Network Security

2015 trends to watch: Data destruction, endpoint intelligence and user behavior analytics

This year has certainly been an interesting one for all things security in IT, and with the end of the year approaching, it seems it's time for some predictions on what all this will mean for 2015. Based on the course of events that we've seen over the last year, and how the market is responding, here are some of the security trends that we will likely see over the coming 12 months.

If the recent attacks against Sony, Forbes, Walmart Canada and CBS News, as well as the warning released this week by the FBI, are anything to go by, 2015 will see a new trend in cyberattacks, data destruction and the rise in capability of the hacktivist.  

Today, we are accustomed to a particular modus operandi from attackers: they get in, establish a foothold, find what they're looking for and data theft usually follows. However, what we're not accustomed to is mass data destruction as part of an attack and hacktivists having a level of capability where they pose a non-trivial threat to organizations.  

In the case of the warning from the FBI, it's clear that in recent cases of destruction of the master boot record, data on hard drives has been overwritten and users' machines prevented from booting. If data destruction becomes a trend, this heightens the need for improved methods of detection and protection, and arguably will drastically change the way we respond to attacks. The cost of data theft is something we've unfortunately become accustomed to, but the cost of the destruction of data and systems is far more severe.

With the recent evolution in the threat landscape in mind, 2015 will see the emergence of the next generation of endpoint protection products. We know the need exists and security vendors are starting to respond. Existing endpoint protection products, like anti-virus, may serve a purpose, but we know that they are not effective against all the components of today's advanced attacks. The key to success for this next generation of products will be applying intelligence gathered from previous attacks and combining this with incident response best practices to provide an enhanced level of detection and protection. Preventative methods may still fail, it's inevitable. However, using this approach as part of an ongoing detection-and-protection strategy just may help us stay one step ahead.

These endpoint products may also turn their focus to detecting exploits in web browsers and common end-users' productivity apps. This is relevant as attackers have moved away from targeting vulnerabilities in operating systems and have begun to exploit applications instead. The products also will use techniques for analyzing newly present binaries on the file system and comparing them against known bad lists, taking action accordingly when suspicious files are found. Lastly, we should expect to see this next generation of endpoint protection products providing some form of sandbox environment for inspecting and then isolating any suspicious processes or taking action – all on the endpoint.

Moving to the human element, we are also going to see a rise in products focused on analysis of user behavior – both as an ongoing way of verifying the user's identity as part of the authentication process, and also as a way of anomaly detection by running activities through various data models to determine the level of risk associated with a particular activity. There is clearly a security visibility gap today that behavioral analysis can fill – the ability to detect bad actors who are already inside your network and moving laterally to complete their mission.

Clearly these trends will result in a rise in the collection and analysis of user behavior that will increase the volume of data available for security professionals to use for threat identification. This will create the need for organizations to continue to adopt a 'Big Data architecture' for their security information, and provide effective ways to filter out the noise and make this information meaningful. In order to maximize the value from the Big Data collected, companies are going to move to a risk-based security approach, where activities occurring across the network and among users are constantly evaluated, scored and surfaced based on the potential threat they provide. This will allow security professionals to determine the best response, commensurate with the risk associated with the threat.

Lastly, we know that more often than not, attackers quickly abandon the use of malware and use legitimate credentials to complete their mission. While two-factor authentication is an excellent way to protect against this at the perimeter and internally, it doesn't provide any form of detection or protection when an attacker attempts to authenticate. We will see this change over the course of the next year as organizations start to realize the value of adaptive authentication provided by the next generation of strong authentication solutions. Using adaptive authentication in conjunction with two-factor authentication adds an additional level of risk analysis to the authentication process – all while leveraging an organization's existing VPN or identity store investment. 

The coming year will bring significant changes in the security industry as we respond to the increasing sophistication of cyberattacks. Organizations should be paying close attention to the rapid evolution of the solutions available and not be hesitant to be aggressive in their approach to security. As we've all heard many times, we should be operating as if we have already been breached. IT security plans for 2015 should reflect that mentality. Best of luck with your security in 2015!

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.