An Intelligence-Driven View of 2019 Cyber Trends
There’s never a dull moment in cybersecurity and 2019 will be no different. Predictions abound about what this year will hold.
We’ve asked the cybersecurity and threat intelligence experts at AIG, Castra, Equinix, Gigamon, ThreatQuotient, Webroot, and—of course—ThreatBlockr: What trends are important today and what do you think will remain front and center in 2019?
Attack Surface Expansion as Connected Devices Continue to Explode
Experts from AIG, Equinix, and ThreatQuotient all indicated that the Internet of Things (IoT) will remain a hot topic in cybersecurity in 2019.
Ah, yes! You know it well! This may sound like a broken record but IoT device cybersecurity remains at the top of many charts (and headlines…and presentations…) for a reason.
While the growth of smart phones has plateaued, there’s no signs of slowing in the explosive growth of other internet-connected devices. The result? A growing attack surface that can be exploited and weaponized by attackers for malicious purposes. Given IoT devices’ ability to be weaponized (see consumer IoT markets’ general lack of cybersecurity standards) means continued and significant growth in millions and millions of hackable IPs and domains.
This is one reason why Jack Hamm, Director Security and Network Operations at Gigamon believes that network and endpoint visibility and automation will continue to be a key area of focus by security teams in 2019. As Jack put it simply, “you can’t secure what you can’t see and control.”
Threat Intelligence Adoption Goes Mainstream
Elite security organizations have established dedicated threat intelligence efforts as critical components of their security operations. These organizations know that threat intelligence from existing security controls like next-generation firewalls is no longer sufficient to provide adequate cyber-situational awareness and protection. A broader view of threat actor activity based on threat intelligence from multiple external sources, including commercial, open-source, industry, and government sources is required.
In 2018, we started to see increasing adoption of threat intelligence by small and mid-sized organizations. While these organizations lack the resources to operate large security organizations, the emergence of Threat Intelligence Gateway (TIG) technology is enabling them to deploy enterprise-grade threat intelligence in an easy and automated way. Additionally, there is an increased focus by Managed Security Services Providers (MSSPs) on offering advanced threat intelligence services.
The above factors will drive more mainstream adoption of threat intelligence in 2019.
Third-Party Risk & Supply Chain Security
The Global Resilience Federation, a non-profit information sharing and analysis hub, dedicated their 2018 Annual Summit to the topic of third-party risk, which is and will remain an important factor of cybersecurity going into 2019 (and beyond). Large security organizations are increasingly adopting dedicated third-party risk efforts. There is a whole crop of security tools emerging that enable organizations to operationalize and automate efforts around third-party assessments and ongoing monitoring and validation. Organizations like Shared Assessments are building an ecosystem of cross-industry organizations to produce collective intelligence, standards, best practices, tools, and more in this area. Interestingly, and related to our first point, when it comes to third-party risk, IoT is a growing area of concern.
Managing third-party risk requires awareness of vulnerabilities and threat activity across an organization’s value chain. This is another area where the mainstream adoption of threat intelligence will be valuable. An easy step organizations can take in this regard is to use threat intelligence from their industry ISAC or ISAO to gain awareness into threat activity in their particular industry. Organizations like the Global Resiliency Federation are also working to strengthen and facilitate cross-industry threat information sharing among ISACs and ISAOs.
Automation to Improve Security Operations Efficacy & Efficiency
The shortage of security staff is increasing the pressure on security organizations of all sizes. Several of our experts highlighted the continued growth in the use of security automation as a hot area in 2019. Automation is being adopted as a means to increase the efficacy and efficiency of security operations.
This includes the continued adoption of Security Operations Platforms. John Czupak, CEO of ThreatQuotient, highlighted dynamic changes in this market as areas like security orchestration, ticketing, and threat intelligence platforms (TIPs) are consolidating from stand-alone solutions into more comprehensive Security Operations Platforms. And for those who are creating the platforms of tomorrow, John says, “providers will need to show capabilities that enable things like prioritization to help identify the important items, automation, investigations, and operational support for the SOC.”
