Top 5 emerging technologies to thwart cyber attacks

DATA breaches could cost businesses $2.1trn globally by 2019, according to Juniper Research. But with cybercrime continuously evolving, security teams are always on the lookout for the latest technologies that can help them prevent – or at least mitigate – cyber-attacks.

• Sophisticated endpoint detection and response (EDR)

Endpoint detection and response systems are only a few years old, but have quickly become more sophisticated. They allow Chief Information Security Officers (CISOs) to detect potential security breaches and react quickly. EDR tools record various endpoints and network events, and store data locally or in a centralised database. The data is then cross-referenced with indicators that could suggest they have been compromised in order to identify whether a breach is being attempted or has already taken place.

EDR solutions work with other security technologies – including anti-virus and disaster recovery technologies, and are by no means a substitute for security expertise. One EDR firm, SentinelOne is offering its customers a ‘$1m guarantee’ that “no ransomware attack will go undetected and cause irreparable damage”. However, it will only reimburse companies up to $1,000 per affected endpoint if it deems that it was unable to keep you safe from a ransomware attack. The catch is that its product has a feature which enables it to recover files, so only if the back-up fails, and a SentinelOne customer needs to pay a ransom to get its data back, will it reimburse its customers up to the tune of $1m.

• User and entity behavioural analytics & machine learning

Using analytics on both user behaviour as well as and endpoints, networks and applications gives enterprises more of a know-how when it comes to what should happen in most instances, and what is happening. The idea is that by analysing the combined data, it should be better equipped to pick up a threat.

Machine learning can take analytics a step further; not only could a machine that can be ‘taught’ to interpret cyber threats and anomalies and be far more accurate than a typical analytics solution, it can also go deeper into the different entities that exist across the enterprise at the micro and macro levels. It’s still in its infancy but many security vendors are using it to update existing analytics methods so that their products can detect threats and eradicate them more swiftly.

• Two-factor authentication (2FA)

The username-password combination alone isn’t secure enough, particularly if and when HMRC delivers its digital strategy which will link business accounting and bookkeeping software directly with HMRC’s digital tax accounts.

As accountants will be able to authorise software to submit tax returns, it is likely that they would need an additional layer of security to ensure unauthorised people are not able to access any data, and 2FA should be implemented by practices in the near future.

• Microsegmentation and flow visibility

Microsegementation is a more granular segmentation that could stop attackers who are already in the system to move laterally to other systems.

“Visualisation tools allow security teams to understand flow patterns, set segmentation policies and monitor for deviations. For data in motion, some vendors provide optional encryption of the network traffic,” Neil MacDonald, vice president at IT analyst firm Gartner, explains.

• Cloud security  and CASB

As more and more organisations move to the cloud, infrastructure-as-a-service providers such as Amazon Web Services have been asked to bolster their security features, enabling some firms to not need in-house security features of their own.

However, software-as-a-service (SaaS) apps provide a different challenge to security teams because they lack both visibility and control options. One way to deal with this is by installing a software tool or service that sits between the organisation’s on-premises infrastructure and a cloud provider’s infrastructure called a cloud access security broker (CASB). This enables CISOs to extend their policies beyond their own infrastructure and onto the cloud apps that their employees are using.