While cyber-attacks of the old targeted firewalls and other edge devices to gain access to critical information or bring down the network, security teams today have to deal with more evolved and intelligent threats such as smarter malware and APT, as well as threats that gain backdoor entries leveraging on unassuming employees, mobile devices and rogue applications. Here is a take on what cyber security will have to deal with in the years to come.
Evolving, complex and smarter malware
Smarter malware should be your first concern. Going by reports, around 100,000 new malware is being catalogued every day! Something that adds to the concern is how the malware is becoming more sophisticated and smarter than before. There are non-signature based anomalies that can surpass your Intrusion Detection and Prevention systems and malware that can evade security systems because they are electronically signed using stolen or fabricated certificates.
Even the highly secure two-step authentication fails against PERKELE, an advanced malware that has the ability to intercept authentication messages sent to mobile devices! Finally add those that leverage on zero-day vulnerabilities – close to 150 malware that can take advantage of a recently discovered Microsoft zero-day bug (CVE2013-3906) have been identified.
Users and mobile devices
Remember this comment on security Given a choice between dancing pigs and security, users will pick dancing pigs every time . Still holds true – even in a highly secured enterprise network, the end-user is your weakest link. Users tend to download unverified applications or click on any link that seems interesting, both of which can lead to malware infection.
Talking about users brings us to trends such as mobile workforce and BYOD which has left the enterprise vulnerable to new age threats. With BYOD, users install unverified applications on their devices, some of which can be malware in disguise and then use the device in the enterprise network. Sometimes they use their mobile devices on unsecured, shared public wireless, such as a Wi-Fi hotspot or a hotel wireless, pick up malware and then bring the devices into your enterprise. Both situations sees the infected device being physically carried in and connecting to your network. Your IDS/IPS, firewalls or ACLs are not quite useful here, are they
Administrative errors and vulnerabilities
The network is getting bigger and more complex. Technology advances such as SDN and network virtualisation are still new territory and it wouldnt be a surprise if you forget to consider every possibility on your security checklist. A minor configuration error, an open port, a misconfigured ACL rule are all security problems waiting to happen.
Lets not forget the patches too support for Java 6 has been stopped and Windows XP is next in line. Many applications still run on Java 6 and though for many readers Windows XP is a thing of the past, statistics show that 20 per cent of the world still runs on Windows XP2, especially those machines everyone calls ATM3! Using such End of Support or End of Life systems leave you exposed to every possible threat and vulnerability, with no patches to fix them, ever!
Targeted attacks and bots
The last couple of years have seen the emergence of APT (Advanced Persistent Threats) and there is bound to be more. An APT is when the goal is to gain access to an organisations network not to disrupt the service, but for data theft and to continue with it as long as possible. Such attacks are designed specifically for a target network using campaigns such as spear phishing where specially crafted emails are sent to specific individuals making them harder to detect or prevent.
Bots will the other big problem for enterprises either by being under a DDoS attack or by participating in an attack targeted at another enterprise. Either way, you have trouble in your network. With firewalls, IDS and IPS all designed to look into and stop incoming anomalies, the outbound ones will have a field day.
Cyber security for 2014 and beyond looks more challenging. But what can get you there is adoption of new technologies and security mechanisms.
Network security will need to evolve beyond firewalls, access control lists and simple event logging. The future of security involves base lining the normal and watching out for abnormal patterns, analysing LAN behaviour and adopting monitoring and SIEM (Security Information and Event Management) options that include network behaviour anomaly detection, correlation, pattern matching, and even heuristics if possible.
You have to be proactive and have a holistic view of all network activity to be able to stop inside threats from mobile devices, smart little malware and the big bad APT. You also need to add defence options to mobiles devices operating from outside the network perimeter, have configuration baselines, alerting and regular patch updates on both the mobile and the enterprise application eco-system.
But the most important security step is strengthening your weakest link – Educate your employees about the risks associated with unknown and unapproved applications and the seriousness of data theft. Wish you a better secured 2014!
Don Thomas Jacob is Head Geek at SolarWinds.