Changes in Cybersecurity (Part 2)
We're seeing changes in speed and complexity, DevSecOps, use of artificial intelligence and machine learning, and more.
Join the DZone community and get the full member experience.Join For Free
We're excited to announce Trend Reports by DZone beginning with Application Security! Everyone involved in building applications — from developers to CTOs — should think about security ramifications. This Trend Report will explore what developers feel are the most prominent threats, where corporate priorities lie, and how secure coding practices are being implemented. Keep an eye on your inbox and our homepage on July 22nd to learn more.
To understand the current and future state of the cybersecurity landscape we spoke to, and received written responses from, 50 security professionals. We asked them, "How do you see the cybersecurity landscape changing?"
Part one was all about attack vectors and threats. Here, in part two, we cover speed and complexity, DevSecOps, AI/ML, and more.
- Speed and complexity are the most important. The open parameters of BYOD, the transition to the cloud, more complex interactions with partners, customers and vendors, and different channels. The speed of change, attack, assessment, and defense is challenging if you want to be proactive. It can be months before a breach is detected, and by that time, the tracks have been covered and the identity wiped clean. There’s nothing to look for. You need to detect attacks as soon as possible to catch any traces to get an indication who took the data or damaged the network.
- People are realizing their biggest vulnerabilities are a function of their operations and procedures. The time to patch is the window that creates the biggest vulnerability. We can eliminate bad things if we're expedient in taking advantage of patches and fixes available, but we frequently see operations and procedures preventing customers from keeping pace.
- The constant evolution of more attacks, more data volume, the faster response time required. Everything today is online. There are massive volumes of information to get your head around. This has accelerated in the last year. Used to secure email and credit card information. Now, bank accounts and IoT devices are feeding tons of information into enterprise data lakes. Car companies are monitoring automobiles producing terabytes of data. Health and education records are online. All of these are big targets for hackers since all of this information can be sold on the black market. By 2020, every person will have 5,200 GB of data on them. There are increasingly complex data types (e.g. VIN numbers are now sensitive information since a hacker can disable a vehicle).
- 1) Enterprises are now implementing multiple technologies like Kubernetes for orchestration and alternate technologies such as serverless functions from all of the big cloud vendors, then deploying them “continuously” into production. The window for the security team to properly review the application and its infrastructure has become much shorter, if it exists at all. 2) At the same time, there is a global lack of trained security professionals that are familiar with these newer platforms. This drives a need for greater efficiency (allowing existing staff to handle more load), and for systems that allow less highly trained personnel to handle more common or repetitive tasks. 3) Many larger organizations face another challenge, based on differing security or compliance needs across projects or departments. While it would be nice to simply implement a single solution enterprise-wide, with consistent policies for all applications, this is not realistic. Solutions that can manage multi-cloud, multi-stack, and then provide for a form of multi-tenancy internally, can allow the flexibility to manage departmental needs while leveraging a common platform architecture.
- Companies are leveraging cloud-based infrastructure and employing technologies that are not classic new data center technology. This changes how to address risk and attack vectors with changes and constantly moving parts create the need for new security products. Developers and DevOps are the driving force behind adopting new technology and also address the need for IT and security teams. There is a need for different products than EDR, perimeter firewalls to protect data and infrastructure today.
- In the world of DevOps specifically, the movement towards security-by-design has been gaining momentum. Organizations are striving to incorporate DevSecOps and embed security practices throughout the entire software lifecycle, rather than as a tacked-on afterthought.
- Application security is in the midst of a transformation. Virtually all enterprise applications and assets have become web-facing whether in the form of a traditional web-application, cloud applications, APIs, microservices, or legacy apps accessed through a web interface. These applications are being continuously developed and delivered at unprecedented speed and are constantly being probed and attacked by human and automated threats. 1) Shift to the cloud - As the majority of applications transition to a web-facing and cloud deployment, application security must be automated, reliable, and provide real-time protection. 2) The new pace of development — dev cycles are much shorter, going from months to weeks and, in some cases, even days. Therefore, security tools at the DevOps level must be easy to integrate and maintain in order to support a continuous delivery flow.
- We've been seeing security in a state of crisis. I see it recovering in 2019 with new innovative tools doing security scanning in a different way. Existing tools are becoming more conducive to the multi-stage process. Existing tools are becoming more DevOps aware and more shift-left tools are arriving. New companies are doing analysis in a different way that results in low false positives, high benchmarks result in finding security vulnerabilities in code that plugs into the IDE.
- DevOps, containers and microservices, and cloud infrastructure enable teams to deliver value to their customers at an incredible rate. It’s an exciting time, but it’s also created anxiety around security. The cybersecurity landscape needs to evolve along with the rest of the changes that a digital transformation brings as teams embrace DevOps. Security tools need to be more highly automated and woven into the entire CI/CD pipeline. They need to identify misconfigurations in cloud infrastructure and quickly adapt to infrastructure changes. The risks associated with the cloud are inherently different than the risks typically found in on-premises and network-based environments. Organizations need to think strategically about what these new risks mean for their business and proactively address them.
- It goes back to the evolution standpoint with terms like AI/ML. Few people understand data science. The problem is the mathematical formula is only as good as the data that’s present. AI/ML can only go so far. We see the continuous trend towards countermeasures and security orchestration evolving to an enterprise scale. There are a lot of emerging threats. We're seeing more comprehensive exploitation tactics that change how organizations defend against attacks. Data-driven security intelligence is moving toward defense based on intelligence.
- Software and AI is a major game changer; for both companies protecting their digital assets and villains attempting to disrupt, destroy, corrupt or steal those same digital assets.
- The cyber landscape is always changing but we will see an emergence of AI and machine learning take hold in cybersecurity as professionals look for ways to automate and augment their work in the midst of a widening industry skills gap. AI/ML has both good and bad aspects to it with respect to cyber, that is inevitable in that field, but we believe the cybersecurity industry can greatly benefit from applying it to train and augment staff and in products that help identify anomalous activity with automatic data enrichment. This helps security analysts perform better. We are seeing AI/ML applications roll out more in the cybersecurity community.
- AI/ML-enabled application security has unrivaled speed and accuracy when compared to their more basic, automated predecessors. It is also ‘smart’ and can ‘learn’ from past experiences to influence future outcomes. These characteristics allow AppSec teams to hit their tight production deadlines, carry out comprehensive application security vulnerability checks and gain access to real-time security risk assessments.
- 1) Let’s use endpoints as an example since they contain valuable data, and each endpoint can be an access point for attackers. Historically, if a breach or a significant event on the endpoint occurred, the SecOps team would conduct forensic recovery processes. This entailed seizure of the machine to recover the information on the hard drive. However, when threats began using execution in memory – as opposed to on the file system itself – the moment the team seized the machine by unplugging the laptop from power, they’d lose all the good forensic data. This was a critical moment in the development of current endpoint detection and response (EDR) solutions. 2) At the same time, another turning point for EDR was the move away from network-based cyber threat monitoring. During this time, firewalls, intrusion detection, proxies, and more were each logging and generating alerts as part of the broader threat detection capability. However, there was no way to tell if a threat was successful in getting into an employee’s endpoint. This is the major gap EDR fills and is why it’s such a critical part of threat validation and response process today. 3) Next-generation attacks can execute from previews, shut off anti-malware systems, escalate privileges, and even disable logs to hinder threat detection and investigations. Unfettered visibility is important to prevent these attacks. However, organizations must also hone skills to combat the next phase of how adversaries are targeting assets: through AI/ML.
- The shift in focus and resources is going away from traditional infrastructure and network-centric security tools toward new innovations that focus on user-identity, data, and application-centric security protections.
- The revelation that you are heavily exposed, and you have assignment and access rights to things that should not be out there. You have more exposure than you should. There is a need to understand risk and risk by dollars – breach, unauthorized access, sending out information that should not be sent out. Spend money to protect the most valuable and sensible information. Monetize information and risk and spend money to secure appropriately.
- We're seeing a shift toward a more knowledge-driven approach to existing problems like vulnerability management and app sec. There's a shift to a risk-centric approach to managing both problems – prioritization and remediation. Risk is subjective so we want to ensure any internal factors are reflected as part of the process. Risk-centric, knowledge-centric approach, bringing a lot of different information together from different places to drive decisions.
- I do think the cybersecurity landscape changes all the time with the new products that are out there. It also changes when the media puts out soundbites to alert people that this new, horrible thing has happened. But what really needs to be happening in cybersecurity hasn’t changed in the last 50 years. Why? Because people are still looking for products to be their solution rather than developing a process-based approach to cybersecurity.
- The security landscape is always evolving, because we are essentially in an arms race, and humans are unpredictable. Over the last 20 years, the security industry has shifted perspectives from fighting against a breach to ensuring that processes, technologies, and people are in place to ensure minimal loss upon a breach.
