Promising security evolution

By Tim 'TK' Keanini, CTO at Lancope.

  • Monday, 16th December 2013 Posted 11 years ago in by Phil Alsop

Incident response finally matures to a business process
Headline after headline, some company reports a cyber incident and hangs its head in shame. While it is disappointing, strong businesses have strong leaders that show us how to operate a company in times of crisis. Responding to an information security incident is not just an IT thing anymore, it is a business thing. 2014 is the year businesses will finally realize that leveraging the Internet for business growth also means that responding to incidents is par for the course.


I’m certain that in 2014, some companies will step up and show everyone else in the world how to excel at incident response. Successful businesses are the most attractive to the adversaries, so it is fitting that these companies will have no choice but to step up and lead. They will show us how business continuity is job one, and they will no doubt execute their incident response processes as well as a world-class sports team on game day – interfacing with legal, PR, marketing and external crime fighters to get the job done.


Software-Defined Networking (SDN) and the adaptive perimeter
Security experts have been saying recently that the network perimeter is dead, and that the boundaries that firewalls have established between ‘inside’ and ‘outside’ are disappearing. What they are really saying is that static and physically established boundaries are dead because they cannot adapt quickly to changing threat and business requirements. This all changes with Software-Defined Networking (SDN).


In 2014, we will see an adaptive perimeter or intelligence-based enclaves that are dynamic and both serving to the business needs as well as defensive against advanced threats. While there are many examples, I will share one that mimics the biology of the human body. Our bodies at a cellular level “live” because we are able to replicate cells without error on an ongoing basis. When errors occur at this cellular level, we have cancer. The difference between it being life threatening or not depends on the body’s ability to encapsulate this error and stop its replication – the successful result is a benign tumor that in most cases can be removed.


This form of containment on a network is completely attainable with SDN as long as some intelligent system is monitoring for and detecting anomalies. Self-forming enclaves are also proactive in that they can dynamically partition the network in such a way that no one threat can have a life-threatening effect on the business. SDN is one of the most exciting capabilities to ever present itself to a security architecture, and in 2014, SDN innovation will emerge, making it harder for bad guys to operate.


Increase in two-factor authentication
More individuals on the net are having their email, social media and other accounts compromised because of weak passwords. Once they experience this, they are finally ready to consider other methods, and most of the high-profile accounts like LinkedIn, Google, Twitter and Microsoft have all implemented some form of two-factor authentication. The increase in 2014 will be two-fold: 1) more vendors online will be implementing two-factor authentication and offering it as an option, and 2) more of the user base will begin to use it. It is a sad fact that a person really needs to go through the pain of a security incident before they start to practice better security.


New Security Challenges for 2014
The “Internet of Everything” requires the “Security of Everything”
Cisco has it right when they point to a future called “The Internet of Everything.” This unfortunately means that certain things in your life that have traditionally been out of the reach of bad guys are now in reach. 2014 might not be the “Internet of Everything” yet, but it will be the “Internet of Somethings,” and those somethings will need to be resilient to the threats present online. For everything you operate, you will need to answer the question: If it were compromised, how would it behave differently? While we are used to asking these questions of our computing devices, now we will need to ask this of our automobiles, our home automation, and even our home appliances.


Physical authenticity weakens with 3D printing
You know a technology is disruptive when on one hand, you can print out a firearm, and on the other hand, you can print out a splint that saves a child’s life. Such is the case with 3D printing. In our society, we still believe that the cost of copying something physical is high enough so that it is a low probability that criminals would make a counterfeit item. With 3D printing dropping in price, however, clever criminals will begin to copy physical objects that, by themselves, can provide authentication or access. I think it will range, but some examples will include concert badges (maybe even backstage passes) and physical keys for simple locks. This will be a real threat any time a physical object alone is enough proof to gain access.
Tracking devices


I know it is creepy, but if someone put a tracking device on you, how would you know? You already have so many personal computing items in your pockets emitting radio signals, it would be a real task to detect such a tracker on you or anyone else for that matter. A few startups this year offer tiny little devices that, when attached or embedded in objects, can be tracked from your smartphone via a complicated mesh of peer-to-peer networks. The intended use cases are to find your keys, find your briefcase, even your cat, but the bad guys are already thinking up other nasty ways to exploit this very personal device. We may be getting to the point where, next time someone hands you a gift, you will have to scan it for bugs.


If some of this technology sounds more suitable for “The Matrix” than for consideration in your 2014 security strategy, it is time for you to realize that there are virtually no limits to today’s technology innovations. And unfortunately, that also means that there are hardly any limits to the opportunities for today’s online attackers. Attackers’ inroads to your corporate and personal data and assets continue to multiply, while their skills and resources are also growing. The good news is that this same innovation is also feeding the security solutions we have available to us today. It is time to look beyond your firewalls, antivirus and other conventional tools and embrace new, more progressive means of securing your network in 2014 and beyond.