Monday, January 11, 2016

Blueprint: What’s Coming in 2016 and Beyond for Cybersecurity

by Vincent Weafer, VP of Intel Security’s McAfee Labs, Intel Corporation

A five-year look ahead at how cybersecurity is likely to evolve

Clouds, devices, and sophistication are three of the big areas that will affect cyber threats and security over the next five years, according to McAfee Labs 2016 Threats Predictions report. Cloud applications, storage, and services are converging with rapid growth in mobile and connected devices to create an ever-expanding attack surface. At the same time, increasing sophistication and sharing among cybercriminals is making attacks more targeted and harder to detect. These issues will drive significant changes in cybersecurity over the next five years, including transformation of the efficiency and effectiveness of defenses, broader threat intelligence collaboration, and sophisticated behavioral analytics.

Criminals follow the money, so as long as we have valuable digital assets, we will have cybercrime. The increasing attack surface gives them more vectors of attack and increasingly valuable assets. The value of personal data is growing rapidly, and is already outpacing payment card info as the prime target. This trend will only continue, as criminals apply big data techniques to build warehouses of personal information for sale.

The increasing sophistication of attackers and malware developers will have an interesting effect, as they develop more targeted and stealthy attacks, but also deliver packaged cybercrime-as-a-service tools to a growing audience possessing fewer tech skills. This commoditization of cybercrime will fuel new waves of personal and customized attacks, with new criminal motivations including embarrassment, harassment, and vandalism.

Security industry response

Our research and predictions dictate some fundamental changes to digital security. Network perimeters, isolated security tools, and file or signature based defenses are a rapidly fading paradigm. Instead, we will need to re-architect the tools to operate more efficiently. Using machine learning techniques, we will improve scanning speeds by identifying trusted processes and focusing resources on suspicious activities. Security in silicon will be necessary, not only to combat the growth of low-level hardware and firmware attacks, but also to protect the billions of devices that may not have sufficient general-purpose computing power to protect themselves. Secure boot, trusted execution environments, tamper protection, active memory protection, and immutable device identity will improve the effectiveness of our digital defenses as we fight attacks that try to go lower in the stack to remain undetected.

Improved defenses will be insufficient unless we take them out of isolation. Sharing and integrating threat intelligence between endpoints, gateways, and centralized analytics will improve detection and significantly speed up correction efforts, quickly blocking new attack vectors and protecting vulnerabilities before they can be exploited in multiple locations. Threat data sharing and collaboration between businesses, governments, industry organizations, and security vendors will also deliver faster and better protections, as threat exchanges expand throughout supply chains, industries, and nations.

Behavioral analytics will augment detection capabilities as the newest weapon for defenders. Baselines for normal behavior and continuous monitoring will quickly separate legitimate activities and identities from suspicious and compromised ones. These products are in their early stages today, but applying skills from big data and other analytics and machine learning research will help them to mature rapidly over the next five years.

Poor integration, talent shortages, and the costs of failure

The lack of integrated security technology, shortage of skilled talent, and rising cost of breaches. These factors will drive increased automation and machine learning, greater simplification of security controls, and predictable funding and insurance models for security operations.

With attacks growing in sophistication and stealth, isolated individual defenses quickly fall behind. Fileless attacks, remote shell exploits, and credential theft are increasing in popularity as ways to evade detection by traditional tools. The speed of these attacks means that response times of minutes or hours leave the system open to compromise and data exfiltration. Machine learning and greater automation are necessary to match defense speed to attack speed. We are seeing steady progress in the ability of systems to translate alerts and behavior into appropriate action, detecting and correcting an attack far faster than a human operator can. At the same time, the automation will notify the operations center of its actions, so that they can begin further investigations and take any additional necessary steps.

Automation and machine learning will also help alleviate the growing shortage of skilled security personnel. Shared threat intelligence, behavioral analytics, and contextual information will enable much better orchestration between the various defense elements. An endpoint under attack will immediately publish that information so that other endpoints and gateways can block the malicious files and addresses. Threat intelligence exchanges will deliver context, scored for trust and quality, and corroborate attack info to reduce false positives. Perhaps more important, these tools will reduce the complexity of security system configurations and operations, easing the transactional burden on security personnel. Whether it is improved default configurations, automated actions based on learned behavior, or intelligently filtered and scored alerts, machines will play a vital role in augmenting the skills and resources of the security team.

Finally, the rising cost of breaches and demand for increased predictability will bring innovations in risk management, investment, and even insurance. As the value of personal data goes up, so does the total cost of a security breach. At the same time, the increasing range of security tools will make it more difficult to plan and budget. Insurance and hedging products will emerge that enable predictable levels of security investments, or limit the organization’s financial exposure to a catastrophic security event. Security as a service will continue to evolve, shifting more of the security budget to operating expenses instead of capital outlays.

Over the next five years, we are going to see some far-reaching changes in digital security, as the perimeter-based models that we have worked with almost since the dawn of the industry are replaced by a more fluid, mobile, and cloudy reality.

For a more detailed look at these and other predictions, download McAfee Labs 2016 Threats Predictions report.

About the Author

Vincent Weafer is a Sr. Vice President of McAfee Labs at Intel Security, where he oversees a team of hundreds of researchers in dozens of countries, as well as millions of sensors around the globe, all dedicated to helping protect Intel customers from the latest cyber threats. He has presented at numerous international security conferences, is the coauthor of a book on Internet security has also been invited to testify on multiple government committees, including the United States Senate Committee on the Judiciary hearing on Combating Cyber Crime and Identify Theft in the Digital Age; the United States Sentencing Commission’s public hearing on Identity Theft and the Restitution Act of 2008; and the United States Senate Committee on Commerce, Science, and Transportation on Impact and Policy Implications of Spyware on Consumers and Businesses.


