Palo Alto Networks 2015 Predictions: Tailored Threat Intelligence

As 2014 comes to a close, our subject matter experts check in on what they see as major topics and trends for the new year. (You can read all of our 2015 predictions content here.)

Reading the collective tealeaves for adversaries 12 months from now is almost always a losing proposition. You are essentially trying to predict the tools, tactics and techniques that are going to be employed by incredibly skilled and intelligent attackers. Yes, we know more data breaches will occur, more records will be stolen, new technologies will be exploited, and more malware will be created than has ever been seen before. These are all givens in today’s threat landscape—the bad guys are out there, getting more efficient at their jobs, and constantly evolving.

The question becomes, what can we do about this in 2015? Here’s how I see it:

1. The year big data security analytics goes mainstream.

For advanced threats, the problem has always been attempting to find the small indicators that could reveal an attack. Many have tried to bring together enough intelligence, horsepower and analysis to find these “needles in a haystack,” but it hasn’t been enough. While there have been hints of success, applying big data analytics techniques to security will come into its own in 2015. We have hit the inflection point where computing power, availability of data, analytic models and most importantly the willingness and drive to see them through are here. We will see massive advances this coming year in our ability to collect, analyses, search, correlate, visualize and turn data into actionable security intelligence.

2. Tailored threat intelligence.

Increasingly, sophisticated organizations are realizing that certain types of attacks, or certain groups of attackers come after them. For example, there are certain steps an adversary will take to compromise a retail companies’ Point of Sale (POS) systems versus an entertainment organization’s databases, or the customer records at a major hospital. The motivations are different, the exploits and malware unique, and the methods change in each case. 2015 will be a banner year for profiling how attacks differ by industry, which vectors are higher risk for individual organizations, and tailoring custom protections in each case.

3. Sharing security intelligence.

Many major enterprises have learned the critical importance of sharing intelligence about the current state of the threat landscape – such as those in organizations like the FS-ISAC. Everyone benefits from information shared by one member, and collective immunity can be developed, stopping advanced attacks before they can compromise multiple organizations. This coming year will represent widespread adoption and acceptance of information sharing. The days of “holding it close” are over – the volume and sophistication of attacks requires a joint response.

A common theme runs through my thoughts on 2015: making better use of the data we have. Whether it is better algorithms to predict the next attack, understanding your risk posture, or sharing what you know with others – intelligence is key. Turning the massive churn of data enterprise organizations see each day into actionable intelligence, automatically, will be a major theme for 2015.

 

Threat intelligence is among many industry-specific topics planned for Ignite 2015, where you will tackle your toughest security challenges, get your hands dirty in one of our workshops, and expand your threat IQ. Register now to join us March 30-April 1, 2015 in Las Vegas — the best security conference you’ll attend all year.