Hillstone Networks CTO Tim Liu’s Top Security Predictions For 2015

Internet of Everything = Increased Threat of Everything

Forrester predicts that 42% of the total global population will own a smartphone by end of 2015. In the meantime, more wearable electronics, sensors and industrial systems are connected to the Internet which turns into new targets for attacks. The number of mobile malware incidents will continue to grow with a rate far greater than PC malwares. Within a short time span in November, two dangerous attacks were discovered that targeted Mac OS and iOS systems – these are systems that we thought had few vulnerabilities (WireLurker and Masque). With the advent of wearables, hackers will gain more than just passwords. They will literally be able to take our pulses. As hackers’ motivational focus changes from recreation to profit, the instance of hackers subverting our connected devices and taking them hostage will become commonplace. Moving forward, organizations must ensure that they have strong BYOD policies in place, and are implementing mobile security best practices to adequately defend their networks from known and unknown threats on the horizon.

Advanced Persistent Threats Continue to be of Top Concern

Advanced persistent threats, or APT, once used to describe those attacks coming from large nation states or stealth organizations and use advanced techniques. The term is now generalized to indicate threats that are hard to detect using traditional means. With the average hacker having access to readily made online kits that allow them to carry out advanced attacks, companies are going to see more and more zero-day vulnerabilities being exploited on a day-to-day basis. Also, malwares are becoming increasingly polymorphic. They can change form for each infection to avoid detection. So even if one copy of it was discovered, other copies can still avoid detection and continue infect other systems. To fully protect a network against APTs in the future, companies will need to use a layered approach and invest in more advanced and diverse detection mechanisms that can identify threats in real-time and stop attacks in the system before they become much larger, disruptive problems.

Security Analytics Is Gaining Acceptance

4 of the Gartner Top 10 Strategic Technology Trends for 2015, pertains to data analytics and security. How to turn big data, which is network and security data inside the enterprise, into actionable security intelligence is a big opportunity. With the inability for signature-based detection to catch unknown threats, security analytics becomes the new technology to combat these threats. Security analytics combines global threat intelligence with local network data and events at customer premise in order to look for anomalous behavior that are indicative of attacks and compromised systems.  Machine learning and smart machine systems can be applied to turn big data into actionable intelligence. The analytics can be context-aware meaning that depending on the environment (including time, location, history etc.), the same behavior can be determined to be anomalous or absolute normal. There will also be a rise in complementary tactics like the sandbox method, which is used as a security mechanism that executes new or unknown software in a controlled environment so it cannot harm the rest of the network.

Increased Investment in Post-Breach Detection

Companies have been concentrating on perimeter defense in their IT security spending. With an increasing proliferation of BYOD and virtualization technology, the enterprise perimeter is blurred and there are more ways that bad guys can get into the network. Large companies such as Target and Home Depot were hacked in 2014, and we will continue to see breaches happening globally in the coming year. On average, a network is breached in hours, but the average time for breach detection is roughly 200 days. Companies are realizing that it is very hard to guarantee that their networks are never breached. But if they can cut down the time for breach detection to hours or even to a day, they can greatly cut down the damage that intruders can cause. Adoption of Post-Breach detection coincides with risk-based security methodology that is gaining acceptance, where risky issues were identified and control and mitigation were performed in real-time. This will become particularly important as companies grow bigger cloud infrastructures, and face new vulnerabilities that will require risk-based security and self-protection.