- Security TWENTY
- Women in Security
What lies ahead for IT security in 2013? Below are three predictions from Darren Anstee, solutions architect team lead at Arbor Networks, around what he believes we’ll see in 2013:
1) DDoS will become more visible as a business risk
Distributed Denial of Service (DDoS) has become a familiar term to many more of us over the past year. The mainstream press coverage of the attacks from Anonymous, our increased appreciation of the broader spread of motivations behind attacks, and the simple fact that many organisations have now experienced attacks has seen to that. Ideologically motivated attacks are often in the press, but many other attacks are motivated by extortion, the need for a distraction (from other criminal activity eg. data-theft) and revenge; DDoS is even being used now as a competitive ‘weapon’ in some markets.
There can be no doubt that DDoS attacks pose a significant threat to the availability of our Internet services, and as we have become more reliant on these services for our business continuity the risk of an attack having a major business impact has increased. An increasing number of organisations now rely on the Internet to sell their products, offer their services, process transactions or to access cloud based data and applications. An attack can be very costly if we are not prepared.
In light of this DDoS is starting to be considered alongside other threats to our business continuity (such as power failure, physical security etc) and the awareness within organisations is broadening. The tools our finance teams use to model risk are starting to incorporate cyber threats, and CISOs are being asked to quantify risk and plan accordingly. The availability of our Internet services is becoming as important as the confidentiality and integrity of our data.
2) Multi-vector DDoS attacks will proliferate
Not all DDoS attacks are created equal, there are actually three main categories of attack: Volumetric attacks, which are all about existing link or forwarding capacity either within or between networks; TCP State Exhaustion attacks, which are all about exhausting the state tables in our firewalls, load-balancers and servers; Application Layer attacks, which are the stealthy more sophisticated attacks, and are aimed at exhausting application layer resources.
Attackers have learned that if they utilise multiple attack vectors at the same time their chances of taking sites and services down, and keeping them down, are increased; the recent spate of attacks against the US financial sector were multi-vector in nature.
In 2013 we expect to see more of these attacks, where multiple vectors are used and modified in real-time to counter-act mitigation strategies as they are put in place. We can defend ourselves from DDoS attacks, but we need to be services and solutions based around Intelligent DDoS Mitigation Systems (IDMS) which are specifically designed to deal the DDoS threat. If we put the most appropriate services, solutions, people and processes in place then we can make sure 2013 is not an unlucky year for our businesses.
3) Visibility WITHIN our network perimeter will become key
Much has been made over the last twelve months of the growing threat to our business data and intellectual property from advanced / targeted threats. Businesses are rightly concerned in this regard, but the way in which our services and network architectures have evolved has in fact made securing our data more difficult.
Traditionally we have secured the perimeter of our networks, but actually defining our perimeter has become more complex with increased user mobility, BYOD and use of cloud based services. And, the threats our there are much more sophisticated than they used to be and the obfuscation techniques used to evade our IDS etc, have evolved.
Now more than ever we need three things: visibility of what is going on ‘within’ our security perimeter, so that we can detect threats inside our networks which may have evaded or bypassed our perimeter defences; intelligence on the behaviours and indicators we should look for to identify compromised devices; forensics on what users and systems have been doing (potentially over an extended period), so that we can identify the extent of any compromise.
Adding these additional capabilities to our existing layered security models will likely be a focus for a lot of organisations in 2013.