The top trends security administrators can expect in 2013
Reuven Harrison, Tufin Technologies
The primary role of IT will become service delivery
Corporate IT is becoming less focused on being an infrastructure provider and more focused on service delivery. Applications have, over time, become the lifeblood of the modern enterprise. Although cloud computing has changed how and what enterprises outsource, in 2013 we will see the ripple effect hit internal IT organisations. Enterprises will see new departments form such as application operations and application development.
IPv6 rollout will accelerate
Moving to IPv6 is a gargantuan effort - the transition itself is a highly technical endeavour, but the vision behind IPv6 matches the effort it will require to get there.
In 2013, we will witness the formation of “IPv6 islands” within larger IPv4 networks. These pure IPv6 subnets will help the industry to mature. More vendors will support IPv6 and network engineers will gain knowledge about architecture, routing, and security. Human and financial resources will be dedicated to moving IPv6 forward.
Firewalls will become embedded into network infrastructure
New firewalls still keep popping up, as do unified threat management systems (UTMs), and all the incumbent firewall vendors have developed their own next generation firewalls. In 2013, this trend will accelerate. We will see companies from various domains introduce their own firewall, each with enough appeal to support a certain degree of adoption. Enterprises will find themselves with an increased set of management challenges, as they will now have 4-5 firewall flavours rather than the 1-3 they have today. Organizations must “future-proof” their networks in terms of cyber-attacks, compliance, IPv6, and application delivery.
Varonis: IT will face salami attacks in 2013
Yaki Faitelson, CEO and co-founder, Varonis
A Rise in Internal Search
There’s a growing gulf between the people who know how to find the right information quickly and those that don’t. Organisations need to get their employees thinking about what needs to be kept, what has to be kept legally, what can be removed and how to intelligently archive their information. Organisations are storing so much data – intelligent search, retention, and archiving will be a competitive advantage.
A Growing Chasm between IT and Everyone Else
With a huge portion of the workforce connecting remotely via both personal and professional devices, the traditional infrastructure is being assaulted by new requirements, devices and services. This will impact business. For example, who owns the intellectual property of documents created on a personal device? If an employee uses a personal device to check their work email, what rights does the organisation have to access, search, or wipe the memory?
Organisations are used to collaborating internally but the need to collaborate with third parties—business partners, contractors, vendors, customers, etc.—is increasing, and files are growing too numerous and too large for email. Organisations need to introduce processes that ensure the right sensitive information is shared, with the right people, securely.
The Data Mountain
Analysts concur that data is growing exponentially – with IDC quoting 50% year on year. In contrast, Moore’s law estimated that processing power doubles every two years, although many believe that 2013 will see this growth start to slow. Organisations need to look for solutions that will intelligently archive their information, while automating management and protection.
Shortage of people with big data analytics skills
While technology exists which allows organisations to store and analyse huge amounts of data, there is a serious lack of data scientists to interpret the results and make informed decisions. More information doesn’t always lead to better decisions. But, if you have the automation and the talent to distinguish causality from coincidence, you can gain an edge.
Flame and Stuxnet fall-out could continue into 2013 predicts Venafi
CEO Jeff Hudson, CEO, Venafi
Flame and Stuxnet-style malware attacks will continue
Companies should be concerned about Flame and Stuxnet-style malware attacks, as unfortunately the tools and techniques for executing these types of attacks are now in the hands of common criminals and rogue entities. In the coming year, these types of attacks are likely to increase especially against enterprise organisations, and are likely to result in significant and costly public breaches and unplanned outages.”
The 4G explosion must be managed sensibly
The explosion of 4G in the UK will mean more users accessing data from their portable devices and from more unsecure networks which also means many more security certificates to manage. Many organisations have no idea how many certificates and encryption keys they have, where these are, or whose responsibility the management of these certificates falls under. Organisations must mitigate risk and have control over who has access to sensitive information, which means managing trust instruments for all users across the entire network - including mobile devices. If not applied, then 4G could spell disaster for many companies.
ICO will impose its first cloud computing data protection fine
In September of this year the ICO issued guidelines relating to cloud computing – advocating that companies going into the cloud need to have total control, auditability and use encryption with robust key management. Based on the ICO's previous track record, Venafi believes these guidelines are a pre-cursor to the imposition of financial penalties against organisations that fail to protect their cloud-based data. In order to answer these questions - and meet the required levels of governance – organisations will need to define, and implement a robust key management process with sound access and audit controls.
Cyber-criminals will go after highest-value targets – trust instruments at risk
A series of security breaches have exposed that third-party trust providers are high-value targets for the hacker community. Venafi warns that organisations should have business continuity plans in place to quickly and easily switch from one trust-instrument provider to another. Intellectual property, financial data and personal data can all be stolen and used to gain financial reward, expose secrets, and to harm reputations. If the bad guys are on the inside, how can the data are protected? The best answer is to encrypt the data whether it is at rest or in motion.
nCircle predicts exploits of yesteryear will mutate in 2013
Lamar Bailey, director of security research and development, nCircle
Adobe Acrobat and Reader security flaws - although Adobe’s extensible code has been around since 1982, but we continue – to this day - to see a steady stream of attacking code.
SQL injection threats - SQL first became an industry standard back in 1986, since when it has been central to database software and poses a juicy target for all manner of cyber-criminals.
