What’s in store for security in 2015?

asks Keith Graham, CTO for SecureAuth.

  • 9 years ago Posted in

Data Destruction
If the recent attacks against Sony, Forbes, Walmart Canada, and CBS News are anything to go by, 2015 will be the year of a new trend in cyber-attacks - data destruction, and the rise in capability of the hacktivist. Today, we are accustomed to a particular modus operandi from attackers - they get in, establish a foothold, find what they’re looking for, and data theft usually follows. However, what we’re not accustomed to is mass data destruction as part of an attack, and hacktivists having a level of capability where they pose a non-trivial threat to organizations. In the case of the warning from the FBI – it’s clear that in recent cases, data on hard drives has been overwritten, and users machines prevented from booting through destruction of the master boot record. If data destruction becomes a trend, this heightens the need for improved methods of detection and protection, and arguably will drastically change the way we respond to attacks. The cost of data theft is something we’ve unfortunately become accustom to, but the cost of the destruction of data and systems is far more severe.

Next generation Endpoint protection
The next year will see the emergence of the next generation of endpoint protection products. As hackers become more capable there’s a matching need for protection products to evolve in turn to keep them out. Existing endpoint protection products, like antivirus, serve a purpose, but it’s already known that they are not effective against all the components of today’s advanced attacks. In 2015 we will see an emergence of the next generation of these products, applying a combination of intelligence gathered from previous attacks with incident response best practices to provide an enhanced level of detection and protection. Preventative methods may still fail - it’s inevitable, however what we may just see is that by utilising this approach as part of an on-going detection and protection strategy businesses will stay one step ahead of attackers.

These endpoint products will also begin to be used for detecting exploits in web browsers and common end users productivity apps, mirroring the way attackers have begun to move away from solely targeting vulnerabilities in operating systems and have begun to exploit applications instead. The products will also use techniques for analysing newly present binaries on the file system and comparing them against known bad lists, taking action accordingly when suspicious files are found. Lastly, we should expect to see this next generation of endpoint protection products providing some form of sandbox environment for inspecting and then isolating any suspicious processes or taking action - all on the endpoint.

The rise of behavioural analysis
In 2015 we are going to see a rise in products focused on the analysis of user behaviour - both as an ongoing way of verifying a user’s identity as part of the authentication process and as a way of anomaly detection by running activities through various data models to determine the level of risk associated with a particular activity. There is clearly a security visibility gap today that behavioural analysis can fill - the ability to detect bad actors who are already inside your network and moving laterally to complete their mission.

This will result in a rise in the collection and analysis of user behaviour that will increase the volume of data available for security professionals to use for threat identification. In turn, this will create the need for organizations to continue to adopt a 'big data architecture' for their security information, and provide effective ways to filter out the noise and make this information meaningful. In order to maximize the value from the 'big data' collected, companies are going to move to a risk-based security approach, where activities occurring across the network and among users are constantly evaluated, scored, and surfaced based on the potential threat they provide. This will allow security professionals to determine the best response, commensurate with the risk associated with the threat.

Adaptive authentication
More often than not, when a cyber-attack occurs attackers will quickly abandon the use of malware and use legitimate credentials to complete their mission. While two-factor authentication is an excellent way to protect against this at the perimeter and internally, it doesn’t provide any form of detection or protection when an attacker attempts to authenticate. We will see this change over the course of the next year as organisations start to realise the value of using adaptive authentication provided by the next generation of strong authentication solutions to support two-factor authentication .. Using adaptive authentication in conjunction with two factor authentication adds an additional level of risk analysis to the authentication process - all while leveraging an organisations existing VPN or identity store investment.
 

TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.
Commvault provides cloud-first organisations with greater choice and flexibility to protect and...
On the morning of September 20, Executive Director of the Board of Huawei and CEO of Huawei Cloud...
Global IT Business-to-Business (B2B) revenues, coming from data centers, IT services and devices,...