Gartner: Prepare for context-aware security

Cloud computing, IT consumerisation and the evolving threat landscape are forcing IT departments to rethink security

Cloud computing, IT consumerisation and the evolving threat landscape are forcing IT departments to rethink security.

Analyst Gartner has predicted context-aware security will be the preferred method for IT to evolve enterprise security to be able to cope with emerging threats and evolving business requirements for greater openness.

In the latest security hype cycle report, distinguished Gartner analyst, Neil MacDonald described context-aware security as the use of supplemental information to improve security decisions at the time they are made, resulting in more accurate security decisions capable of supporting dynamic business and IT environments.

The industry is beginning to offer context-aware security products. According to Gartner, suppliers of next-generation endpoint, network, application and data protection platforms are starting to incorporate context into their security information and event management platforms.

Main suppliers of context-aware security products

• Check Point Software Technologies

• Cisco

• HP

• McAfee-NitroSecurity

• Palo Alto Networks

• Q1 Labs

• Sourcefire

• Trend Micro

Source: Gartner

In the report, Gartner urged chief information security officers to begin the transformation to context-aware and adaptive security infrastructure as they replace legacy, static security infrastructure, such as firewalls, as well as secure web gateways and endpoint protection platforms.

Gartner recommended businesses move hard-coded, static security policies from applications and systems into externalised security policy enforcement points that are capable of consuming real-time context information.

Joseph Feiman, vice-president and Gartner Fellow added: "Information security infrastructure must become adaptive by incorporating additional context at the point when a security decision is made. We are already seeing signs of this transformation in next-generation endpoint, network, application and data protection platforms, as well as the incorporation of context into next-generation security information and event-management platforms."

Read more on Network security strategy