Here’s what I think we’re in for next year when it comes to APTs and the overall threat landscape.
1. The demand for cybersecurity and IR skills will reach new highs.
As advanced threats have become more commonplace, the demands on existing incident response (IR) teams have begun to outstrip capacity, especially in enterprises and government entities where cybersecurity skills are already in short supply. A recent survey by the Ponemon Institute held that only 26 percent of security professionals felt they had the security expertise needed to keep up with advanced threats. Computer science programs will continue to adapt to this trend with more focused training in cybersecurity disciplines.
2. Advanced attackers will move to mobile devices.
A wave of crimeware and fraud has already begun to target mobile devices, which are ripe targets for new malware and a logical place for new threat vectors. Mobile platforms will be uniquely leveraged by APTs thanks to the ability to use GPS location to pinpoint individual targets and the ability to use cellular connectivity to keep command and control away from enterprise security measures.
3. Financially motivated malware makes a comeback, and the lines between APTs and organized crime will blur.
The focus of enterprise security will again be on the attacks where money changes hands. Banking and fraud botnets will continue to be some of the most common types of malware and will continue to have a major impact in real-world dollars.
Meanwhile, attribution of APTs is becoming ever more a focus in the industry, which means that more hacker groups will spend more time attempting to cover their tracks and hide any unique identifiers. To do so, they will attempt to imitate, contract with, or even infiltrate criminally focused hacking organizations to provide cover for their operations.
The growth in public and private cloud adoption made 2013 a big year for the virtual data center, and there’s no question that will continue in 2014. In my 2014 predictions, here are three trends I expect we’ll hear a lot about in the new year.
1. Zero Trust Network Segmentation
Globalization has fundamentally transformed the way we do business. It has created interdependencies between global supply chains and multinational partners, expanded global economic interactions with many “countries of interest,” and enabled the movement of people, goods and information. Enterprises need to enable access to applications and data, not just for employees, but also partners and contractors. They must do business with technology and manufacturing partners and provide access to new acquisition companies, while protecting against intellectual property and confidential data theft.
In 2014, organizations will look toward practical implementations of Zero Trust network segmentation architecture as a means to address these challenges. Implementations will vary widely from enterprise to enterprise, from those that need to create distributed boundaries of Zero Trust to those that focus on data center segmentation. The key network security requirement, however, will be for solutions that can be deployed with minimal impact to the network, while providing comprehensive visibility, control and safe application enablement.
2. Cloud Adoption Growth
Organizations in 2014 will be implementing or planning to implement cloud networks, i.e. moving from virtualized application silos (web, app, database tier) to more flexible cloud architectures that enable the delivery of any application on any server at any time. Most organizations will deploy a hybrid model where certain applications and services are offloaded to public clouds, but critical services such as internal research and development, financial data and customer data continue to reside within private cloud boundaries.
The decision on the applications and services to be deployed in public versus private clouds will depend largely on network security requirements. In particular, with greater concerns about the integrity of US-based data centers, revealed in cases such as the Snowden leaks, greater scrutiny will be placed on the security in cloud service providers. A key consideration for hybrid clouds will be the definition of a consistent network security policy and management framework to be implemented across both public and private clouds.
3. Software Defined “Anything”
Organizations will spend resources and time to understand the emerging technologies of software defined anything—i.e. software defined networks, software defined data centers and various permutations of this new dynamic, programmable, automated network architecture. In particular, in the battle of the titans, VMware and Cisco, will provide vastly differing architectures — a software defined data center utilizing VMware NSX network virtualization technologies or a more hardware-centric SDN architecture approach with Cisco’s Application Centric Infrastructure (ACI).
Organizations will look for tighter integration among network security, virtualization and network virtualization solutions while maintaining separation of duties. Critical network security requirements will include the ability to deal with the new dynamic, services-oriented characteristics of software defined networks.
It was a watershed year for mobile malware, with many high-profile organizations beinghacked. To continue our series on 2014 predictions, we asked our mobility experts for their thoughts on key mobile security topics we think you’ll be hearing more about in the new year.
1. The Mobile OS Ecosystem is Too Big for Patchwork Protection
Many in the security industry cut their teeth on securing Windows-based devices, and it’s logical that they would make assumptions about how to secure iOS and Android devices based on their experiences securing Windows.
But the mobile ecosystem is much more complicated and far-reaching than Windows. Too much of what’s being described as mobile security is based on buying add-ons for different devices running different operating systems – a scattershot model doomed to fail. Rather than focus on securing individual devices, organizations need to look for security solutions thatextend next-generation firewall policies across the full range of mobility use cases, independent of OS.
2. Mobile Security Issues Turn Security Admins’ Attention Outside the Firewall
Still too many “mobile security” solutions protect a user’s mobile device while they’re behind the corporate firewall but don’t enforce mobile security policy when users are outside it – an increasingly shortsighted approach. Facebook was hacked earlier this year, for example, when employees connected to a mobile developer’s compromised website, downloaded malware and then introduced it to Facebook’s internal servers when they were back behind the firewall. Expect to hear similar stories in 2014, and hopefully a shifting debate on how to solve these challenges.
