Written by Chris Storer, Senior Systems Engineer- VirtualArmour
2016 has been a whirlwind year in the world of cyber-security, from unprecedented growth of DDoS attacks, numerous Zero Day vulnerabilities and attacks, countless instances of breached or stolen personal records, the rise of ransomware and the rising popularity of so-called “Hacktivism”, politically motivated cyber attacks and activities intended to interfere or influence political processes.
As we look towards the sunset of 2016 and the coming year, let’s consider a few of the silver linings, items to be thankful for in light of the past year of cyber doom and gloom.
If I had to pick one cyber-security highlight of 2016, it would be the awareness that has been raised and continues to grow from mainstream reporting of breaches, vulnerabilities, and attacks. The past election cycle in the US and continued public disclosure of breaches and data leaks has gone a long way towards raising awareness of Cyber Security concerns in the general public. The human element continues, and will continue to be the weakest link in the Cyber Security chain, and this continued awareness will lead to a more vigilant, security-conscious internet populace.
Shared Security Intelligence
More and more organizations are starting to participate in Security Intelligence data sharing. This allows each organization, and the security community as a whole, to benefit from visibility and intelligence on “bad actors” generated by others. Rather than a bad actor being individually identified by each organization as they attempt to gain access, once a bad actor has been identified by one organization, that intelligence and related information is shared with everyone participating. This allows the bad actor to be proactively blocked by all other participants, without having to individually identify the actor. This essentially turns any given “feed” of threat intelligence into a global listening post, benefiting all participants. This trend will only continue to grow, as proactive intelligence sharing is becoming one of the
New and Emerging Security Technologies and Techniques
Cyber security has always been an arms race, and that continues today. As attackers and other malicious actors find newer, undiscovered ways to compromise an organizations security, cyber security professionals and service providers continue to develop newer, more advanced ways to provide detection and protection. The advances in this space, in data analysis and correlation specifically, will continue to provide new and innovative ways to consume and utilize threat intelligence and provide advanced protection and visibility. Whether this is ProtectWise “Network DVR” providing retroactive threat analysis for zero-day threats, or IBMs Watson Integration with the QRadar SIEM platform for advanced data analytics and correlation, this is going to be a very exciting space to watch in 2017.
Managed Security Services
We all “outsource” services that are not our personal core competency. Most of us rely on a Plumbing or Roofing contractor for our homes when needed, or take our cars to a Dealership or Service Center when they need service. We do this because not every one of us is an expert in Plumbing, Roofing, or Automobile Repair.
Similarly, an organization that manufactures widgets likely doesn’t consider Cyber Security a core competency of its line of business. Many organizations struggle to develop a security posture and to consistently implement cyber security processes and functions. In many cases it can be very advantageous to “outsource” these functions to a professional – a Managed Security Services provider.
Use of Managed Security Services has seen significant growth in 2016 and will continue to grow as more and more organizations opt to offload these functions to vendors who focus on cyber security as their core business. These services providers make high-end, effective cyber-security services available to all organizations, regardless of size.
It’s been an interesting year to be sure, and 2017 is shaping up to be even more so. What are your thoughts? What are you thankful for regarding Cyber Security in 2016?