Got an idea for a Blueprint column?  We welcome your ideas on next gen network architecture.
See our guidelines.

Arbor Uncovers Trochilus RAT

Arbor Networks disclosed details of a newly-discovered Remote Access Trojan (RAT) named "Trochilus" attacking various government websites and non-governmental organizations.

Arbor’s Security Engineering & Response Team (ASERT) said this Trochilus RAT is likely driven by East Asian threat actors. It is part of a seven-piece malware cluster that offers threat actors a variety of capabilities, including espionage and the means to move laterally within target networks in order to achieve more strategic access.

http://arbor.link/xo0jq


AT&T Offers Unlimited Mobile Data for DirecTV or U-Verse Customers

AT&T introduced an unlimited wireless data offer for new and existing AT&T consumer wireless customers who have or add AT&T DIRECTV or AT&T U-Verse TV.

The new AT&T Unlimited Plan includes unlimited data and unlimited talk and text. Customers can get the AT&T Unlimited Plan on a smartphone for $100 per month. Additional smartphones are $40 per month each, and a fourth smartphone can be added at no additional cost.

“Our new unlimited plan is our best offer yet. It’s the perfect reward for our valued customers who like to take advantage of our integrated offers of TV and wireless services,” said Ralph de la Vega, CEO of AT&T Mobile and Business Solutions. “Video traffic continues to grow on our network as fast as ever because people enjoy viewing their favorite video content on their favorite devices.”

http://www.att.com

Accelerite to acquire Citrix CloudPlatform

Accelerite agreed to acquire Citrix CloudPlatform, powered by Apache CloudStack and CloudPortal Business Manager. Financial terms were not disclosed.

Citrix CloudPlatform (powered by Apache CloudStack) is cloud computing software for creating, managing, and deploying public and private cloud infrastructure services. CloudPortal Business Manager is a unified cloud services delivery and business management platform that enables cloud services automation for provisioning, billing, metering and user management.

"Customers are our top priority and we are confident that Accelerite will nurture our customers who are heavily invested in running their clouds on these solutions," said Steve Wilson, vice president, Core Infrastructure at Citrix. "Accelerite has been successful in acquiring product lines from other large companies to grow cloud computing and virtualization software products. Citrix will work closely with Accelerite to build on CloudPlatform integrations with our key offerings that enable the secure delivery of apps and data."

Accelerite said that in addition to increasing the level of investment in the product line to reinvigorate the roadmap with new features and functions to meet the evolving needs of CloudPlatform users, it will continue to work closely with Apache Foundation and contribute its CloudPlatform roadmap to the Apache CloudStack project.

http://www.accelerite.com

SAP Says New Cloud Bookings Rose 103% in 2015

SAP reported exceptional momentum with fast growth in cloud and double-digit growth in its core license business in the fourth quarter. For the full year, non-IFRS cloud and software revenue grew by 20% or 12% at constant currencies and exceeded the outlook of 8% - 10% growth at constant currencies.

Some highlights:

  • New cloud bookings, the key measure for SAP's sales success in the cloud, increased 103% in the full year 2015 to €0.89 billion and 75% in the fourth quarter to €0.35 billion1. Non-IFRS cloud subscriptions and support revenue was €2.30 billion (€2.00 billion2 at constant currencies, achieving the outlook of €1.95 to €2.05 billion at constant currencies) for the full year. Non-IFRS operating profit was €6.35 billion (€5.902 billion at constant currencies, beating the full year outlook of €5.6 - €5.9 billion at constant currencies).
  • Customer adoption of SAP S/4HANA continues to accelerate sharply, with more than 2,700 customers across all regions at the end of 2015, more than doubling quarter over quarter. SAP S/4HANA, built on SAP HANA, the most advanced in-memory platform available today, provides the digital core that companies need to reduce complexity, digitize their business and connect every part of their enterprise.

"We decisively beat our full year guidance for cloud and software revenue," said Bill McDermott, CEO of SAP. "SAP gained significant share against core and best of breed competitors. Across markets and industries SAP is extending its lead as the trusted innovator in the business software industry. Our completeness of vision in the cloud and soaring adoption of S/4HANA gives us tremendous confidence in our business in 2016 and beyond."

http://www.sap.com

BT Names Clive Selley as new CEO of Openreach

BT announced the appointment of Clive Selley as the new CEO of Openreach, replacing Joe Garner, who is leaving to become CEO of Nationwide Building Society. The handover will take place this quarter.

Selley previously served as CEO of BT Technology, Service and Operations (BT TSO) -- the "engine room" of BT, responsible for the company’s core networks and IT systems across the globe – including TV, Mobile and Conferencing - as well as its world class research and development arm at Adastral Park, Suffolk. As CEO of BT TSO, Clive is responsible for twelve thousand staff, eight thousand contractors and a multi-billion pound budget. He chairs BT’s cyber security council and has an extensive knowledge of regulatory affairs.

http://www.btplc.com/News/#/pressreleases/clive-selley-to-be-ceo-of-openreach-1289587

AWS Activates Data Center in Korea

Amazon Web Services launched commercial services from a new facility in Korea.

The new Seoul region has two Availability Zones (raising the global total to 32). It supports Amazon EC2 (T2, M4, C4, I2, D2, and R3 instances are available) and related services including Amazon Elastic Block Store (EBS), Amazon Virtual Private Cloud, Auto Scaling, and Elastic Load Balancing.

https://aws.amazon.com/blogs/aws/

Abu Dhabi Hotel Boasts 1.2 Gbps Wi-Fi

The Jannah Burj Al Sarab, a new hotel in Abu Dhabi, is claiming the fastest Wi-Fi of any hotel in the world - 1.2 Gbps, according to  http://www.hotelwifitest.com  .


http://www.jannah.ae

See also