InformationWeek

Five Security Technologies to Watch in 2017

Issue link: http://dc.ubm-us.com/i/772323

Contents of this Issue

Navigation

Page 8 of 8

darkreading.com [ Five Security Technologies to Watch in 2017 ] Pr icewater house Coopers, KPMG, and D eloitte have provided audit, tax, and IT consulting ser vices to organizations across industries. A growing number of firms — some new and some old — are attempt- ing the same model to deliver a range of consulting, assessment, and penetration testing services in the security space. Driven by the shortage of security tal- ent, these services run the gamut of ca- pabilities, from helping organizations set up security programs to identifying gaps in existing programs and recommending ways to bolster security preparedness and meet compliance objectives. Orga- nizations can hire such services to help at an enterprise level, or even with indi- vidual projects. Often, such services are vendor-agnostic and focus on identifying problems, recommending actions, and monitoring ongoing issues. The actual implementation of any recommended ac- tion is left to the client. "We see three main drivers increasing demand for security consulting services — compliance requirements, customer re- quests, and data breaches," says Rob Ragan, managing security associate at security consulting services provider Bishop Fox. Like some other companies in this space, Bishop Fox has an assessment and penetra- tion testing practice that focuses on aspects of offensive security. For instance, one of its services is to run simulation attacks depict- ing real-world scenarios on client networks to help them identify weaknesses. Bishop Fox also maintains an enterprise security practice that focuses on different aspects of defensive security. "As breaches become more of the norm, companies want a realistic view of the pos- sibilities," Ragan says. "As a result, there's growing interest in 'red team' simulations that model realistic threats — including social engineering attacks and denial of service simulations — that companies pre- viously used to avoid because of fears of disrupting their operations." From the defensive side, more companies are hiring third-party consultants to serve in chief information security officer and chief security officer roles, Ragan said. Security consulting services help compa- nies prioritize the issues that matter, says Daniel Miessler, director of advisory ser- vices at IOActive, a provider of end-to-end security consulting services that include penetration testing, code review, reverse engineering, and hardware assessments. For example, some of the main uses of IOActive's penetration testing services are to help organizations identify the effective- ness of their security controls and to give them actionable information on how to ad- dress and prioritize gaps. " The recommendations collapse into the four or five most important things you need to do," from hundreds of possible ac- tions, Miessler says. The goal is to give or- ganizations recommendations that remove the largest amount of insecurity and ensure the best possible use of an organization's security team and infrastructure. Gartner pegged the security consulting services market at $16.5 billion in 2015 and projects that it will grow at around 7.6% annually. Jaikumar Vijayan is a technology writer with over 20 years of experience in IT reporting. He has covered in- formation security and data privacy issues, as well as a variety of other technology topics, including big data, Hadoop, IoT, e-voting, and data analytics. Write to us at editors@darkreading.com. January 2017 9 Register Register Previous Next Previous Next

Articles in this issue

Links on this page

view archives of InformationWeek - Five Security Technologies to Watch in 2017