terms, managed detection and response is a "baby-sitter" service for small and medium-sized enterprises that do not have security protection capabilities. For example, small and medium-sized enterprises access the network through a proxy of security vendors. Security vendors can analyze enterprises' network traffic 24/7 through the proxy and clean the threats in a timely manner. In addition, security vendors can push security event warnings to enterprises so that small and medium sized enterprises do not need to purchase or deploy any devices themselves.
Microsegmentation
The microsegmentation here does not refer to isolation between servers in traditional equipment rooms. It is isolation between applications. In the cloud era, instead of hosts, applications that provide services are usually perceived by users. Isolation is therefore evolved from the server level to the application level.
Cloud Access Security Brokers (CASBs)
This technology is used to protect cloud security. It obtains all accesses to cloud services through the reverse proxy, and conducts traffic security detection and audit to detect noncompliant and abnormal access in a timely manner, such as penetration and leakage. It is similar to the previous managed detection and response. The former is to protect service users and the latter is to protect service providers. This solution is generally provided as a service.
Software defined perimeters (SDPs)
This concept is designed to resolve the problem of flexible resource access management in the cloud era. It emphasizes on replacing traditional physical devices with software, which is the same as Software Defined Network (SDN).
Container security
Traditional security is oriented to hosts and provided for each host. In the cloud era, applications are containerized, and the concept of a host is weakened. Container security becomes very important.
The previous section described Gartner top security technologies. Now, we will summarize other future development trends.
In the future, security protection solutions may not consist of any devices. Instead, remote security protection and analysis will be provided. Users' network access traffic is directed to the data centers of the security vendors by proxy for analysis, filtering, and cleaning. All customers need to do is to configure an address of a security proxy server. MDR and CASB are examples of this type of security services.
In an enterprise, the antivirus software for endpoints will evolve into the EDR with a distributed monitoring and centralized analysis architecture. This allows the enterprise to analyze process behavior and context of all its hosts in a unified manner to more efficiently detect potential threats.
The security check capability of endpoints is increasingly being used by traditional cyber security vendors. In the past, endpoint security and network security were two separate domains. Endpoint antivirus vendors only inspected files in endpoints, and network security vendors focused on network traffic. Currently, these two functions are being integrated. Due to the interworking of the endpoint security software and the network defense device, direct connection of malicious traffic to the processes and files of the endpoint is enabled, and threats are traced accurately. In the future, security software in endpoints will cooperate more closely with network defense devices.
With the growth of microsegmentation and container security, the concept of host is weakened while the concept of service is strengthened in the cloud era. Therefore, traffic management must be implemented at the application level and container level. Network topologies viewed by O&M personnel are not host-host topologies but service-service and service-client topologies. In addition, the graphic theories and principles can be better applied to security checks to detect abnormal communication paths of the cloud data centers and potential threats in time.
All Gartner top security technologies utilize the cloud. Cloud-based deployment of security protection solutions is therefore imperative. The future of security will be based on software (Software-defined Security). All check devices will evolve into software and run in containers or virtual hosts. Software-based solutions mean O&M personnel can conveniently change the check methods for different application data flows. For example, some application data flows need to be checked by the WAF, and some need virus scanning or IPS checks. Based on the analysis of traffic and process behavior, intelligent change can be implemented.
Ref : [1]