As companies continue to expand the technologies they use to improve their overall security, the worldwide security technology and services market is forecast to reach $67.2 billion in 2013, up 8.7 percent from $61.8 billion in 2012, according to Gartner, Inc. The market is expected to grow to more than $86 billion in 2016.
“With security being one of the top IT concern areas, the prospect of strong continued growth is assured,” said Ruggero Contu, research director at Gartner. “The consistent increases in the complexity and volume of targeted attacks, coupled with the necessity of companies to address regulatory or compliance-related issues continue to support healthy security market growth.”
Gartner analysts see three main trends shaping the security market moving forward — mobile security, big data and advanced targeted attacks.
BYOD is a megatrend that will have a far-reaching influence on the entire security industry. Changes in how security addresses BYOD leaves several opportunities for technology service providers (TSPs). Firstly, with the shift from device security to app/data security there is a chance for some security TSPs to capture endpoint protection budgets. Secondly, since some BYOD projects are centered on the productivity gains of one to two apps, there could be buying centers adding security outside of traditional information technology centers.
Finally, being able to understand the device type and how your users are computing today is just as important as who they are. An opportunity exists for those able to determine that context, and provide it for other points of influence, such as the network or applications.
The amount of data required for information security to effectively detect advanced attacks and, at the same time, support new business initiatives, will grow rapidly over the next five years. This growth presents unique challenges when looking for patterns of potential risk across diverse data sources. However, big data, in and of itself, is not the goal. Delivering risk-prioritized actionable insight is.
“To support the growing need for security analytics, changes in information security people, technologies, integration methods and processes will be required, including security data warehousing and analytics capabilities, and an emerging role for security data analysts within leading-edge enterprise information security organizations,” said Eric Ahlm, research director at Gartner.
When examining the advanced targeted attack (ATA), and the new methods being used to breach today’s security controls, it can be distilled to a basic understanding. Attackers, especially those who have significant financial motivation, have devised effective attack strategies centered on penetrating some of the most commonly deployed security controls (largely signature-based antivirus and signature-based intrusion prevention), most often by using custom or dynamically generated malware for the initial breach and data-gathering phase.
Advanced attackers are now capable of maintaining footholds inside an organization once they successfully breach security controls by actively looking for ways to remain persistent on the target organization’s internal network. They do it either through the use of malware or, even if the malware is detected and removed, via postmalware use of user credentials gathered during the period of time the malware was active. They then change their tactics to secondary attack strategies as necessary, looking for other ways around any internal security controls in the event they lose their initial attack foothold.
“Mitigating the threat from ATAs requires a defense-in-depth strategy across multiple security controls,” said Lawrence Pingree, research director at Gartner. “Enterprises should employ a defense-in-depth, layered approach model. Organizations must continue to set the security bar higher, reaching beyond many of the existing security and compliance mandates in order to either prevent or detect these newly emergent attacks and persistent penetration strategies. This layered approach is typical of many enterprise organizations and is often managed in independent ways to accomplish stated security goals, namely, detect, prevent, respond and eliminate.”