A “zero confidence” approach model, IoT Deception technologies and behavioral analysis combined (or not) with Artificial Intelligence are some of the strategies that will reinforce companies' IS posture in the next year.
In 2018, we can expect a disruption in the cybersecurity industry. Organizations are spending millions of dollars on technologies to bolster their cybersecurity stance, but to no avail. Attacks are becoming more sophisticated and cybercriminals have many or even more funds to invest in developing new attacks than businesses themselves have to spend on defense.
Thus, we will see companies focusing especially on five trends, which undergo changes in behavior and adoption of new technologies.
“Zero confidence” approach
Next year, we will see the “zero confidence” security model return. With this approach, the IT team adopts a mentality of not trusting anyone - only by explicitly allowing users to access the systems, trust is established.
A decade ago, the “zero trust” approach meant that the IT team would simply prohibit people from using non-corporate applications and devices. However, the most modern model of this posture will accommodate the personal preferences of each individual. But it also implies more stringent authentication measures that will ask users to verify their identities through multiple layers of credentials. Enterprise systems will authenticate whether users are actually entitled to access specific sets of data before making them available.
Deception technologies in IoT security
Operational technology (OT) is increasingly enabling the Internet of Things (IoT) in industries such as automotive and manufacturing. The benefits are attractive, as companies can monitor their equipment closely. But this also inaugurates a new element of risk, because the sensors attached to OT devices enable a new type of cyber attack.
In 2018, Deception Technologies will play an important role in ensuring that security is maintained across the entire Supervisory and Data Acquisition Systems (SCADA) architecture, operational technologies and broader IoT infrastructures.
Deception Technologies introduce thousands of fake credentials into a company's network, making it mathematically impossible for cybercriminals to have access to a legitimate set of user identities. Once a hacker has used a fake credential generated by these technologies, the security operations team will receive an alert that an intruder is hiding on the network. That way, they can immediately initiate a response to the incident. In addition, Deception Technologies also allow organizations to determine how the cybercriminal had access to the network, and to analyze their subsequent pattern of attack.
Behavioral analysis and artificial intelligence
More companies are harnessing the power of artificial intelligence and machine learning to bolster their cybersecurity defenses. However, so far they have encountered limitations: the programmer still needs to provide the algorithms that instruct the machine on what types of malicious activities it needs to look for.
In 2018, this will change thanks to the technique known as "deep learning", which allows machines to learn on their own. Thus, they will begin to perform highly granular analyzes of user activities. By analyzing a user's behavior over a period of time, they will be able to predict whether the person who is trying to access data and applications is really the real user.
Automated threat searchers
Most cybersecurity experts agree that it is critical to have access to threat intelligence on the latest types of attacks and tactics. However, intelligence alone is not enough. Organizations need to proactively "hunt the enemy".
In 2018, we will begin to see automated threat searchers that will be able to make decisions in place of humans. Enabled by artificial intelligence, they can continually scan a company's environment for any changes that may indicate a potential threat. These “threat hunters” learn from what they discover and take appropriate actions.
Blockchain
Blockchain opportunities and applications in the cybersecurity world are just emerging. Blockchain allows a digital transaction record to be created and shared between participants via a distributed computer network.
This means that it is possible for businesses to make Blockchain visible within their organizations so that they can see every transaction that takes place between individuals, data and machines, allowing companies to build a comprehensive history of the transactions that take place.
Basically, Blockchain can become the implementer of the aforementioned 'zero trust' policy. The technology can recognize when a user is trusted, when he is a new user who has never interacted with the network, if an existing user tries to access a set of files he has never accessed before, or if he tries to access the network from an unknown location.
Other uses of Blockchain in cybersecurity will emerge in the future. The technology is already being used in public key infrastructure (PKI), an encryption to protect e-mails, websites and messaging applications. It completely removes central certification authorities, using a distributed domain registry and its related public keys. This form is more secure, since there is no central database to be attacked.
Source: securityinformationnews
About [SAFEWAY]
THE [SAFEWAY] is a widely recognized company as a provider of premium information security and cybersecurity solutions. From its extensive portfolio, we highlight several solutions, including those based on platforms:
● Archer da RSA Security, considered by the institutes Gartner and Forrester and by the market itself, the most complete process integration solution for Governance, Risk Management, Compliance and Business Continuity Management;
● [SAFEWAY] Security Tower, supported by IBM Qradar (Watson technology), tailored to each organization in its security and cyber defense management needs.
● And others, involving technologies Imperva, Thales, Tripwire and WatchGuard Technologies.
We await your contact: [email protected]
