Perimeter
Guest Blog // Selected Security Content Provided By Sophos
What's This?
6/19/2012
09:01 AM
Dark Reading
Dark Reading
Security Insights
50%
50%

Midyear Security Predictions: What You Should Know And Look Out For

Consumerization, APTs, and cloud computing will dominate discussions during next six months

Here at Sophos, James Lyne is our equivalent of Alvin Toffler, the author of Future Shock, a best-seller (more than 6 million sold) published in the 1970s. Toffler argued that as society undergoes change, this accelerated rate of technological and social change leaves people disconnected and suffering from stress and disorientation -- future shocked.

The same might be said for technology, particularly in the network security space, which itself has been through many dramatic changes recently. New mobile operating systems, the growing use of personal devices in the workplace, and cloud storage make securing the network a growing challenge. As more demands are placed on it -- faster network connections, more remote users, and IT consumerization, Lyne has offered eight trends he believes will impact network security and your security strategy. These are:

1. Mobile networks, VPNs, and roaming users
Today’s connect-from-anywhere road warriors regularly test the traditional boundaries of network security. Firewalls are increasingly porous as employees access services from devices such as iPads, Android phones, tablets, and PCs, all of which require security that mirrors but also improves on PC solutions. Extending connectivity to small-branch or home offices is also a focus for many organizations. Your network strategy needs to consider how to secure access across platforms over an expanding network perimeter.

2. Targeted attacks and APTs
APTs (or advanced persistent threats) represent the next generation of Internet crimeware. For years, network security capabilities, such as Web filtering or IPS, played a key part in identifying such attacks (mostly after the initial compromise). As attackers grow bolder and employ more evasive techniques, network security must integrate with other security services to detect attacks. We’ll need to evolve security capabilities in response to these threats in the coming years.

3. Consumerization and BYOD
Consumerization and the BYOD (bring your own device) movement means consumer devices like iPads, iPhones, and Android phones are moving onto the corporate network. To deal with consumerization, your security strategy needs to focus on network security for devices where an endpoint agent may not have been deployed or may not be functioning properly.

For example, if a user connects with a Mac running malicious code, your network security layer should be able to identify that the device is attempting to retrieve malicious code updates or other suspicious activities and be able to identify and remediate it. Otherwise you may not find out until you’re already infected, and remediation can only happen after the fact.

Consumerization and BYOD increase the importance of alignment between your various security layers, particularly those at the network layer.

4. Web application and Web server protection
The threat of attacks on Web applications to extract data or to distribute malicious code persists. Cybercriminals distribute their malicious code via legitimate Web servers they’ve compromised. But data-stealing attacks, many of which get the attention of media, are also a big threat. Organizations used to focus security investment on PCs and preventing conventional malware from spreading to them and onto the network. Now you need a greater emphasis on protecting Web servers and Web applications. Similar challenges are ahead for emerging technologies, such as HTML 5.

5. IPv6: Major surgery for the Internet
IPv6 is the new Internet protocol replacing IPv4, long the backbone of our networks, in general, and the Internet, at large. Protecting IPv6 is not just a question of porting IPv4 capabilities. While IPv6 is a wholesale replacement bringing more IP addresses, there are some very fundamental changes to the protocol that need to be considered in security policy. Whether your organization adopts it later rather than sooner, make sure that IPv6 is on your network security agenda.

6. Contending with cloud services
Small, midsize, and large enterprises are beginning to adopt cloud services and SaaS at a greater rate. This trend presents a big challenge for network security, as traffic can go around traditional points of inspection. Additionally, as the number of applications available in the cloud grows, policy controls for Web applications and cloud services will also need to evolve.

For example, which users should be able to interface with which services? Who should be able to post data, and who should have read-only privileges? While cloud services are developing their own security models, they will still need to be harmonized with your own strategy to avoid multiplication of password, permissions, and other security infrastructure concerns. To be sure, the cloud represents a great opportunity. But as the cloud evolves, so, too, must network security.

7. More encryption
Encryption at every level protects the privacy and integrity of data. We’re increasingly deploying encryption at every layer. However, more use of encryption will bring more challenges for network security devices. For example, how will your network DLP (data loss prevention) inspect traffic that is encrypted end-to-end as it accesses a certain cloud service? Collaboration between the network and the endpoint to deliver complete security in scenarios like this will be critical. You need to have a network security strategy that integrates your network security with other layers of security such as endpoint, Web protection, and mobile devices.

8. The elastic network
The network perimeter is expanding like an elastic to include high-speed 4G and LTE networks, wireless access points, branch offices, home offices, roaming users, cloud services, and third parties accessing your applications and data to perform services. These changes to the size, scope, and surface of your network can lead to misconfiguration or change control errors that could lead to security breaches. You’ll need security solutions you can consistently deploy at each device or point of infrastructure. And you need central management to keep on top of the dynamics of this elastic infrastructure and the various layers of security at each endpoint.

For more information, visit the network security page at Sophos.com.

There you have it: eight trends that are changing network security. And all delivered, we hope, without future shock.

Brian Royer, a security subject matter expert, Sophos U.S., is partnering with SophosLabs to research and report on the latest trends in malware, Web threats, endpoint and data protection, mobile security, cloud computing and data center virtualization.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Jezz
50%
50%
Jezz,
User Rank: Apprentice
7/2/2012 | 3:27:57 PM
re: Midyear Security Predictions: What You Should Know And Look Out For
Excellent article on the growing complexities of challenges facing organizations today. It's also unfortunate, but true, that countless SMBs are ill prepared - from attitudes to skillsets - to respond to the growing threats. Some are playing ostrich...thinking that business-as-usual may work for them, continue to host their own systems, and hope for the best.

I know that from a tools perspective, I couldn't find any one-size-fits all for an SMB I was helping as interim CIO last year: The company lacked adequate staff to manage multiple vendor offerings, yet there was no one that offered a good solution to address PHI (HIPAA) data security, whether a container approach or not, across W/Intel and Android devices - and let's not even talk about iOS.

Of course, even for this SMB, the needs were significant: BYOD was just one of the issues, but was the most ornery one. And I know this SMB is not unique.

For the BYOD issue, crossing n-platforms, the need is real: Even if the SMB outsources everything with IT (which I never recommend except in extremely rare cases and in some specific verticals), there are costs involved in using a multi-vendor solution set --and those costs would have to be passed on to the SMB.

What concerns me is that this situation is not unique; I've no doubt even the Fortune 1000 corporations are struggling to gentle with the horrific onslaught of security issues driven by the complexities you've laid out in this post. nd this means NONE of us are safe: We all have data of a personal nature, both PHI and financial, stored and used at many small (doctor offices, e.g.) and huge (insert any major financial institution you use here) corporations.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.