What security challenges will this new year bring?

2016 was a significant year from an info security perspective.  Not just in terms of high-profile cyber-attacks and breaches, but also in underlying trends that show how the security landscape will evolve over the coming year.

Ransomware runs rampant

Ransomware took center stage in cyber-security headlines during this year.  Among the high-profile attack victims were the Hollywood Presbyterian Medical Center in February, whose systems were forced offline, delaying operations;  and the San Francisco Muni Metro over the Thanksgiving weekend, which was forced to allow passengers to travel for free as a result.

Attacks targeting companies have trebled since January 2016. According to a new report from Kaspersky there’s a ransomware attack every 40 seconds, and, what’s more, the report stated that 62 new ransomware families made their appearance in 2016. The evolving sophistication of this threat type and the rapid increase in its proliferation means that it’s essential for organizations to put basic security principles in place, such as:

• Network segmentation, which can prevent ransomware spreading laterally across networks from infected machines
• Taking regular back-ups of data and storing them offline
• Securing devices with multiple security layers – anti-virus, device firewalls, sandboxing to block known variants
• Access management to ensure only essential personnel have access to different areas of the network: this works in tandem with network segmentation
• Employee education on identifying phishing emails, reinforced by robust anti-spam to help reduce the risk of staff inadvertently opening a malicious email

Botnet blizzard

Botnets have been behind some of the biggest cyber-attacks of the year, such as the huge DDoS attack against Internet infrastructure company Dyn, which caused outages for leading websites including Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix, and  the recent attack on over 1 million routers used to access Deutsche Telekom internet services.

Criminals are looking for more and more ways to exploit IoT devices – including web-connected cameras and home Internet equipment – as well as enterprise PCs and turn them into botnets to mount bigger, more damaging attacks.  Preemptive prevention is near impossible, so organizations need to take the necessary measures to neutralize bot infections, not just to protect their own networks but also to help prevent the unintentional spread of bot infections to other organizations.

Cloudy conditions

Cloud is fast becoming the new normal for enterprises, with both public and private cloud adoption growing: Gartner estimates the public cloud market will grow by 17% in 2016; Forrester states the private cloud market will grow at a compound annual growth rate (CAGR) of 11% between 2016 and 2021; and IDC estimates that the SDN market will grow at a CAGR of 53% until 2020.  With many organizations now running business applications in a hybrid environment utilizing both public and private cloud platforms, it’s critical that organizations put in place best practices for both migrating application connectivity to the public cloud and then securing them once they are in the cloud, alongside their on-premise networks.

The basics of cloud security are the same as security for your on-premise network. And while making security changes manually across an on-premise network is a cumbersome, error prone process, in a hybrid cloud environment its downright impossible. You need visibility across your entire hybrid environment so you know what’s happening and you need to manage all changes properly and securely. This is where automation comes in. A security policy management solution that automatically calculates, implements and documents all change processes, from connectivity discovery right through to security policy decommissioning, is therefore essential when running business applications in the cloud.

For more detailed help, AlgoSec’s CTO, Professor Avishai Wool recently created a series of free, easy-to-follow video whiteboard courses packed with practical tips and tricks for securing AWS environments, and for deploying and managing security for NSX. Check them out!

Misconfigurations matter

With so much attention devoted to the impact of cyber-attacks (and rightly so), it’s easy to overlook the fact that simple human errors, such as misconfigurations or ‘fat-finger’ miskeying of data, can have an equally significant impact on organizations.  The outages resulting from these manual mistakes are just as damaging to a business’ reputation, and can be just as if not costlier to remediate.

For example, In July, Southwest Airlines’ reservation systems went offline, taking five days to return to normal operations.  This led to 2,300 flights being cancelled, a further 8,000 delayed, and costs exceeding $50 million in lost revenues and remediation, all caused by a router failure.  And in June millions of customers of giant telco Telia reported major problems with their Internet connectivity, caused by a simple human error:  a Telia engineer misconfigured a router, resulting in all web traffic bound for Europe being sent to Hong Kong.

In addition to business outages misconfigurations can also create inadvertent holes in your cyber-defenses. As we explored in this blog post a simple mistype can create a policy that allows access rather than denies it, potentially creating a weakness in your security posture.

These issues highlight the need for security policy automation that can proactively assess every single application connectivity change – and then apply the changes automatically, eliminating the mistakes that can be introduced by manual change processes.

Firewalls march forward

Despite many security market observers predicting the death of the firewall (as they have done over the past 5 years or more), it is still the foundation of enterprise security infrastructures, and sales of traditional firewalls and next generation firewalls (NGFW) continue to grow strongly worldwide (according to Gartner, the firewall market will grow approximately 12% in 2016).  The reasons for this are simple:  they help to reduce an organization’s attack surface; they enable networks to be segmented, protecting access to sensitive data and limiting the lateral movement of attackers; and of course they do the essential work of filtering network traffic – as we detailed here.

So traditional and next generation firewalls should never be taken for granted, or treated as fit-and-forget components. They need regularly updating (especially given the vulnerabilities which emerged in solutions from two leading vendors this past year), and careful management of their rules and policies to deliver optimum protection – which is where automating security policy management plays a critical role. Moreover, with NSS Labs estimating that the NGFW market is to grow at a compound annual growth rate of 14% up until 2020, security policy management solutions will also help with the complex process of migrating from traditional firewall to NGFWs (as we blogged here). So one thing is certain:  the firewall is showing no signs of fading away anytime soon.

It will be interesting to see what security challenges and issues this new year brings, but let’s hope for a more secure, and less disruptive 2017.