2014: The spotlight year for advanced security

Integration and analytics should be top priorities when evaluating vendors in 2015.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

It seemed that no matter where I was this year the topic of computer security reared its ugly head. Whether consulting with business executives, sitting on a plane next to a deep security expert, watching a news story about the Chinese government’s concerns about U.S. hardware and software products thanks to the Edward Snowden revelations, at a conference or event -- the topic of security always came up.

So I decided to take a closer look at the state of the computer security market. In days gone by enterprises would purchase antivirus software to protect against viruses and malware, they’d set up firewalls to protect from outside intrusion, they’d buy authorization/authentication software to make sure that their employees and business partners were who they said they were and that they had the right to access certain types of information, and they would encrypt their data to protect data on-the-fly as well as data at rest. But, after major intrusions at Target and Home Depot -- and after the loss of personally identification information (PII) such as credit card data at other organizations -- enterprises now have a heightened awareness on security and want to know what they need to do to go the extra mile to prevent internal and external data theft.

The best security conference that I attended this year was sponsored by IBM in New York City where the company described its “Smarter Counter Fraud Initiative.” IBM has combined a bunch of its software products into an integrated fraud/risk management suite designed to thwart computer fraudsters. This suite of products includes offerings from IBM’s security, data management, entity/predictive/behavioral/context/content/geospatial analytics, social network analysis, forensic analysis, case and content management, and middleware portfolios. It enables enterprises to identify fraudulent behavior (sometimes in real-time by using automated analytics tools) and to take action to prevent fraud from occurring. My in-depth look at this portfolio of products -- as well my view on some of the security services that the company has made available -- can be found here.

But enterprise security may or may not be focused on risk management and fraud prevention. An enterprise may just want to harden its systems and networks in order to resist external intrusion or internal data theft. As stated previously, the old way of protecting systems involved antivirus software, firewalls and authentication/authorization software – as well as encryption. But now enterprises are using new tools and utilities to protect systems and networks, including:

  • The use of predictive analytics that can automatically detect anomalies and make systems administrators aware of unusual activities;
  • The use of software that can protect against data loss, monitor data activity, mask and redact data, govern data and protect encryption keys;
  • Installing software to scan applications and source code to deliver advanced hybrid scanning and correlation as well as fraud detection; and,
  • Focusing on people management by using stronger authentication, access management and user provisioning facilities (and by using privileged user management tools, fine grain entitlements and identity governance techniques).

I’ve done a complete write-up of one vendor’s advanced secure data management environment (such as the environment that I just described) that can be found here.

To continue reading this article register now

5 ways to make Windows 10 act like Windows 7
  
Shop Tech Products at Amazon