2021年Gartner安全运营技术成熟度曲线：保护IT系统免受攻击的关键创新

Gartner

安全运营

需积分: 25 123 浏览量更新于2024-01-31 收藏 773KB PDF 举报

身份认证购VIP最低享 7 折!

30元优惠券

"总结2021年7月23日发布的Gartner《安全运营技术成熟度曲线》（Hype Cycle for Security Operations）报告，该报告的主要目的是帮助安全和风险管理领导者有效制定战略。安全运营技术和服务通过识别威胁和暴露于漏洞的IT系统，从而有效防御攻击，并实施及时的响应和修复。随着数字化转型的加速，安全运营面临着新的挑战和机遇。报告中的关键亮点包括： 1. 威胁情报平台（Threat Intelligence Platforms）：这些平台通过收集和分析威胁情报数据，帮助组织及时了解最新的威胁趋势和漏洞信息。这有助于提前预防和应对潜在的安全威胁。 2. 威胁侦测与响应解决方案（Threat Detection and Response Solutions）：这些解决方案利用人工智能和机器学习等技术，快速检测和分析潜在的安全威胁，并采取及时的响应措施。这有助于缩短攻击者在网络中停留的时间，减轻潜在的损失。 3. 安全分析平台（Security Analytics Platforms）：这些平台集成了各种安全数据源，并利用大数据和机器学习等技术进行分析和可视化展示。通过这些平台，安全团队可以更好地理解和评估组织的安全风险，并采取相应的措施。 4. 人工智能驱动的安全技术（AI-Driven Security Technologies）：人工智能在安全领域具有广泛的应用前景，包括自动化威胁检测、漏洞修复和安全事件响应等方面。这些技术可以提高安全团队的效率，并降低因人为错误而导致的安全漏洞。 5. 云安全解决方案（Cloud Security Solutions）：随着越来越多的企业向云端迁移，云安全成为一个重要的关注点。云安全解决方案可以提供对云基础架构的实时监控和威胁检测，帮助组织保护云环境中的数据和应用。报告指出，安全运营技术和服务的发展面临着一些挑战，如人工智能的误报率、数据隐私和合规性等问题。同时，随着网络攻击的日益复杂和专业化，安全运营需要与其他领域进行紧密合作，共同应对安全挑战。总之，2021年的《安全运营技术成熟度曲线》报告为安全和风险管理领导者提供了重要的参考和指导。通过了解和采纳这些创新技术和服务，组织可以更好地应对日益复杂和多样化的安全威胁。然而，需要注意的是，选择和实施这些技术应根据组织的具体需求和情况进行评估和调整，确保安全运营的有效性和可持续性。"

资源详情

资源推荐

 Review available EASM capabilities from providers of tools, such as DRPS or

vulnerability assessment. You may have an existing commercial relationship in place,

and their functionalities may be good enough.

 Review providers’ capabilities as breadth of coverage (discovery), accuracy (attribution)

and level of automation in supporting remediation activities as they vary considerably

from vendor to vendor.

 Select an EASM service provider based on the recognized use case priority but also plan

for longer-term requirements potentially stretching into DRPS use cases.

 Assess the level of preparedness in terms of skills, resources and maturity of your

security organization, making sure to have appropriate resources to fully benefit from

EASM capabilities.

Sample Vendors

Bishop Fox; Censys; CyberInt; CyCognito; FireCompass; ImmuniWeb (High-Tech

Bridge); Informer Technologies; Palo Alto Networks; Randori; RiskIQ; Shodan

Gartner Recommended Reading

Market Guide for Security Threat Intelligence Products and Services

Emerging Technologies: Critical Insights for External Attack Surface Management

Emerging Technologies: Critical Insights in Digital Risk Protection Services

CAASM

Analysis By: John Watts, Neil MacDonald

Benefit Rating: Moderate

Market Penetration: Less than 1% of target audience

Maturity: Emerging

Definition

Cyber asset attack surface management (CAASM) is an emerging technology focused

on enabling security teams to solve persistent asset visibility and vulnerability challenges.

It enables organizations to see all assets (both internal and external) through API

integrations with existing tools, query against the consolidated data, identify the scope of

vulnerabilities and gaps in security controls, and remediate issues.