Compromised and malicious Web sites – have been around since the mid-1990s. The evolution of HTML5 and other Web advances has shifted the threats/solutions balance up significantly in recent years.
Exploit Kits – the BlackHole exploit kit is relatively young, only dating from last year, but it has evolved rapidly to become the number one Web threat.
Bailey says that nCircle’s observations amongst its major clients – which include the US Office of Naval Intelligence and Visa – since 1998 when the company was founded, have given his research time a considerable insight into how the security threat landscape is evolving. “This insight leads us to believe that many of the exploits of yesteryear will be revitalised in 2013 by the addition of extra coding and the raft of new hacker developers that are constantly joining the cyber-criminal business,” he said.
The year of corporate mobile malware
Rohyt Belani, CEO, PhishMe
If 2012 was the year of BYOD, 2013 will be the year of mobile malware designed to take advantage of it. We have seen a growth in consumer apps that violate privacy, for example by tracking your GPS data, but in 2013 we will see criminals targeting mobile device users, specifically with the intention of getting inside their corporate email system. If users have devices that they use for both personal and corporate purposes, they must be security aware.
The evolution of spear phishing
Another trend we’ll see more of in the security space is an evolution of spear phishing. Criminals are starting to build up trust by using a two-pronged approach to spear phishing (using pre-texting or post-texting) to try to make the automated emails seem more human. The best technological defences are unlikely to stop this, so you have to train your users what to look out for.”
Managing remote workers clear priority for 2013
Andy Kemshall, CTO, SecurEnvoy
Home working will increase
Businesses looking to reduce their overheads, and employees looking to cut their spending, will both look to embrace home working. We may even see more organisations move to become completely 'virtual'. Instead of the daily trudge to the office, employees will remotely connect to the organisation's infrastructure - securely I hope. Physical interaction will be replaced by conference calls, with weekly or even monthly creation and collaboration opportunities pre-arranged to exchange information.
The end of hardware tokens come closer
The attack against EMC’s RSA division proved to many that these tokens are fundamentally flawed. We will see more attacks against organisations, like RSA, who store their clients' seed files. The most secure method of two-factor authentication is to randomly generate any required keys within the customer's own environment. Organisations will move from hardware to software based tokens to authenticate users.
ISACA: advanced threats and cyber-warfare
Advanced Vectors of Threat: The trend of what are referred to as ’Advanced Threats’ or the ‘Advanced Evasion Technique’ (AET) employing the approach of combining imagination, opportunities, and target selection to morph a creative vector(s) of attack, presenting a confusing, unique, unexpected payload will increase, breaking the rules of conventional thinking, to bypass, and/or to compromise security devices and applications.
Cyber-warfare: While cyber-warfare has not been encountered to date, it should be asserted to be the new component in the armoury of most developed nations’ battle plans, in support of any prospective engagement in the futuristic Theatre-of-War to gain that crucial combatant advantage. I believe in 2013, we should now accept that the concept of cyber-war is not myth, but fact.
Big Data ... or how to transform data into information. There is too much data to deal with. Technology now allows us to digest the term defined by Alvin Toffler as ‘Information Overload’ and analyse data to convert it into actionable information. That requires storage, the right architecture and business intelligence.
The internet of things ... or many internets? More than 200 billion devices will be connected to the internet and this is being called ‘The internet of things.’ However, the world is changing very fast and, while this might be true, I am seeing an epoch when countries or even huge organisations will have their own Internet. This is already happening in certain countries, not only for political issues but also as protective/preventive measures.
It’s all about the network
Dan Joe Barry, VP, Napatech
From communication to management
In 2013, we are going to see an increased focus on network management. It will come in many guises, such as end-to-end network visibility or Quality of Experience Management or Customer Experience Management. But, what will be common for all these discussions is the underlying realization that we need to understand how Ethernet and IP networks are behaving, in real-time, to better plan and optimize business processes as well as reacting to issues and, more importantly, opportunities, as they occur.
From 1G to 10G to 40G to 100G:
Ethernet and IP have won the day. But, the issue that remains is how fast these networks need to operate to keep up with demands. Carrier networks, in particular, are seeing surging traffic growth generated by smart devices, such as smartphones and tablets. Cloud service providers are also likely to see traffic growth above the ordinary. 2012 saw the first implementations of 40G Ethernet networks. 2013 will see an increase in these trends with 100G Ethernet emerging.
Is 2013 too early for SDN?
With planning beginning for 100G networks, will software defined networking play a part in these considerations? With 40G and 100G networks presenting a host of challenges that will demand a rethink of how networks are planned and operated, SDN concepts can play a part in these considerations already next year. This can drive development of more mature solutions and network management of these solutions in particular.
Black clouds on the horizon
Amichai Shulman, CTO, Imperva
In 2013 we expect to see a growing use of Internet as a Service by attackers for different activities. Over the past year we have seen a number of attack campaigns in which attackers were deploying attack servers in Amazon EC2 cloud. In particular, this practice is used with respect to fraud and business logic attacks whose network footprint is relatively low per server (and thus hard to detect as a network traffic anomaly). In addition, for DDoS attacks, such cloud offerings become very compelling. Using a stolen credit card number to pay for the cloud service, a criminal can mount a large scale and lengthy attack from the cloud preventing action against the attacking servers.
Finally, expect to see more usage of on demand computing power as attackers obtain larger quantities of unstructured data and find themselves in a need of computing power in order to process their bounty.
This was first published in December 2012