Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Recommendations
Context awareness helps make security an enabler, not an inhibitor, of dynamic
business requirements. Begin the transformation to context-aware and adaptive security
infrastructure now as you replace legacy static security infrastructure, such as firewalls,
and Web security gateway and endpoint protection platforms.
Use the framework provided in this research as a way to evaluate security offerings for
their capability to incorporate richer context information at the time of a security decision.
2
Question security vendors on their specific road maps for
application, identity and content awareness, as well as the
ability to incorporate other types of context information into their
policy enforcement decisions.
Remove hard-coded and static security policies from
applications and other systems, and move them to externalized
security policy enforcement points capable of consuming realtime context information.
ANALYSIS
Process
Content/Information
Identity
Application
Operating System
Device
Network
Source: Gartner (May 2010)
2010 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. Reproduction and distribution
of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be
reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartners research may discuss legal
issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used
as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions
expressed herein are subject to change without notice.
3
When IT and business infrastructures are fairly static and welldefined, these security decisions are simpler, and there are fewer
of them. In most cases, for the past 30 years, our organizations
owned and controlled most of the entities shown in Figure 1 and
Figure 2.
In static IT infrastructures, ownership became a proxy for trust.
Because we owned and controlled most of the pieces, information
security policy enforcement points were typically only placed at the
demarcation point (perimeter) between something we owned and
something we didnt own (and, therefore, didnt trust). For example,
we placed network firewalls where our network connected to the
outside world, placed e-mail security gateways where we received
outside e-mail and placed antivirus software where our systems
accepted unknown executable code from the outside world.
This model of trusting us (we own it, we control it) and not
trusting them (they own it, they control it) and placing security
policy enforcement points only where we had a handoff between
us and them has worked reasonably well, but is coming under
extreme pressure. This model fails in a world where we increasingly
dont own all the pieces of our business and IT infrastructures.
Multiple converging trends in business and IT are tearing down the
silos of traditional IT infrastructure, and tearing down the traditional,
well-defined boundaries of our businesses. Collectively, these six
trends are driving the need for adaptive, context-based security:
on this entity?
Process
Content/Information
Identity
Application
Operating System
Device
Network
4
6. Industrialization of hackers. The shift from mass to targeted
attacks requires a shift in protection strategies where we have
less trust of internal users and systems, either as a result of a
compromised insider or a targeted attack launched from a one
of our own internal systems that has been compromised.
5
Figure 3. Adding Environmental Context to Security Decisions
In this context?
Source: Gartner (May 2010)
on this entity?
Process
Content/Information
Identity
Application
Operating System
Device
Network
6
Table 1. Examples of Context Information That Might Be Relevant to a Security Decision
Context Layer
Environmental
Local environment
Macroenvironment
Location
Prior location
Proximity
Time of day, month, year
Time elapsed since last action
Temperature
Ambient lighting
Community
Friends
Family
Social networks
Relationships
Patterns of uptake
Presence
Links
Tagging
Process
Customer facing
Revenue producing
Content
Files
Databases
Executable content
E-mail
Input
Sensitivity of content
Trust of the content
Reputation of executable code
Reputation of the e-mail
Known vulnerabilities
Input from the collective
Identity
Organization
User
Group
Application
Application
Service
Transaction
APIs
Uniform resource identifier (URI)/URL
Operating System
Processes
Threads
System calls
Device drivers
Virtualization platform
Device
Device type
Virtual machine or physical
IP Address
Network
Packets
Connection types
Port/protocol
Traffic encrypted?
Strength of encryption?
Historical patterns of behavior
Known vulnerabilities
7
Secure Web gateways (SWGs) Like the EPP, simple Web
proxy filtering and blocking based solely on URL information is
increasingly insufficient. SWGs are evolving well beyond static
URL filtering to incorporate context information such as the
reputation of the URL, the location and reputation of the source
IP address and other information at the point of the security
policy enforcement decision. These products are also becoming
content aware to help monitor for data loss on outbound
connections.
While a few of the information security vendors have adopted
the term adaptive security infrastructure, most are using the
terms application awareness, identity awareness and content
awareness as adaptive and context-aware security capabilities are
added. Instead of being separate requirements, we believe these
are all examples of an underlying architectural shift to contextaware and adaptive security infrastructure. Each independently
describes the need to incorporate higher levels of context into
security decisions to improve those decisions.
8
Acronym Key and Glossary Terms
Context
the circumstances within which something exists or happens, and that can help
explain or understand it
Context action
Context analysis
rules that are applied by a context broker in response to the arrival of context data,
and that either deduce new context data or trigger context actions
Context aware
Context broker
a software component that collects and stores context data, deduces context, and
triggers context actions
Context data
Context-enriched service
Context provider