Grant Leonard, co-founder of Castra, sees increasing use of SOAR (next-generation SIEM platforms) or “at the very least orchestrated responses to threat detection” (i.e. an automated block from SIEM based on detection).
Artificial Intelligence May Be Over-Hyped But It’s Not Make-Believe
While arguably over-hyped, artificial intelligence and machine learning will continue to play a role in improving security operations, especially for small and mid-sized enterprises that lack armies of security analysts. As our partner Webroot indicates, “if small and medium-sized businesses want to keep their IT teams from being inundated and overrun with alerts, false positives, and remediation requests, they’ll be forced to work AI and machine learning into their security solutions. Only machine learning can automate security intelligence accurately and effectively enough to enable categorization and proactive threat detection in near real time.” (This is one of the reasons we leverage threat intelligence from Webroot in our ThreatBlockr Threat Intelligence Gateway.)
Threat Intelligence Gateways Also Go Mainstream
Threat intelligence lies at the heart of many of the prior trends. Many of the security experts we polled see more organizations looking to leverage automation when it comes to managing and taking action with threat intelligence. Threat intelligence gateways allow organizations to leverage automation to proactively block known threats and unwanted traffic based on threat intelligence. One angle to this automation is the ability to integrate with Threat Intelligence Platforms (TIPs) like Anomali, EclecticIQ, ThreatConnect, ThreatQuotient, and TruStar to enable automated blocking of malicious IPs and domains detected by these systems. The same is true for SIEM systems like AlienVault, Jask, and Splunk, to name a few.
Network Security Gets More Cloudy
The shift to the cloud remains a key secular trend. This is evidenced by the continued strong growth of cloud providers like Amazon, Microsoft, and Google. Some view the shift to cloud as a dissolving of the perimeter, but the fact is enterprise IT remains hybrid with a heavy mix of on-premises and cloud. We think the more accurate view is that the perimeter is expanding.
A few years ago, organizations commonly deployed native network security controls from cloud infrastructure providers to secure cloud workloads. However, the increasing use of multiple cloud providers has driven organizations to deploy cloud security solutions from best-of-breed network security vendors. This has been driven by a desire for common security policies and single-pane-of-glass management across multiple cloud environments, as well as on-premise environments. We see this first-hand at ThreatBlockr as almost every customer conversation includes a discussion around how the ThreatBlockr TIG can be used to secure cloud workloads.
Another interesting cloud angle to network security is consuming network security as a cloud service. In 2018, we started to see some organizations express a desire to consume network security functions like firewall and IPS as a cloud-based service, versus the traditional on-premises appliance-based approach. This is being driven by multiple factors including an increase in remote users that are accessing the internet directly (instead of from the corporate network) and fatigue from managing and constantly upgrading network security appliances.
As we look to 2019, there’s no doubt that the impact of cloud adoption on network security will remain a hot topic.
Thank You to Our Experts!
We wanted to send a personal note of thanks to our experts for providing their valuable perspectives. They include:
- Perry Lee, AIG
- Phil Kibler, AIG
- Raz Ghanaghounian, AIG
- Grant Leonard, Castra
- George Do, Equinix
- Jack Hamm, Gigamon
- John Czupak, ThreatQuotient
- Marc Solomon, ThreatQuotient
- The Webroot Team
Step into the Future with a ThreatBlockr Threat Intelligence Gateway
Threat intelligence is gaining mainstream prominence with businesses from main street to wall street. Organizations of all sizes are using threat intelligence to better protect their networks and data. However, just because organizations are using it more doesn’t mean they are using it efficiently. Managing threat intelligence through traditional means, such as a firewall, is cumbersome and time-consuming, and utilizing it through a TIP or SIEM gives organizations great insight into threat activity, but unfortunately little ability to take action on threat intelligence.
The ThreatBlockr Threat Intelligence Gateway (ThreatBlockr TIG) was purpose-built to solve these problems. Reach out today to learn more about how the ThreatBlockr TIG can make accessing, managing, aggregating, and acting on threat intelligence easy for your organization and try our 30-day, risk-free trial.