Security is a huge topic that always appears as a top priority in the agendas of governments and companies, because it plays an important role in various contexts of our society. For example, we need security in the context of economics and politics, security for houses and enterprises, security for people in the streets, security in our jobs, security in some of our relationships and of course, security for our digital information (a.k.a. cyber-security). Throughout history, people have always craved for security, because it’s the only logical solution to one of the most primitive instincts we have: fear. The cavemen invented fire to protect themselves against physical threats, as the contemporary men invented firewalls to protect themselves against cyber-threats, and security keeps evolving as the world keeps spinning.
Regarding cyber-security, it’s interesting to analyse the latest changes in IT priorities, where many trends appear and disappear every year, but security somehow remains as a constant. Why is that? Why does IT professionals aren’t talking that much anymore about Bring Your Own Device (BYOD) or Software as a Service (SaaS), but they keep talking frenetically about security? Well, because security is not an issue to be solved and it’s rather a concept that needs to be addressed constantly and systematically to avoid the risk of a catastrophe. Think about it…BYOD? Everybody is already bringing their own devices to their companies, and companies have stopped being so paranoid about controlling them all. SaaS? Everybody’s now consuming cloud-based software, so there’s no need to keep overusing the word ‘SaaS’ for selling this idea. But how about Security…who dares to brag about having 100% solved their cyber-security concerns? I bet nobody! I hope nobody!
So, at this point of the post, we’re aware that cyber-security remains constant as a top priority for IT decision-makers, but this doesn’t mean it remains the same! Threats in the world are evolving every second, so security needs to adapt as well. For this reason, Gartner considers ‘Adaptive Security Architecture’ as one of the top 10 security trends for 2017.
It’s interesting to analyse the words ‘adaptive’ and ‘architecture’ in this context. The first one implies that security will be adapting constantly to respond to the latest threats, and the second one states that security will behave as an architecture. What does this mean? That there will be no more isolated security components in a company. Security needs to be architected so that all the components bond perfectly well to create a unified protection against advanced threats.
I still like to compare cyber-security architecture in a company with security in a medieval castle. Back in the days, there was always a secure perimeter around the castle, maybe some guards at the gates and some other internal guards. That used to be enough, because attackers only knew how to break in through the gates. But nowadays, if we were to defend a castle, we should consider that attackers can use choppers to enter through the airspace, drills to enter through the ground or social networking to corrupt people and generate an attack from the inside, amongst many other advanced techniques. So, we’d need advanced security.
In the context of cyber-security, the fortress is the company, the asset to protect is the data and the security architecture is the group of devices that are designed and orchestrated to provide logical security, based on the architecture’s guidelines and best practices. And, what does this security architecture must have? Well, in this post I’m not going to go very deep in describing the technical entities that should participate in a unified adaptive security architecture. In general, it’s important to have perimeter security, internal security, protection against external Distributed Denial of Service (DDoS) attacks and an orchestration platform to coordinate the security solutions. But I consider more relevant to identify against WHAT we should be protected, rather than HOW to do it. Once we know the enemies, it would be easier to fight them back.
According to important security leaders’ analysis such as Intel® Security McAfee Labs 2017 Threats Predictions Report, ESET Security Held Randsom Report and CSO Top 15 security predictions for 2017, these are some of the most relevant security trends for 2017:
- Phishing will remain as a popular strategy to penetrate a company’s security.
- Ransomware will remain as a very attractive ‘business model’ for cyber criminals.
- The vulnerabilities in virtualized platforms will increase.
- The vulnerabilities in open-software platforms will increase.
- Internet of Things (IoT) devices will open lots of backdoors in enterprise security.
- The concept of Ransomware of Things (RoT) will arise.
- IoT devices in mission-critical applications might be hijacked by RoT attacks.
- Internet of Malicious Things: IoT devices will be used as botnets.
- Drones will be hacked to use them for espionage purposes.
- Ransomware as a Service (RaaS).
- Massive DDoS attacks to critical infrastructure.
- New ways of distributing malware will appear.
- Increase in the theft of sensitive data from mobile devices by using malware.
- More hacktivism to expose privacy issues.
- More cyber-espionage in the criminal underworld and amongst nations.
All the elements in an Adaptive Security Architecture should be designed to protect the organizations from most of these attacks. Even the cyber-security leaders and players in the industry are now collaborating to create unified threat-defences against worldwide digital threats.