IDC: Specialized Threat Analysis Is Hot
Fear and loathing of advanced persistent threats (ATPs) is creating a market for what IDC calls specialized threat analysis and protection.
By 2020 more than 1.5 billion people will be affected by data breaches, according to IDC's FutureScape forecast. It's no wonder, then, that enterprises and security vendors are increasingly interested in specialized threat analysis and protection (STAP).
STAP is IDC's market categorization for technologies that attempt to detect and protect against advanced persistent threats (APTs), said Christian Christiansen, the program vice president for IDC's Security Products, speaking to a capacity crowd at IDC's annual security breakfast meeting at last week's RSA conference. The hottest area of his firm's practice is analysis of the emerging market for STAP technologies, he said.
The STAP market includes three core segments, he said: boundary, endpoint and internal network analysis. The boundary segment includes technologies that can help identify and analyze suspicious files. The endpoint segment is about technologies that harden the protection of endpoint systems and devices. Finally, the internal network analysis component is comprised of solutions that monitor network flows for anomalies within a given network.
STAP products do not rely on signatures and provide real-time monitoring capabilities, Christiansen noted.
IDC is also seeing tremendous confusion when it comes to Internet of Things (IoT) security. Christiansen believes 90 percent of the current IoT security offerings are just repackaged general-purpose security technologies. Some vendors offer a generic gateway for IoT, with the promise that it will work across a broad range of technologies, he said.
Christiansen is especially worried about the security of automobiles that incorporate IoT technology. While many large technology and security vendors claim to have some kind of relationships with automobile manufacturers, security researchers Charlie Miller and Chris Velasek demonstrated the hack of a Jeep at the Black Hat USA 2015 event, showing that individual automotive components represent the biggest security risk. With so many subsystems in a modern vehicle, a whole range of suppliers need to be secured, he said.
"The peace, love and hacking attitude for IoT will lead to a road of tears," Christiansen said.
Security Staff under Fire
While IoT and the need to defend against APTs are key enterprise concerns, IDC also sees the IT security staffing issue as an equally important challenge. Trying to recruit security pros with five to 10 years of experience is a far bigger problem than hiring entry-level IT security employees, which is why Christiansen sees a continuing need for more orchestration and automation, to reduce the reliance and need for more human interactions in the security workflow.
With breaches increasingly common, Christiansen said he often sees everyone in an organization connected to the breach getting fired.
"It's a stupid idea, you can't go around firing the people that can fix the problem," he said. "The next time there is a breach, people will have no clue on the impact and the guys that might have known aren't there cause you just fired them."
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.