3. “Lock it Down” Just Won’t Play
Many organizations still take a “lock it down” approach to mobile security and have put policies into effect that are so strict they eliminate the productivity and flexibility benefits of BYOD. But the mushrooming popularity of smartphones and tablets means users will find a way to use them on networks whether admins like it or not. In 2014, a majority of organizations will finally turn away from the “lock it down” approach in favor of a mobile security model that gives users some breathing room while preserving the secure enterprise network.
One of the many principles our CEO Mark McLaughlin brought to the company, that I fully embrace, is the rule of three, which encourages you to focus and prioritize. Top 10 lists are great for late night talk shows, but realistically, a list that long becomes somewhat dilutive. With that in mind, let’s delve into what I think will be three of the more interesting firewall and next-generation network security topics for 2014.
1. The NSA revelations will catalyze a dramatic uptick in the use of SSL/encryption.
This is a tricky subject. Encryption, when used to protect networks and digital assets, is a good thing, and we fully endorse its use. Encryption, when used to bypass security or steal data, is a bad thing. Now that we know more about just how closely our government is watching us, I suspect we’ll see a spike in SSL/encryption use.
Something that there is no debate on is that attackers are using SSL – what’s commonly known as the universal firewall bypass — to hide their actions. We need only look at this year’s APT1 revelations and the Aurora attack from several years ago to confirm this. Our most recent Application Usage and Threat Report shows that about 25 percent of the 1,395 applications found on enterprise networks are capable of using SSL. We expect that to number to increase, making the challenge of how SSL is being used that much more difficult to determine.
2. We will exert more control over remote access tools.
The revelations of how commonly remote access tools such as RDP, SSH and TeamViewer are used to attack your network will force us to exert greater control over these tools.
Make no mistake, these applications provide support and development teams with powerful tools to simplify their jobs. But we know from past Verizon Data Breach reports that they are used so commonly by attackers that there are scripts readily available to find their use on your network for purposes of exploitation. The recent APT1 revelations that RDP was used in the ongoing attack further solidified this finding.
We also know that employees use these tools to mask what they’re doing on the corporate network as a means of protecting privacy. Browser plugins such as Remote Desktop and uProxy for Google Chrome will make these tools more accessible and only increase the challenge of controlling their use on the corporate network. User privacy is critically important, but users also need to understand that these applications can jeopardize the core of the business. The challenge will be how organizations can best implement controls without limiting productivity. A tough challenge but one I am hopeful that we can make progress on this coming year.
3. Cyberlockers and cloud-based filesharing will continue to grow, despite the risks.
We’ve been watching browser-based filesharing applications since 2008, when we identified a pool of roughly 10 variants in this group. As of this year, we’re tracking more than 100 variants, and according to our research an average of 13 of these applications are found on networks we analyze.
In many cases, there is no business use case for this many variants. Hotfile, for example, was found on 30 percent of the 3,000+ networks we analyzed and it was just fined $80 million for copyright violations. Is this an application that belongs on your network?
I firmly believe there is business value for some of these applications (we use them here at Palo Alto Networks), but they do present business and security risks if they’re used too casually. The risks will continue to escalate as the vendors try to broaden their appeal to users and differentiate themselves by adding premium, always-on, always-synched features.
Here are my 2014 predictions on what I think will be the trendsetters in cyber security.
1. Securing the mobile device will be inextricably linked to securing the network
With freedom of choice comes risk. Megatrends like BYOD and the rise of the mobile workforce are providing fertile ground for cyber criminals and nation states looking to capitalize on devices operating over unprotected networks. The scales have historically been tipped against us, leaving enterprises vulnerable to a new breed of advanced threats targeting mobile devices. In 2014, threat intelligence gained within the enterprise network will offer new defense capabilities for mobile devices operating outside protected networks. And intelligence gained by mobile devices will offer new signature capabilities to further strengthen enterprise networks.
2. Cloud will get a security makeover
Innovations in network virtualization are enabling automation and transparent network insertion of next-generation security services into the cloud, and this is an area where Palo Alto Networks leads. Security has remained one of the greatest barriers preventing cloud computing from reaching its full potential, and in our recent Cloud Computing & Security survey, about 60 percent of respondents told us that delays in applying security have a negative impact on their operational efficiency. In 2014 next-generation network security and network virtualization will come together to form a new paradigm for cloud security.
3. Detection times will decrease in 2014
This may be a controversial prediction amongst those who prefer to prey on fear, but expect breach detection times to decrease in 2014. Enterprise security has undergone a massive transformation since the introduction of the Next-Generation Firewall (NGFW). This has long since moved from an emerging technology to one that’s universally deployed. Newer, advanced security services are enabling enterprises to gain new advantages in detecting unknown threats, and gather that information into a threat intelligence cloud that’s developing an impressively high IQ. In other words…the vision is working. The net result will be a measurable reduction in the time it takes to detect a breach.