Giant leaps, small steps
It’s an unfortunate fact that no security firm came up with a silver bullet to protect endpoints, the cloud, networks, IoT and mobile devices from cyberattack, but that doesn’t mean there were no technological advances made.SC Media reached out to several industry insiders to see which 2019 advances they thought deserved mention.
Kevin Sheu, vice president at Vectra, brought up that the concept of zero trust has not only has grown significantly in the last couple of years but reached a critical mass 2019. A zero-trust architecture fundamentally distrusts all entities in a network and does not allow any access to resources until an entity has been authenticated and authorized to use that specific resource, i.e. trusted. This new paradigm requires better user and device authentication methods as well as micro-segmentation of networks. But equally important is the use of advanced machine learning techniques to observe and score the privilege of an entity based on the behaviors that entity performs on the network. This is known as Privileged Access Analytics. The unique combination of machine learning and the network are moving cybersecurity forward by orders of magnitude to solve what is currently the largest problem in attacks: The misuse of privileged access and knowing where that privilege does and does not occur.
AI and Machine Learning
Jack Kudale, founder and CEO of Cowbell Cyber, noted that over the past year the gap has been significantly narrowed between business leaders and their cybersecurity counterparts thanks to developments in AI. Machine power can automatically process the vast amount of data generated by security tools to deliver meaningful, business-oriented security risk insights. Now, cyber risk conversations, backed by business data, can take place at the executive level next to other key business risk conversations. This inevitably brings along additional options to manage cyber risks. This includes risk transfer and loss mitigation through cyber insurance.”
The biggest advance in cybersecurity over the past year was the increased adoption of multifactor authentication (MFA) which has become a must have measure, not only on critical servers, but also to protect more commonly used resources such as websites, financial transactions, etc…, said Fausto Oliveira, Principal Security Architect at Acceptto. However, it is still noticeable that there is an attachment to the passwords and official guidelines are still adopting legacy measures, such as seen in NIST 800-63B. Here, system developers are still encouraged to use eight characters for passwords (which can be brute forced in minutes) instead of encouraging the adoption of memorable passphrases for legacy and mandating MFA for all the remaining systems.
MITRE ATT&CK Framework
The increasingly widespread adoption of the MITRE ATT&CK framework was another significant cybersecurity advancement we saw in 2019. For years enterprises have lived under the fear that they are always under attack, but it wasn’t always clear who was attacking them and how, said Mehul Revankar, director of product management at SaltStack. Plus, it was nearly impossible to find any real evidence of attackers’ goals or what they were trying to achieve. In recent years the MITRE ATT&CK framework, a globally accessible knowledge base of adversary tactics and techniques, has changed that for good. The incredible adoption of the MITRE ATT&CK framework across government organizations as well as industry sectors, including financial services, healthcare, retail, and, most importantly, cybersecurity vendors has been a huge plus and the Framework’s importance to the security industry could be seen at the sold-out ATT&CKcon conference. It will continue to benefit from it for years to come, Revankar said.
Not every advance was made by the good guys. Joseph Carson, chief security scientist at Thycotic, believes 2019 saw the black hats take a leap forward.
“Unfortunately, the major technological advantage in cybersecurity that took place this year has been on the cybercriminals side with the increased use of deep fakes in cyberattacks,” Carson said. “In the past, cybercriminals took advantage of stealing users credentials, passwords and now with deep fakes they can also steal digital identities, digital face and voice meaning that when you are speaking to someone online you have no guarantee that it is a real person. Deep fakes are starting to change the cybersecurity landscape and we must innovate to reduce the risks that they introduce.”