Threat vectors: 2014 will be the year of getting back to basics
For all of the hype and predictions surrounding mobile, virtualization and related threats, the reality is that while those things are important, organizations are still most often compromised simply because of misconfigured and out of date traditional workstations and servers. The things that actually work include identifying your vulnerabilities, patching them, and reducing your overall attack surface through proper system configuration.
The hope for 2014 is that this will be the year of getting back to basics. Like always, new and creative ways of gaining access and stealing information will emerge over the next year, but the most effective and large scale breaches will still be the cause of traditional methods of attacking organizations as in the past, taking advantage of companies which are still not taking security as seriously as they should be.
We'll close the gap between IT operations and security teams
Traditionally, security teams have had a tendency to work in a silo, which has led to a disconnect between the people who find the problems and the IT operations people who execute a fix. Fundamentally, they have different roles and use different technologies, but once an attacker gets into an organization, they are crossing laterally within businesses, thus effecting all aspects of IT operations and security.
In 2014, there will be a much greater convergence of information technology and information security than ever before. IT pros, server admins and security teams will need to work more collaboratively sharing data freely in order to successfully manage a healthy security program. This is just as much an operations and political shift as it is security. This effectively prevents duplication of work, consistency of work load and roles, and more visibility into operations on both sides greatly decreasing the chances for attackers to compromise sensitive data.
We’ll move beyond compliance into “real security”
Compliance is already king in security and is one of the main reasons why people buy security technologies these days. 2014 is going to be the year people move beyond just doing compliance and start doing real security. There will be a switch on regulatory standards, such as PCI DSS, from quarterly assessments to more real time “actionable” approach. Regulatory standards are advocating switching from quarterly assessments to a real time approach and conducting assessments will be even further embedded as part of normal business routines.
This strategy, in itself, is not surprising since government bodies have promoted real time assessments and continuous monitoring for the last few years. What will change in the next year is the technology used to conduct assessments and provide a real time, continuous views, of when new applications and configurations violate this requirements.
We’ll see a shift from a prevention mentality to rapid detection
A shift from the prevention mentality to rapid detection is something people are already talking a lot about and there are a number of new start-ups in this area. This shift will definitely be a continuing trend into next year but it’s important for businesses not to confuse getting better at rapid detection and giving up on prevention. Organizations still need to focus on prevention to cut out the signal from the noise.
We’ll get more intimate with our assets
Given that most networks continue to have an eroding perimeter, a bigger challenge for people is to know where their assets are or what an asset is even anymore. Is it the remote laptop you don’t know about but employee checks email on? Is it the smart phone that is a PC in your pocket? At what point does the level of access of a home user to corporate resources make their system a corporate asset, and do you know about that asset? The idea of getting to know what and where your assets are will continue to grow in 2014.
Behavioral-based tracking of anomalous activities will become the early warning system
Is this user or machine doing something out of the norm from their everyday behavior? In 2014, organizations will have no choice but to start base lining activities and then determine where the bell curve skews. This will serve as the early warning to out of the ordinary behavior internally and take a prevention approach to insider threats opposed to a reactionary approach of cleaning up the mess and nursing the reputation.
Vulnerability scan engine technology will become a commodity
With the cost of assessments decreasing, organizations will continue to have multiple sources for vulnerability data. Business intelligence tools that consolidate this information, much like a SEIM, will become more important and relevant in the next year.
R.I.P. Windows XP
With the end of life for Windows XP, not allowing administrative rights on the desktop will take center stage in 2014. There will be no logical reason to allow administrative access to desktops for Windows 7 or 8.1 as the native operating system and third party solutions can allow least privileged access to be maintained on every system. Exceptions will always exist, but this is where the evolution of the operating system and tools come into play. This will help every organization obtain security best practices and comply with regulatory initiatives on the desktop by removing local administrative privileges.