Security remains a key concern in the cyber-space, with cyber-attackers striking at will, limited only by the extent of their determination. Many incumbent security apparatuses have big holes, but the security industry is ever-evolving, constantly adapting to remain one-up on cyber-criminals and offer robust security for new paradigms such as mobile and cloud at the same time.
Here are some of the emerging security technologies to consider for your organization
Newer Malware Detection Models
With many traditional models being an utter flop in preventing cyber-breaches, organizations are looking at newer models to detect malware.
The ingenuity of cyber criminals has rendered the traditional signature-based model of detecting malicious files obsolete. Many organizations now consider other methods, such as machine learning-based mathematical models, or testing suspicious files in a virtual sandbox. Cost-effective SaaS-based security scanning services has also caught on in a big way, considering most attackers target the configuration weakness and code vulnerabilities.
Many security providers offer solutions that fix attribution on attackers and profile them. San Francisco-based Mykonos Software fingerprint cyber criminals based on their intent and skills and inject the attack platform with a token to block future attacks.
Crowd-sourcing is making a mark in security as well. Palo Alto Networks, a Santa Clara, California-based company has pioneered this front with its Wildfire platform that uses a cloud-based malware analysis environment, to share threat information with all subscribers.
Even as some conventional security services has flopped, others such as trust services and encryption retain their relevance. However, these services too are under considerable stress, owing to developments in technology.
IoT boom overwhelms Trust Services with the need to support billions of devices, many with limited processing capability. Some leading-edge approaches adopted by organizations to cope up with the challenge include the use of distributed trust and block chain-like architectures.
Likewise, while full encryption of the data before saving it in the cloud addresses the security needs, it impedes usability. Homomorphic encryption, which allows categorizing and mining encrypted files, is gaining traction now, as a solution.
In today’s BYOD era, trying to control the employee’s phone is akin to ordering the tides to go back. Security experts have long realized the more efficient way is to enforce security at the application level, and deploy application containers or wrappers for the purpose.
Likewise, more and more organizations look at hardware isolation to contain attacks. Secure virtual containers are becoming familiar to insulate web browsers, PDF readers, and other executable files. Bromium, a Cupertino, a California-based company has launched a micro-visor that isolates system processes.
Another fortification measure that has caught on is “micro-segmentation,” or more intense granular segmentation of east/west traffic in the networks. Typically, attackers can move around the network at will, once they gain entry. Visualization tools that make explicit flow patterns, and allow admins to set segmentation policies, thwart such free movement and contain the damage to a small area. Point-to-point IPsec tunnels and cryptographic isolation between workloads are some tools that help contain the breach to the particular area, post-visualization.
Deceiving the Deceiver
With perimeter fencing having all but lost the battle to cyber-attackers, more and more organizations now resort to deception.
Deception technology tries to beat malware at its own game, by resorting to various deceptive tricks against it. The most common method is deploying honeypots to create fake vulnerabilities, and lure the attackers into distributed endpoint decoy systems. When the attackers touch an emulator that serves as a honeypot, the security system triggers the alarm.
Gartner predicts about 10% of enterprises to use deception tools and tactics, by 2018.
Dissuading the Attacker
If organizations can identify the motive of the cyber attacker, they can work to remove the motivation, and hence deter the attacker. Most targeted attacks aim to steal intellectual property and other information that has commercial value. Many organizations now indulge in comprehensive risk assessments, to identify tempting targets resident in their systems. They can either beef up security around such critical assets or even take such assets offline.
Denying the Attackers
Organizations now deploy various innovative measures to deny attackers. One measure which has gained considerable traction is remote browsers. Most attacks target end-users with malware-infected URLs, email, and messages. A remote “browser server,” isolates the browsing function from the rest of the endpoint and corporate network, thereby keeping malware off of the end user’s system, and reducing the risk manifold.
Indulging in Deep Profiling
Accenture’s 2013 Technology Vision document is a perfect example of deep authentication, authorizing users based on their location, time of day, and several other factors that make it virtually impossible for even legitimate or familiar users to gain unauthorized access.
Today’s organizations go even beyond, many of them deploying artificial intelligence empowered systems that understand legit users’ daily activity profile, place login attempts in context, and take risk-based decisions in real-time. For instance, an employee who has no business to travel suddenly making a login attempt from Timbuctoo raise a serious red flag, and cause a lock-down.
User and entity behavioral analytics (UEBA) generates deep insights on not just user behavior, but also on endpoints, networks, and applications. Organizations need to factor in such analytics to an intelligence-driven security operations center (SOC) and adopt event-based monitoring in a big way.
Beefing Up the Authentication
Most organizations now employ multi-factor authentication. The password nevertheless remains the primary authentication mechanism. It has been a cat-and-mouse game between security experts and cyber criminals, with the increased complexity of the passwords invariably matched by advancements in password-cracking technologies. Security experts are toying with substituting passwords with biometric authentication methods. Only the difficulty in wrapping hardware and software around biometrics has prevented this move from becoming mainstream.
However, hardware tokens as part of the authentication process are now mainstream. Intel’s new, sixth-generation Core vPro processor offers “Authenticate” solution that validates a user through permutations of various hardware-enhanced factors. Hardware authentication is not just useful to secure traditional endpoints such as laptops and mobiles, but it even more critical in the IoT world, where a network needs to ensure the thing trying to gain access should have access to it.
Deploying the latest technology alone, however, does not guarantee security. Even the best security method falters in isolation. What is needed is a comprehensive analysis and deployment of the appropriate security measures as part of an integrated whole. Get in touch with us for a comprehensive security assessment and implementation of the right security suite, in the right way.