Risk
1/15/2014
09:09 AM
Connect Directly
RSS
E-Mail
50%
50%

5 Security Services To Consider In 2014

Managed and cloud security services will continue to grow this year; companies should focus on a few mature, or maturing, offerings

With security expertise continuing to be in short supply, managed and cloud services will play a greater role in securing companies in 2014.

Benefiting from the knowledge of managed security service providers -- or the built-in expertise in existing cloud security services -- can help nontechnical companies build the infrastructure needed to stay secure. For more security-savvy companies, service providers can take over the day-to-day security drudge work and allow internal security teams to focus on bigger security issues that may be affecting the company, says Neil MacDonald, a vice president and fellow at business-intelligence firm Gartner.

"If I'm an organization with limited resources, I would rather free up my security team's time to focus on more advanced threats rather than the more routine things like log monitoring, firewall management, and vulnerability management," he says.

Whether a company pursues a managed security service, a cloud security service, or some hybrid with its existing capabilities depends largely on its own expertise and whether the organization already uses the cloud for existing business processes, says Rob Ayoub, research director for NSS Labs, a security consultancy.

"A lot of it depends on how they are using the cloud," he says. "Are they using the cloud as an extension of their existing infrastructure? Or are they using the cloud and consuming services from the cloud as a way to expand their security capabilities or maybe because they do not have the in-house expertise?"

Whatever may be the case for your company, the following services could be in your future this year.

1. Cloud Asset Control
Most companies do not know how much they rely on the cloud, frequently underestimating the number of cloud services being used by employees. From its own customer data, for example, cloud-management provider Skyhigh Networks has found that the average firm uses approximately 550 cloud services.

In the past few years, a number of startups -- such as CloudPassage, Netskope, and Skyhigh Networks -- have focused on the problem of taming the wild and varied adoption of cloud services. These cloud-application visibility services allow companies to discover what services they are using, the risk those services pose, and then manage the threat, says Jim Reavis, co-founder and CEO of the Cloud Security Alliance.

"These types of services give you a pretty good visibility into what cloud services are in use, and allow companies to take the next step and implement controls," he says.

2. Log Management To Incident Detection
Many companies already use a service provider to collect and manage logs, archiving the data for compliance purposes. With an increasing focus on network and business visibility, companies need to turn those logs into information on what is happening in the network.

The category actually covers a spectrum of services, from log management to security information and event management (SIEM) systems to big data analytics. Once companies have their log monitoring in the cloud, there is no reason not to look at analyzing the data, Gartner's MacDonald says.

"They can essentially tell you if you have been compromised," he says. "That can be intensely interesting, especially if you are a smaller organization and you don't have the resources to build a security operations center."

[Companies need cloud providers to delineate responsibilities for the security of data, provide better security information, and encrypt data everywhere. See 5 Ways Cloud Services Can Soothe Security Fears In 2014.]

Eventually, a focus on detection will turn into a focus on response and shutting down attackers, making incident-response services -- such as what may come from FireEye's purchase of Mandiant -- likely to grow significantly over the next few years

3. Identity Management
As companies rely on an increasing number of cloud providers, managing access to those services has become more complex. Identity and access management in the cloud makes a lot of sense for firms that use a large number of cloud services, CSA's Reavis says.

"There is a real risk that employees duplicate their identities out on the Internet, and that raises the risk of a lateral attack, where a breach at one provider allows attackers to breach the employee's other accounts," he says.

4. Encryption
The revelations that the U.S. National Security Agency is collecting massive amounts of data from the Internet has caused more companies to pay attention to how their data is secured in the cloud. While locking down data at rest with encryption is a good idea, especially when it is outside the firewall, many companies had been relying on the security of their storage providers to protect the data.

While a number of cloud services focus on encrypting data in cloud services, such as CipherCloud and Voltage Security, the market is still nascent. That will likely change this year, as cloud services focusing on encryption and access-management grow, NSS Labs' Ayoub says.

"I think identity and encryption are the two areas where we will see a lot of adoption this year," Ayoub says. "We need to focus on protecting who's accessing the data, and we need to focus on protecting the data."

5. Security Testing In The Cloud
Many companies have to focus on securing their software, not just their networks, whether the software is internally developed or comes from third parties. Outsourced application testing or application-testing in the cloud are able to find the most common bugs, help train developers, and hold third-party software firms to a standard security assessment.

"Application security testing is more difficult work, but it is becoming better understood," Gartner's MacDonald says. "By using one of these vendors to test their applications or require that their supply-chain partners to test their applications, they can enhance their security."

A number of companies offer application testing and assessment services in the cloud, including Cenzic, Cigital, Veracode, and Whitehat Security.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Robert Lemos is a veteran technology journalist of more than 16 years and a former research engineer, writing articles that have appeared in Business Week, CIO Magazine, CNET News.com, Computing Japan, CSO Magazine, Dark Reading, eWEEK, InfoWorld, MIT's Technology Review, ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant