BYOD Passwords Hacking Cloud Compliance Reviews Privacy

Current Filter: >>>>>>

PREVIOUS

   Current Article ID:5102

NEXT



The year ahead - what lies in wait?

Editorial Type: Industry Focus     Date: 01-2015    Views: 3777      












2014 was a tumultuous 12 months: think only Heartbleed, Sony and JP Morgan Chase. 2015 may be even more daunting. Here are some of the things you can look forward to - or not! - according to the experts. Brian Wall reports.

Predictions for 2015… where to start? Many vendors have come up with a lengthy list of what will (may) happen, with some of these intriguing and others decidedly worrying. I will leave you to decide for yourselves which side of that line the offerings below fall. Rest assured, however, that 2015 is going to be yet another highly challenging one for everybody.

But let's start from a different perspective and look at what WON'T happen in 2015, as served up by Gartner research director Adam Hills. The demise of the network perimeter has been predicted (and advocated) since at least 2001, and that argument is gaining new momentum, considering the rise of BYOD, Internet of Things, SDN, etc, he states.

"However, in 2015 the network perimeter will not disappear. Is the perimeter more dynamic today than ever? Yes. Is it more complicated than a static set of centralised ingress/egress points? Absolutely. The perimeter, even as it constantly morphs, is real and it's important to protect. If we don't keep that in mind as a design principle, and decide instead to open the network barn door wide and protect each endpoint, application, and data asset individually, we are relying upon our ability to configure policy flawlessly across scores of assets.

"While we must indeed secure each valuable enterprise asset, we must also keep safeguards at the door to turn away bad actors before they can attempt to compromise those valuable assets."

SDN security will not be deployed by many enterprises, because not many will have deployed SDN by year-end 2015. "In 2015, security leaders must work with their networking counterparts to understand (and influence) network design as SDN principles get introduced, and should build a security controls roadmap to ensure that these more agile networks can be protected," says Hills. Virtual firewalls will not comprise >5% of new purchase revenue in the network firewall market. "Same as it ever was."

IPS functionality will not commoditise or disappear. "Yes, I get it, standalone IPS revenue is declining. Gartner agrees. However, IPS is a crucial factor in an increasing number of next-generation firewall evaluations, and is more present across customer networks than ever. Certain advanced threat prevention vendors attempt to minimise the importance of IPS, in order to gain access to IPS budgets; customers who believe them, and cease to use context-enriched network IPS controls, do so at great risk."

'Security by deception' will not become a common requirement, he forecasts. "So many organisations struggle to fulfil basic foundational 'let the good guys in' and 'keep the bad guys out' duties; messing with security science-project esoterica (which might momentarily distract determined attackers) will fall by the wayside in 2015."

And….2015 STILL won't be the 'Year of PKI'. "1997 called and wants its prediction back," Hills concludes.

SO WHAT WILL HAPPEN… PERHAPS?
Here are some predictions for 2015. They may surprise you (or not) or make you feel angry/disappointed/ready to spring into action to keep your organisation all the safer.

Dave Larson, CTO at Corero Network Security:
"We've already seen that the size and sophistication of the attacks is increasing at a rapid pace, as evidenced by the recently dubbed largest ever cyber attack on Pro-Hong Kong websites, where the attack reached 500 Gbps. We've not yet reached the top of maturity curve with DDoS attacks and, as these attacks will continue to grow in size, 2015 will be the advent of terabyte DDoS attacks - that's if they are not already happening!

"At the moment, more often than not, technology is lacking within the majority of organisations to effectively record attacks of this magnitude, therefore we are left with the impression that attacks of this size simply are not occurring.

"In order to stay on top of these attacks and be proactive with the ability to accurately monitor attacks on their networks and defeat them in real-time, organisations need to turn to in-line purposeful DDoS defence technologies.

"The adoption of in-line defence technology, with sophisticated visibility, reporting and analytics widens the lens when it comes to defence against the evolving threat landscape. This will become a priority for organisations that rely on the Internet to conduct their business, as they prioritise their security investments for 2015," he forecasts.

John Bruce, CEO of Co3 Systems:
"Each year, we see the frequency and severity of security attacks increase, and there is no reason to think that 2015 will buck this trend. While Europe may appear to have been relatively unscathed until now, this is probably because public disclosure is not generally required, as it is in the US. In 2015, however, there will be an attack on the scale of the Target breach - so large and far reaching that it can't be swept under the carpet. The consequence will be harsher measures within the EU on companies who are not adequately prepared for security breaches and it is possible that, as in the US, we will see CSOs or even CEOs lose their jobs as a result.

"Cybercrime will continue to boom in 2015, as we see even more criminals enter the 'profession' not wanting to miss out. The reason for this is simply that cybercrime pays - the rewards heavily outweigh the risks. This isn't because there are not harsh punishments for those that are caught -Albert Gonzalez who masterminded the TJX attack is still serving his 20-year sentence - but rather it is because the likelihood of being caught is very small, in comparison to other serious crimes. Furthermore, there is a very low cost of entry for cyber criminals, as the tools needed to attack even the most comprehensive security systems are incredibly cheap when compared to what could be gained. Until cybercrime is less rewarding, this trend is likely to continue."



Page   1  2  3  4

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT