Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
5/29/2018
09:00 AM
Shehzad Merchant
Shehzad Merchant
Partner Perspectives
Connect Directly
LinkedIn
RSS
50%
50%

An Industry In Transition: Key Tech Trends In 2018

By Shehzad Merchant, Chief Technology Officer, Gigamon

It’s the time of the year where everyone makes predictions for the following year. But rather than focus on predictions, I’d like to zero in on long-term trends that will have a broad, far-reaching impact. So without further ado, here are three of them:

1. The Pendulum Of Cybersecurity Will Shift From Confidentiality To Integrity And Availability

The risk rhetoric around cyber breaches will shift from one aimed at confidentiality to one increasingly focused on integrity and availability. Typically, when we talk about breaches, more often than not we're talking about compromised company data or customer information. Many of the recent large breaches in the news reflect this. Cyberattacks that seek to compromise confidential or personal information are fundamentally attacks on the confidentiality of information. However, as we look toward the world of connected devices, breaches in that world will affect the functioning of those devices.

In other words, cyber breaches in the world of connected things or the internet of things (IoT) will impact either the availability of devices or the integrity or functioning of those devices. And this is a much more serious threat than what we are used to today. Cyber breaches that affect the integrity or availability of devices can be life-threatening, and consequently, the risk, cost and threat levels associated with such breaches will far outweigh anything that we are seeing today. An example that comes to mind is medical equipment vital to a patient’s survival such as a respirator or insulin pump. While we as an industry are perhaps reaching the point of breach fatigue, I think the bigger set of issues lie ahead of us. 

2. Rise Of Machine Learning

The use of machine learning (ML) will increasingly proliferate across all aspects of cybersecurity. With recent advances in technology, the use of ML is no longer something mystical, futuristic or confined to the academics. Rather, ML is fast becoming mainstream, with open-source and commercial offerings targeted toward cyber defense. Massive compute and storage capacity at affordable prices and infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) offerings are making ML-based solutions easier and more affordable to deploy.

More significantly, however, is that the algorithms around ML, both focused around supervised and unsupervised ML and the toolkits around them, are rapidly advancing in capability and maturity, particularly in the finance sector. Even the ability to throw massively parallel graphics processing unit (GPU) systems toward ML-based computation is now becoming mainstream with the availability of user-friendly toolkits, APIs and third-party integrations. With these advances, threat intelligence researchers, technology companies, academic institutions and infosec teams will all increasingly attempt to apply ML-based solutions as a way to fingerprint bad actor activity, build more accurate baselines into normal behavior and surface anomalies against that. Key to the success of this is access to relevant and targeted training data that is used for supervised and unsupervised ML. Here, too, the content-rich network traffic data and metadata, which hitherto were harder to come by, are now becoming easily available. This is one promising and long-term trend that can significantly advance cyber defense.

3. Blockchain To The Forefront

Any talk about long-term trends would be remiss without a discussion on blockchain. I am referring to the underlying technology behind Bitcoin -- not the cryptocurrency itself. The distributed ledger mechanism of blockchain is very amenable to solving many of the broader problems we face today. While smart contracts seem to be the buzz today around blockchain, the real power lies in harnessing it for fundamental and discontinuous shifts in how we think about trust and the role of centralized trusted authorities. These include governments, banks, clearinghouses, credit verification agencies, etc. Our long-standing reliance on central authorities has created both monopolies and choke points that cybercriminals have been able to target with massive impact.

For example, take the case of the Equifax breach that revealed a record number of user identities. Rather than having a handful of central authorities that control the data of hundreds of millions of users, we should consider models with each user’s credit history protected as part of a blockchain with access rights controlled by the user as needed, such as for credit verification. Leveraging blockchain in this way would fundamentally change how we think about credit reporting, privacy and the ability to access that information for credit history verification.

There are other challenges that will arise, of course, and blockchain itself will need to evolve. However, the overarching point is blockchain has the potential to create discontinuities that can change and reshape the very notion of the role of centralized authorities, governments and banks and their involvement in terms of how we conduct business in our day-to-day lives. There is still a long way to go with it, but it's certainly a very interesting trend to keep an eye on.

From a swing of the cybersecurity pendulum to the increasing ubiquity of machine learning and more, 2018 is likely to be one for the books. How do you foresee the cyber landscape changing in the coming year?

As previously seen on Forbes in An Industry In Transition: Key Tech Trends In 2018.

Shehzad Merchant serves as Chief Technology Officer of Gigamon bringing over 20 years of experience in the high-tech industry. Prior to joining Gigamon, Shehzad served as the CTO at Extreme Networks, and is the author of several networking and communications patents. He is a ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
rubelmollah
100%
0%
rubelmollah,
User Rank: Apprentice
7/29/2018 | 11:00:28 AM
nice post
Thanks For Sharing Such beautiful information with us. i hope you will share some more information about this post. please keep sharing! 
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
RDP Bug Takes New Approach to Host Compromise
Kelly Sheridan, Staff Editor, Dark Reading,  7/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14248
PUBLISHED: 2019-07-24
In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.
CVE-2019-14249
PUBLISHED: 2019-07-24
dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump.
CVE-2019-14250
PUBLISHED: 2019-07-24
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
CVE-2019-14247
PUBLISHED: 2019-07-24
The scan() function in mad.c in mpg321 0.3.2 allows remote attackers to trigger an out-of-bounds write via a zero bitrate in an MP3 file.
CVE-2019-2873
PUBLISHED: 2019-07-23
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...