Why This Is Important

CAASM expands beyond the limited scope of products that focus on a subset of assets

such as endpoints, servers, devices or applications. By consolidating into a single

repository, users can query to find gaps in coverage for external attack surface

management (EASM) and endpoint detection and response (EDR) tools. CAASM

provides passive data collection by using API integrations, replacing manual and time-

consuming processes to collect and reconcile asset information.

Business Impact

CAASM enables security teams to improve basic security hygiene by ensuring security

controls, security posture and asset exposure are understood and remediated across the

environment. Organizations that deploy CAASM reduce dependencies on homegrown

systems and manual collection processes, and remediate gaps manually or through

automated workflows. In addition, such organizations can visualize security tool coverage

and correct source systems of record that may have stale or missing data.

Drivers

 Full visibility into all assets under an organization’s control to understand attack surface

area and any existing security control gaps.

 Quicker audit compliance reporting through more accurate, current and comprehensive

asset and security control reports.

 Consolidation of various existing products already collecting asset information into a

single normalized view, reducing the need for manual processes or dependencies on

homegrown applications.

 Access to consolidated asset views for multiple teams across the organization such as

enterprise architects, vulnerability management teams and IT administrators, who can

benefit from viewing and querying consolidated asset inventories.

 Lower resistance to collect data and gain security visibility from shadow IT organizations,

installed third-party systems and line-of-business applications where IT lacks governance

and control. Security teams need visibility in these places while IT may not.

Obstacles

 Resistance to “yet another” tool — Organizations with adjacent products that provide

asset visibility may be challenged to justify the cost and addition of CAASM.

 Products may be licensed per asset consumed and become cost-prohibitive for very

large organizations with millions of assets under management.

 Scalability of a single instance may be limited for extremely large environments, both for

data collection as well as usability of the tool with excessive data points.

 Tools that can be integrated with a CAASM either do not exist (e.g., lacking API) or are

blocked for integration by teams who own the existing tools.

 Reconciliation processes that conflict with source systems can cause confusion and

frustration if the source system of record is not allowed to be corrected when errors are

found.

User Recommendations

 Take advantage of POCs or free versions of products to try before you buy. Products are

nondisruptive and easy to deploy, limiting the risk of purchasing a CAASM product and

then needing to retire or replace it with another vendor.

 Determine the primary use cases you want to solve with CAASM such as achieving more

comprehensive visibility into assets, auto remediation of security gaps, updating sources

of records or easing compliance reporting burdens.

 Inventory all available APIs that can be integrated with the CAASM product and make

sure you have user accounts available to integrate.

 Extend usage beyond core security teams to multiple users including compliance teams,

threat hunters, vulnerability management teams and system administrators.

 Inquire with incumbent security vendors to understand what visibility they currently

provide into assets and if they have a roadmap to provide CAASM functionality in the

future.

Sample Vendors

AirTrack Software; Axonius; Brinqa; JupiterOne; Panaseer; Sevco Security

Pen Testing as a Service

Analysis By: Prateek Bhajanka

剩余41页未读，继续阅读

搬砖狂热分子

粉丝: 13
资源: 8

2021年Gartner安全运营技术成熟度曲线：保护IT系统免受攻击的关键创新

Gartner技术成熟度曲线（Hype Cycle）解读.pdf

Gartner - 2021 Hype Cycle for Security Operations.pdf

怎么打开打开hype-V

hype scale model

pycharm报错Your JRE: 17.0.6+10-b829.5 amd64 (JetBrains s.r.o.) D:\Program Files\JetBrains\PyCharm 2023.1\jbr

水文模型评价指标 R语言

2.3 HTML5工具介绍

可以帮我生成一个这样的互动网页吗？

手表怎么用支付宝付款

请问有没有类似flash一样的h5动画制作软件？

入门，从一个按钮和灯开始学PLC吧！（三）

param-1.12.2-py2.py3-none-any.whl

财务系统学生更改密码和绑卡操作方法.zip

基于MATLAB实现旅行推销员问题(TSP)代码+项目说明(课程大作业)+测试数据.zip

Python360翻译网页版GUI工具

志汇叮咚超级外卖6.4.3全开源完整包.zip

UE4环境安装.txt

pycares-3.1.1-cp36-cp36m-win_amd64.whl

mathutils-2.78-cp35-cp35m-win_amd64.whl

NX二次开发静态库.rar

最新资源