Friday, May 25, 2012

Security Technology Marathon (Rise/Fall)

As we see more and more businesses are becoming internet-enabled with basic security mechanism in place. The year 2011 was one of the landmark years for high-profile cyber attacks. As the trend is said to continue in 2012 with more sophisticated and targeted attacks, security is a major concern for the IT users of all the segments from Home Users to SMB to Enterprise. Business needs to realign security strategies keeping upcoming security incident in near future. 

The number of data thefts has tripled in the past five years and the graph tends to rise with every passing year. Right from the Government, corporate, data centers and small to medium-sized companies all have been targeted. With the introduction of IT consumerization, issues such as managing and supporting consumer devices and securing data from criminals, malware, and other threats have emerged. Mobility in enterprise sector brings new challenges for managing data, as well as the wide range of devices in the network.

Let’s analyze the technology which may be refined to address the future needs and solutions which may be replaced. The analysis is carried based on various discussions with customer addressing the security challenges and Forrester's predictions.

Technology Rise

1. Risk-based predictive Access mechanism

Profiling of user authentication based on previous accesses and actions will be enforced on the security solution. The solution will perform Predictive threat modeling before providing accesses to data. The solution should be integrated with data encryption technology for all internet-enabled communication. The rise of such solution may be seen in next 3-5 years.

2. Mobile Security

Today organizations are facing major concerns around prevent security incident happening from mobile devices. Mobile devices are the backbone of any industry and hence employees may not be restricted from their use.
Mobile devices theft is alone should be reason enough for businesses to take a more rigorous approach to securing mobile devices, including tracking them when they go missing, and ensuring that remote-wipe capabilities are in place should it be too difficult or expensive to recover the devices. With the "bring your own device to work"--a.k.a. BYOD, or the consumerization of IT-- a trend in full force, expect to see more organizations attempt to add better security to their employees' mobile devices, including smartphones.
The other issues which should be tracked are stealing information from Smartphone using advanced malware and virus attempts. It is often hard to detect the presence and hence neglected for years.

3. Advanced auditing tools

To address the increase in a number of data breaches and current regulatory requirement, there may be a huge demand for sophisticated auditing and correlation tools. The solution will "have the potential to become ubiquitous in enterprise security organizations."Solution like SIEM may be redefined to address SMB

4. Malware analysis

An integrated solution may be required to analyze incidents with the vulnerability present in the system. The solution should identify hidden super malware, monitor basic operations and fight with Ransomware(an infection that holds a device “hostage” until a “ransom” payment is delivered). The rise of such solution may be seen in next 3-5 years. The technology should be flexible for Enterprises, SMB, and home users since attackers are trying to bypass the basic fundamentals of user operations.
The solutions should address the below concerns
  • SSL is safe(Myth), SSL Not So Safe- When you see the padlock icon in your browser's toolbar, you might think that your data is safe, but hackers have found ways to get at your information before you send it securely on the internet. These new forms of malware can identify when you've visited sites protected with SSL--the encryption technology used to keep data safe from prying eyes as it travels across the Internet--and it can grab your username and password before the encryption kicks in. In addition, these sorts of attacks, according to security software vendors, will ignore all Web traffic except encrypted sites to filter out information that it isn't interested in.
  • Super malware-Some malware can access your browser history, and will only infect you if it sees that you've visited certain sites. For instance, a piece of malware designed to steal online banking login information might check to see if you visited a particular bank's website. Expect more malware that goes after certain groups of people or specific bits of information.
  • New Malware Harder to Spot and Remove: You may be infected with malware and not even realize it. While older malware used to make itself known on your PC, newer forms of malware may not even have an interface, and they may not seriously impact your PC's performance. Instead, it all runs in the background, seemingly invisible to you. This hard-to-spot malware can also be hard to remove. For example, a relatively new rootkit called ZeroAccess buries itself deep into your system, and it's extremely difficult to disable since it effectively kills any program that tries to access it (hence the name ZeroAccess).
  • Malware Holds Your PC for Ransom: Ransomware is nothing new--it's been around for a few years in various forms, including fake antivirus software that won't go away unless you pay up. The company pointed to one example where a piece of malware would lock you out of your computer entirely unless you pay up.

5. Network encryption

Although network encryption exists in infrastructure devices such as routers and switches, demand for stand-alone appliances is just starting. In one to three years this could reach the next phase, though, without compliance pressures, this technology will be adopted by only the most stringent and largest of enterprises.

6. Predictive threat modeling

This relatively new concept calls for analyzing how to properly protect important data by proactively modeling threats. In three to five years it could hit the next phase, although the "costs and complexity of current threat modeling tools work as a barrier to adoption of this new technology."

7. DDoS (distributed denial of service) mitigation controls

Due to the increase in hacktivism, "the market for DDoS protection is poised for growth" within one to three years.

8. Storage security and DLP Integration

Storage security requirement may rise due to cloud-based technology adoption. Also, DLP enabled solutions may be redefined to address complex business requirements.

Security technologies may not survive next few years.

1. Network access control

Forrester believes the market for stand-alone NAC offerings will likely be phased out over the next five to 10 years. (Though Forrester suggests there's a bit more hope for "packaging NAC" in security software suites or infrastructure security.) Why is it bad news for NAC? Forrester says only 10% of technology decision-makers will implement it over the next 12 months because "solutions are complex to deploy, scale and manage." There are several NAC architectures, plus hardware and software approaches, and "all the approaches require integration with network infrastructure components." "NAC won't stop a malicious insider who wants to commit a security breach for financial or other reasons.

2. Secure file transfer (as an on-premise appliance)

The need to securely transfer and share files between business partners is high but in three to five years it's going to be done more and more with cloud-based services rather than appliances, according to Forrester.

3. Unified threat management

Though widely deployed in small and branch offices for DSL wide-area network implementations, UTMs face dislocation from new security gateways with more integrated firewall and intrusion features that make UTM look "antiquated.UTM technology may last one to three years to meet competitive challenges and be more "enterprise-ready," though it also acknowledges UTM is likely to be "moderately successful over the long run" in retail stores.

4. Network intrusion prevention (stand-alone)

The market for stand-alone intrusion-prevention systems (IPS), despite its success being deployed by the world's largest companies, is in decline and "will likely phase out in the next 5 to 10 years" as multi-function gateways and firewalls, especially NGFW, include IPS and are used instead of stand-alone IPS equipment.