Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
5/29/2018
09:00 AM
Shehzad Merchant
Shehzad Merchant
Partner Perspectives
Connect Directly
LinkedIn
RSS
50%
50%

An Industry In Transition: Key Tech Trends In 2018

By Shehzad Merchant, Chief Technology Officer, Gigamon

It’s the time of the year where everyone makes predictions for the following year. But rather than focus on predictions, I’d like to zero in on long-term trends that will have a broad, far-reaching impact. So without further ado, here are three of them:

1. The Pendulum Of Cybersecurity Will Shift From Confidentiality To Integrity And Availability

The risk rhetoric around cyber breaches will shift from one aimed at confidentiality to one increasingly focused on integrity and availability. Typically, when we talk about breaches, more often than not we're talking about compromised company data or customer information. Many of the recent large breaches in the news reflect this. Cyberattacks that seek to compromise confidential or personal information are fundamentally attacks on the confidentiality of information. However, as we look toward the world of connected devices, breaches in that world will affect the functioning of those devices.

In other words, cyber breaches in the world of connected things or the internet of things (IoT) will impact either the availability of devices or the integrity or functioning of those devices. And this is a much more serious threat than what we are used to today. Cyber breaches that affect the integrity or availability of devices can be life-threatening, and consequently, the risk, cost and threat levels associated with such breaches will far outweigh anything that we are seeing today. An example that comes to mind is medical equipment vital to a patient’s survival such as a respirator or insulin pump. While we as an industry are perhaps reaching the point of breach fatigue, I think the bigger set of issues lie ahead of us. 

2. Rise Of Machine Learning

The use of machine learning (ML) will increasingly proliferate across all aspects of cybersecurity. With recent advances in technology, the use of ML is no longer something mystical, futuristic or confined to the academics. Rather, ML is fast becoming mainstream, with open-source and commercial offerings targeted toward cyber defense. Massive compute and storage capacity at affordable prices and infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) offerings are making ML-based solutions easier and more affordable to deploy.

More significantly, however, is that the algorithms around ML, both focused around supervised and unsupervised ML and the toolkits around them, are rapidly advancing in capability and maturity, particularly in the finance sector. Even the ability to throw massively parallel graphics processing unit (GPU) systems toward ML-based computation is now becoming mainstream with the availability of user-friendly toolkits, APIs and third-party integrations. With these advances, threat intelligence researchers, technology companies, academic institutions and infosec teams will all increasingly attempt to apply ML-based solutions as a way to fingerprint bad actor activity, build more accurate baselines into normal behavior and surface anomalies against that. Key to the success of this is access to relevant and targeted training data that is used for supervised and unsupervised ML. Here, too, the content-rich network traffic data and metadata, which hitherto were harder to come by, are now becoming easily available. This is one promising and long-term trend that can significantly advance cyber defense.

3. Blockchain To The Forefront

Any talk about long-term trends would be remiss without a discussion on blockchain. I am referring to the underlying technology behind Bitcoin -- not the cryptocurrency itself. The distributed ledger mechanism of blockchain is very amenable to solving many of the broader problems we face today. While smart contracts seem to be the buzz today around blockchain, the real power lies in harnessing it for fundamental and discontinuous shifts in how we think about trust and the role of centralized trusted authorities. These include governments, banks, clearinghouses, credit verification agencies, etc. Our long-standing reliance on central authorities has created both monopolies and choke points that cybercriminals have been able to target with massive impact.

For example, take the case of the Equifax breach that revealed a record number of user identities. Rather than having a handful of central authorities that control the data of hundreds of millions of users, we should consider models with each user’s credit history protected as part of a blockchain with access rights controlled by the user as needed, such as for credit verification. Leveraging blockchain in this way would fundamentally change how we think about credit reporting, privacy and the ability to access that information for credit history verification.

There are other challenges that will arise, of course, and blockchain itself will need to evolve. However, the overarching point is blockchain has the potential to create discontinuities that can change and reshape the very notion of the role of centralized authorities, governments and banks and their involvement in terms of how we conduct business in our day-to-day lives. There is still a long way to go with it, but it's certainly a very interesting trend to keep an eye on.

From a swing of the cybersecurity pendulum to the increasing ubiquity of machine learning and more, 2018 is likely to be one for the books. How do you foresee the cyber landscape changing in the coming year?

As previously seen on Forbes in An Industry In Transition: Key Tech Trends In 2018.

Shehzad Merchant serves as Chief Technology Officer of Gigamon bringing over 20 years of experience in the high-tech industry. Prior to joining Gigamon, Shehzad served as the CTO at Extreme Networks, and is the author of several networking and communications patents. He is a ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
rubelmollah
100%
0%
rubelmollah,
User Rank: Apprentice
7/29/2018 | 11:00:28 AM
nice post
Thanks For Sharing Such beautiful information with us. i hope you will share some more information about this post. please keep sharing! 
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16413
PUBLISHED: 2019-09-19
An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.
CVE-2019-3738
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
CVE-2019-3739
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
CVE-2019-3740
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
CVE-2019-3756
PUBLISHED: 2019-09-18
RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.