The number of attack vectors into the enterprise is increasing with every added device and cloud service while hackers are only becoming more skilled at exploiting the growing disarray of the corporate network. That explosive concoction will require chief security officers to fundamentally rethink how they approach online threats in the next 12 months.
This past year has provided plenty of examples to illustrate this point, starting with the historic attack against JPMorgan Chase & Co. in which hackers breached its $250 million cybersecurity operation in the single largest data theft ever to have hit the U.S. banking industry.
Cloud infrastructure providers have so far managed to weather the storm. In the roughly nine years since Amazon brought infrastructure-as-a-service into the industry discussion, neither it nor its top rivals – Google and Microsoft – experienced an attack even remotely as large as the incidents that hit the retail and financial sectors during the last 12 months.
The top providers each are a far larger target than any single one of their enterprise customers, yet the cloud oligopoly has managed to keep attackers at bay for nearly a decade as other segments only witnessed the impact of cybercrime increase. This suggests that their tactics could be relevant for enterprises as well.
Of course, the typical corporation can’t afford to spend the same kind of dollars on infrastructure as Amazon and Google can, but the coming year will to see the rise of new solutions that will address many of the factors that have historically frustrated chief information security officers (CISOs).
The security community is increasingly accepting that the best way to address a potential problem is not to try to prevent the inevitable but rather to mitigate the impact. Micro-segmentation is an approach to applying fine-grained network controls to trust zones, applications or even individual virtual machines. This prevents attackers from moving laterally from one machine to another in search of an entrance, which is how the JPMorgan attackers did their dirty work.
Implementing that kind of security on an organizational scale is easier said than done, which is the main reason why most companies have traditionally relied on less granular defenses to safeguard their data. But advancements in automation are now beginning to elevate micro-segmentation into the realm of possibility.
Leading the effort is VMware with its NSX platform. The company is far from the only player hoping to change the way organizations architect their networks, but it has the unique advantage of a market-leading hypervisor running on a sizable portion of the world’s servers. That means customers don’t need to replace their existing virtual infrastructure in order to implement more granular isolation.
NSX is still in the early stages of its evolution and currently only encompasses a portion of the enterprise infrastructure landscape, but the platform heralds a significant shift that is poised to pick up steam in the next 12 months as competitors move to match VMware’s value proposition. Spearheading the counter-offensive is Cisco Systems Inc., which is likewise banking on its existing install base as a way of catalyzing adoption.
Cisco is taking its own unique approach toward addressing the growing sophistication of online threats, placing the emphasis on analytics. In a rather unexpected move, it recently open-sourced a framework that combines different components from the Hadoop ecosystem into a real-time traffic filter capable of scanning millions of packets ever second.
The increased visibility that modern analytic technologies promise to provide has the potential to give CISOs a new set of tools to use in detecting threats. That will significantly raise the bar on security in 2015, challenging CISOs to keep up and, hopefully, challenging attackers as well.