ESG's Doug Cahill and Jon Oltsik share their thoughts on the future of Cybersecurity in 2019
Doug: Welcome to ESG's 2019 Cybersecurity Predictions. Jon, as we get together once again to talk about all things cybersecurity we expect to see next year, we are mindful of the recent news in terms of the Marriott/Starwood breach, that adversaries continue to go after soft targets where they can be successful with credential stuffing and just get a huge corpus of personal information.
And one of the things that struck me about this breach was the dwell time.
Jon: Yeah. I mean, we're talking about predictions for 2019. We may predict a breach in 2019 that actually started in 2016 or so.
Doug: Right. Yeah.
Jon: So it just shows you that these adversaries are persistent, that they're willing to take their time, they're very stealthy, and I don't see any end in sight. Do you?
Doug: Not for these sorts of breaches, and we had a number of them last year, they'll certainly continue. You know, one of the breach types, of course, we've been expecting to see unfortunately is against critical infrastructure, you know, ICS or an IoT attack. What do you think is on the radar screen for 2019 in that area?
Jon: I mean, those types of attacks take a lot of skill. So it's likely that they'll be disruptive attacks, not kind of penetration attacks or sophisticated attacks like Stuxnet. But, unfortunately we see a lot of nation states ceding the battlefield. So, given the political climate in the world, we could see some disruptive attacks on critical infrastructure, probably nothing too destructive, but things that just let you know that the adversaries are there.
Doug: Right. It'll take, a little more thoughtful, a little more planning involved. Because very often when you think about adversaries sort of defaulting to running the plays that they know that works well, like email phishing. But what about some of the more advanced technologies that we're using on the white hat side of that that the adversaries could be using, like AI? Do we expect that's going to be a tool in the toolbox for adversaries in 2019?
Jon: Yeah. We kind of already see that. So just as we're using artificial intelligence on the defense, they use it on the offense. So their behavior will become more stealthy because they'll know what's normal behavior, they'll study that, and they'll be able to look and see where systems are located, what that network looks like, and be able to pick the types of attacks that they use.
So it will be more automated attacks and more intelligent attacks versus, you know, kind of a brute force, "I'm going to impact a certain system and execute a certain attack."
Jon: So speaking of attacks, we see that cloud services platforms becoming more and more important on the infrastructure side. What do you see for security there? Are we gonna see a big attack on one of the cloud?
Doug: Well, I think the first thing we need think about in the context of cloud is the modern application stack and the adoption of microservices. So container's been coming on strong. More organizations are now starting to leverage serverless function-as-a-service calls. So it's really, you know, it's API-driven. When we think about that sort of modern architecture in today's applications, we also have to then adjust our threat model from sort of an infrastructure-centric model to an application stack and API-centric sort of model.
So API security feels more like application security to me than even, you know, infrastructure security. Sort of like, you know, you inventory the API calls, is the entity that's making that API call, you know, authorized to do so then having an audit trail.
Jon: Yeah. And even if you look at the recent Kubernetes attack. I mean, that was at API, it was like a buffer overflow and that once you gave that API a little bit of fake data, you could own Kubernetes, and that's not good.
Doug: No. No. That's control planning. That is keys to the kingdom. So it's like, you know, owning a domain controller, so.
Jon: So this is all immature and so we can expect a lot of security activity.
Doug: Oh, yeah. This is early days for sure. You know, the thing about cloud is obviously, you know, expands our attack surface area, it's contributing additional event telemetry. So as enterprise SOCs start to ingest even more telemetry where they're already leaving a bunch of security event data on the cutting room floor, scale becomes an issue. And we know from our research that, you know, organizations can only get to so much security event data.
on: That's right.
Doug: So, you know, the only...and we've chatted about quite a bit is, you know, the other role of cloud here is to really, you know, help that problem.
Jon: Yeah. I think 2019 will be the year of cloud scale analytics. It just doesn't make sense to build that kind of an infrastructure on site. I mean, there's these, all the resources available in the cloud, you can put a lot more data in there, you can retain the data a lot longer. You can do things like parallel processing, so very good for data pipelining.
So I think we already see some companies like Splunk and IBM doing real well with their cloud-based SIEM, and I think we'll just see that model continue. It just allows for a lot more scale, a lot more processing horsepower.
Doug: Yeah. Lots to compute, tiered storage for time-series data. Really purposeful.
Jon: Absolutely. Well, Doug, we got a lot to say. Should we stick around and do another predictions video?
Doug: Let's stick around and do another one.
Jon: You bet.