Last week, I wrote a blog describing how 2018 will be the year of advanced prevention. Now we’ve had technologies for blocking cyber-attacks and malware for decades (i.e., antivirus software, firewalls, IPS, etc.), so what exactly is advanced prevention? I believe advanced prevention sits at the intersection of two other cybersecurity trends:
- Software-defined security functionality. Software-defined everything makes it easier to deploy, configure, and scale security controls.
- Artificial intelligence. AI uses algorithms to comb through mountains of data to increase detection/blocking efficacy, provide granular risk scoring, and fine-tune decision making.
In the past, many security controls were based upon rules/heuristics and often required ample time for deployment, configuration, customization, etc. When the two advanced prevention trends come together, they produce security controls that are easier to deploy, easier to operate, and offer more accurate detection/blocking rates. Thus, organizations can deploy advanced prevention controls, decrease the attack surface, reduce security noise, and focus precious human resources on high-value tasks.
I highlighted five advanced prevention technologies in my last blog: Next-generation endpoint security software, threat intelligence gateways, secure DNS, micro-segmentation, and intelligent application controls. Here are a few more for consideration:
- Software-defined perimeter (SDP) technologies. As I’ve written before, no one has an SDP budget right now but everyone has an SDP requirement. This is because SDP is built specifically for cloud and mobility. What SDP really does is modernize the concept of a VPN by setting up a secure tunnel between users/devices and applications regardless of their location. Users get the convenience of direct connection to applications and services, while CISOs gain the security benefits of “zero-trust” networking. In this way, SDP qualifies as advanced prevention as it enforces RBAC rules, limiting approved users’ purview of the network at large. I’m following many SDP providers including Cyxtera (formerly Cryptzone), Google (BeyondCorp), Vidder, ScaleFT, and Zscaler. Oh, and I fully expect Cisco to jump in with both feet in 2018 as well.
- Risk-based intelligent vulnerability management. Despite years of innovation and VC investment, vulnerability management remains one of the biggest operational challenges for most organizations. Why? It’s a numbers game – large enterprises have thousands of systems with different software revisions and configurations deployed across global networks. How do you prioritize patching activities when CVE scores and vulnerability scanning tools report thousands of high-priority incidents requiring immediate remediation? In the past, we used analogue tuning to define which systems were considered mission-critical but this didn’t provide a level of useful granularity. Fast forward to 2018, and risk-based intelligent vulnerability management tools can consume terabytes of configuration data, asset data, vulnerability data, and threat intelligence to create a fine-grained analysis of which systems really need immediate patching. Risk-based intelligent vulnerability management qualifies as advanced prevention as it can be used to decrease the attack surface while streamlining operations. I’m following Kenna Security in this area but expect others to follow.
- Smartphone-based multi-factor authentication (MFA). Okay, this one has been around for a few years but ESG research from my colleague Mark Bowker indicates that it is gaining momentum. While 28% of organizations already use smartphone-based MFA, 55% are either piloting, evaluating, or planning to use this technology in the future, making 2018 a pivotal year. Smartphone-based MFA will complement the software-defined technology described above to further decrease the attack surface. Vendors like CA, Duo, Okta, RSA, SafeNet, and Symantec will play here.
I’ll be reporting on other advanced prevention technologies and trends throughout 2018. Stay tuned.