Shutterstock
10 Security Advances that Could Change the Game
**Editor’s Note: Throughout the fourth quarter of 2018, as part of our “In Focus” series, we will feature a series of galleries designed to help partners grow their businesses in 2019 and beyond.**
The cybersecurity channel has stepped up its game this year while cybercriminals shifted their strategies and mounted even more attacks on businesses of all sizes.
In short, nobody’s too small to be targeted by hackers, and breaches increasingly are coming from both outsiders and insiders.
Ovum’s Rik Turner
So what about the year to come? What do those fighting the war on cybercriminals have up their sleeves?
“There is considerable innovation in security, particularly in what you might term edge security – technology designed to sit on the real or notional edge of a corporate network to keep the bad guys out and the good stuff in – but also in data security; [for example], encryption, key management [and so on],” said Rik Turner, principal analyst at Ovum. “A lot of new developments are coming out of the United States and Israel.”
In essence, the evolving threat landscape is driving the need for cybersecurity innovation as cybercriminals find innovative new ways to mount an attack and exploit vulnerabilities, he said.
Imperva’s Terry Ray
Terry Ray, chief technology officer at Imperva, said the cat-and-mouse game of bad guy versus good guy in cybersecurity is always a rapid back and forth. This naturally requires security-process, product and people growth to meet new demands in the space, he said.
“There are multiple drivers, but I find the broadest across all areas is lack of expertise,” he said. “Businesses are expanding their IT infrastructure well beyond the boundaries of local data centers and individual servers. Now distributed infrastructure, mobile users, cloud-enabled systems, microservices and other business-enablement and scaling technologies are drastically expanding the organizational footprint and at the same time, expanding the field of attack that bad actors can exploit.”
Webroot’s Tyler Moffitt
This means the field that security must cover has expanded as well, yet most security departments don’t get more players to cover more ground, Ray said. It’s always been a “zone coverage model for security, but now more so, with some zones completely ignored in many cases,” he said.
Cybercriminals are very creative and resourceful when discovering new ways to deliver malware to systems, all with the aim of making money, said Tyler Moffitt, senior threat research analyst at Webroot.
“Just this past year, we saw criminals shift their strategy to steal cryptocurrency from you in the form of power through unused CPU,” he said. “They don’t even need to wait for victims to make a decision to pay a bitcoin ransom for data anymore, as they can simply mine cryptocurrency while you browse the web through cryptojacking. Fileless malware distribution is also on the rise like leveraging registry, Windows Management Instrumentation (WMI) and PowerShell scripts to deliver payloads.”
ThreatConnect’s Drew Gidwani
Cybersecurity technology is constantly advancing, with rapid development in solutions that address specific problems, but slow development in leveraging them together in a holistic, comprehensive security posture, said Drew Gidwani, director of analytics at ThreatConnect.
“There isn’t one provider that solves all cybersecurity problems, and those problems are multiplying as we advance as a society,” he said. “It seems like almost weekly we see a newcomer in the security space that addresses a specific cybersecurity problem or other vendors develop new approaches to tackle challenges.”
In the gallery below, numerous cybersecurity professionals provide 10 security advances they say will make a big impact on the cybersecurity war in 2019.
Francois Lasnier, Gemalto's senior vice president of identity and access management, said convergence of identity and access management (IAM) and data protection will be big next year.
"For years, IAM practices have revolved around controlling who can access a given network or application, while data security encrypts and protects data from unauthorized users," he said. "These two areas of security have remained at arm’s distance from each other. But thanks to advances in machine learning, data discovery and data analytics, we’re now approaching the next evolution of security — the convergence of these two technologies, where IAM will feed context into data-security mechanisms, which can be dynamically adjusted to more tightly control who can access specific assets based on who they are, how they’re doing it, and where and when they’re doing it. This will enable an emerging category of security services known as identity-based data security, which will allow organizations to centrally manage data-centric security policies automatically across all data repositories in an organization."
Rik Turner said we will continue to see the evolution of technology platforms such as user and entity behavior analytics (UEBA), and security orchestration, analytics and reporting (SOAR), which complement security information and event management (SIEMs).
"There may be further M&A activity on the part of SIEM vendors buying into these new areas (think Splunk buying Phantom, for instance)," he said.
Lawrence Pingree, SonicWall vice president, said there is going to be a shift in the "way we look at chip vulnerabilities." It’s a much longer-term issue than how many are viewing it now, requiring hardware chip manufacturers to more rapidly augment their hardware chips to match threat actor movements.
"Large chip manufacturers may need to rethink their release schedules, which have often been much larger time horizons in the past," he said.
Many vendors will start to utilize machine learning and artificial intelligence (AI) for proactive heuristics and anomaly detection, Tyler Moffitt said. Heuristic analysis is designed to detect previously unknown computer viruses, as well as new variants of existing viruses. The power of being able to teach and constantly improve models that can research like humans – but also don't need to rest like humans, will soon be realized – and not just for cybersecurity either, he said.
"Sooner than later, cybercriminals will be harnessing machine learning to automate their processes and malicious campaigns in some of the same ways us good guys do," Pingree said. "Good algorithms fighting bad algorithms [is] on the horizon."
"An important method for preventing a critical infrastructure attack is threat research," said Jon Bove, Fortinet's vice president of Americas channels. "A dedicated threat research team will find zero-day vulnerabilities, quickly push out updates when attacks are happening, and leverage AI and machine learning to optimize and improve detection capabilities. Understanding the known vulnerabilities, exploit advisories and specific intrusion or detection signatures that have been observed across the threat landscape can go a long way toward efficiently preventing attacks."
"We have seen it coming for some time," Bove said. "Only automation will allow the good guys any hope of keeping up with cybercriminals by increasing the speed to detection, compartmentalization and remediation. Second, with the current skills shortage, there are not enough cybersecurity professionals to keep doing things the old way, and many of our customers can’t find or afford the right people for the job. This is why there is such a shift to MSSPs and why we have doubled down on that segment of the partner community."
Drew Gidwani said other departments within organizations, like human resources or finance, are required to deliver measurable results and report those results to key decision leaders — but that's not necessarily true for the cybersecurity team.
"In the next year, we expect that more businesses will look for and implement cybersecurity tools that can measure their results and report on how much time and money is saved through technology like automation and orchestration," he said.
We've finally seen security standards such as Structured Threat Information eXpression (STIX) and Adversarial Tactics, Techniques and Common Knowledge (ATT&CK) get to a point where people are not just open and willing to adopt them, they actually are doing so, Drew Gidwani said. STIX is a standardized XML programming language for conveying data about cybersecurity threats in a common language that can be easily understood by humans and security technologies, while ATT&CK is a curated knowledge base and model for cyber-adversary behavior.
"This goes a long way for both intel and operations teams," he said. "They are now able to work together in a more efficient manner because they speak the same language."
Andrew Howard, Kudelski Security's chief technology officer, expects to see continued incremental advancement of current technologies, but in areas such as quantum cryptography and AI there is potential for "disruption that we haven’t seen since the creation of public key cryptography."
Deception technology, which can discover, analyze and defend against zero-day and progressive attacks, often in actual time, will become more mainstream and be integrated into detection and response systems, both operated by the customers themselves and delivered as a managed service, Turner said.