- Practicing cyber wellness is a necessary skill set in today’s current cybersecurity landscape and will continue to develop for the foreseeable future. It can ensure an organization’s success by actually keeping up with patches, closing online doors, encrypting data, eliminating the use of passwords, and checking what access vendors have to the corporate network. While we’re encouraged to see this increase in awareness, it’s clear that more than ever, enterprises are struggling under immense security and regulatory pressures as a result of today’s global digital environments. Companies must find a universal place to begin their compliance journey by quickly identifying areas of concern, and more importantly, actionable ways to address them. Only then can organizations gain unprecedented visibility into the complex web of their endpoints and the data residing on them, in order to swiftly take action and promptly meet compliance requirements, such as GDPR. Compliance should not be the end goal, but rather part of the toolset and robustness of cybersecurity.
- Even now, there’s a growing realization that no company can keep code secure on its own. Codebases have become far too large and complex to rely on manual security testing, and even companies supplementing their own researchers with automated techniques will start to fall behind. Vulnerabilities are simply too common, and breaches are impossible to avoid. When companies accept that breaches are inevitable, they can then begin to mitigate their risk. While automating certain testing practices is one of the best ways to improve your own security, the landscape as a whole will likely begin to accept the merits of open source security and come to rely on the community as a whole to help secure their software.
Here’s who shared their insights:
- Josh Mayfield, Director of Security Strategy, Absolute
- Jim Souders, CEO, and Anne Baker, V.P. of Marketing, Adaptiva
- Steven Aiello, security and compliance solutions principal, AHEAD
- Gadi Naor, CTO and Co-founder, Alcide
- Omer Benedict, Senior Director of Product Management, Aqua Security
- Tom Maher, CTO, Asavie
- Gaurav Banga, CEO and Founder, Balbix
- Nitzan Miron, V.P. Product Management, Application Security Services, Barracuda
- Cam Roberson, Director of the Reseller Channel, Beachhead Solutions
- Anurag Kahol, CTO, Bitglass
- Syed Abdur, Director of Product Management and Design, Brinqa
- Laura Lee, Executive Vice President of Rapid Prototyping, Circadence
- Andrew Lev, CEO, Cliff Duffey, Founder and President, Bethany Allee, Vice President Marketing, Cybera
- Brian Kelly, Head of Conjur Engineering, CyberArk
- Doug Dooley, COO, Data Theorem
- Jason Mical, Cyber Security Evangelist, Devo Technology
- OJ Ngo, CTO, DH2i
- Tom DeSot, EVP CIO, Digital Defense, Inc.
- Chris DeRamus, Co-founder and CTO, DivvyCloud
- Alan Weintraub, Office of the CTO, DocAuthority
- Tom Conklin, CISO, Druva
- Anders Wallgren, CTO, Electric Cloud
- Satish Abburi, founder, Elysium Analytics
- Sean Wessman, Americas Cyber Markets, Sectors and Business Development Leader, EY
- Ambuj Kumar, Co-founder and CEO, Fortanix
- Josh Stella, co-founder and CTO, Fugue
- Kathy Wang, Senior Director of Security, GitLab
- Amith Nair, VP Product Marketing, HashiCorp
- Mike Puglia, Chief Customer Marketing Officer, Kaseya
- Nathan Turajski, Director of Product Marketing, Micro Focus
- Gary Duan, Chief Technology Officer, NeuVector
- Gary Watson, CTO and Founder, Nexsan
- Stephen Blum, CTO and Co-founder, PubNub
- Chuck Yoo, President, Resecurity
- Roey Eliyahu, CEO and Co-founder, Chris Westphal, Head of Product Marketing, Salt Security
- Sivan Rauscher, CEO and Co-founder, SAM Seamless Networks
- Igor Baikalov, Chief Scientist, Securonix
- Oege de Moor, CEO and Co-founder, Semmle
- Dana Tamir, VP Market Strategy, Silverfort
- Logan Kipp, Technical Architect, SiteLock
- Albert Zenkoff, Security Architect, Software AG
- Tim Brown, V.P. Security Architecture, SolarWinds
- Todd Feinman, Co-founder and Chief Strategy Officer, Spirion
- Tim Buntel, VP of Application Security Products, Threat Stack
- Andrew Useckas, Founder and CTO, ThreatX, Inc.
- Joseph Feiman, Chief Strategy Officer, WhiteHat Security
- Vincent Lussenburg, Director of DevOps Strategy, XebiaLabs
- Robert Hawk, Operations Security Lead, xMatters
Opinions expressed by DZone contributors are their own.