Back to Basics
Our Predictions for 2016: Going Back to Basics
The year 2015 was no different – more successful attacks by hackers and malicious insiders. In years past, what was once considered an “advanced” attack (e.g., credential theft, social hacking) has become a common practice today with the widely available sophisticated malware and exploits that once were used by only a few.
The APT market clutter has dissolved as we discovered that the solutions security vendors claimed to be able to prevent advanced threat breaches, could not. Additionally, the recent hype of “analytics and machine learning” is gradually eroded by the fact that these solutions failed to stop all recent attacks – not to mention they are blind to malicious insider attacks (see my SIEM+UBA blog) and therefore, are ultimately worthless against hackers. As a result, I expect only a handful of “pure UBA” players to survive in 2016. The rest will become the living dead, hoping to sell their technology/employee talent to a large vendor.
Global 2000s need to be increasingly weary of a new level of threat – Strategic Data Theft, Manipulation and Disruption, where not only is sensitive data stolen, but core data and sensitive business transactions are manipulated and fraudulent transactions are committed as well. Consider the potentially devastating consequences of transaction manipulation from every corner of your company’s infrastructure.
It’s time we get back to the basics and protect the data itself, following sensitive data flows.
Here are some trends that I predict the industry and CISO’s will embrace in 2016 –the year we get back to basics.
- Awakening from disillusions, CISOs in Global 2000 organizations will stop the endless chase after the latest market buzz (APT/machine learning) and will invest in the backbone of tying up and integrating existing security operations and sensors.
- CISOs will look for solutions above and beyond the artificial separation between “hackers” and “malicious insiders” use cases. Instead, organizations will look for technologies that are not blind to one on the expense of the other, expecting broader protection from their vendors (as today hackers stealing user credentials are completely identical to insiders while insiders can exploit hacking methods to overcome the absence of granular segregation of duties).
- CISOs will focus their efforts in what is important: identifying and managing their sensitive data flows and business transactions across their sensitive enterprise and client facing applications that are accessed daily by thousands of users, 3rd party and IT, such as;
a. Ensuring that their organization knows where sensitive data is found (using advanced data classification techniques).
b. Putting in place sensitive data flow monitors and forensics capabilities.
c. Analyzing these data flows in real-time, so outliers can be detected immediately and accurately while attacks are stopped in their tracks.
d. Embedding data flow controls that can instantly respond to hacker or malicious insider abuse. These actions can include dynamic masking, anonymization, redaction and row level security. If the organizations to not start doing it in 2016, regulatory forces around data privacy and data cross border controls will enforce them to do so in 2017.