Cybersecurity trends to watch out for in 2019
From security orchestration, automated response to cloud forensics, keeping pace with technology along with trends is essential.
According to a report from Cybersecurity Ventures, the Cybercrime damages will cost the world more than $6 trillion by 2021. Surprisingly, the GDP of India was only a little above $2.6 trillion in 2017, according to a report by the World Bank.
Last year, Quora — a Q&A forum popular among Indian readers — notified its users that an unauthorised third party gained access to its data. As a result, accounts of nearly a hundred million users and their data was compromised. Data breaches of this scale are occurring from time to time, and the need for proper cybersecurity measures is intense.
The adoption of modern cybersecurity practices, however, is a challenging task —especially for startups and early-stage ventures. On the other side, the demand is high, but the number of cybersecurity experts available in the market is low. Even if the companies are willing to pay more, retaining the top talent has become tough, as the competitors have become more predatory.
However, with the game-changing innovations in automation and artificial intelligence (AI), cybersecurity is trending towards automation. Here are the most significant cybersecurity tends to watch out for in 2019.
Security orchestration and automated response (in the cloud)
Every year, more and more businesses are adopting cloud computing and Cloud environments are a lot more different than on-premise environments. The increased flexibility in cloud environments also calls for better attention to security practices.
Manual vulnerability assessment, simulating attacks, and then patching is a slow process. In turn, manual processes cannot catch up with the dynamically adjusting cloud environments and the ever-changing application dynamics.
As a result, human involvement should be reduced as much as possible with the help of automation. Security orchestration and automated response does that exactly. It allows establishing a system that does a vulnerability assessment, attack simulation and patch simulation, and checks for internal and external regulatory compliance. It then applies the changes to the Cloud environments.
Relying on just one or two tools to achieve security orchestration and automated response can be risky. The vulnerability assessment tools available in the market right now are not highly efficient, and they can leave the loose ends unattended. It is important to orchestrate the tools and methodologies to establish a proper system.
As this trend is speeding up across organisations, better tools and methodologies will come into the picture.
Cloud forensics
Organisations are rapidly adopting public clouds like AWS, GCP and local Cloud players like E2E Networks. These public cloud platforms help to alleviate the initial capital expenditures with pay-as-you-go and pay-per-hour models, and give greater flexibility, agility, speed, and almost infinite elasticity.
In the Cloud, multi-tenancy is a common phenomenon. One physical machine is divided into multiple virtual machines. Thereafter, these virtual machines can be used by different organisations.
A Cloud computing platform, in general, involves two or more parties. One is the Cloud Service Provider (CSP) and the other party is the customer. The CSPs may depend on a few other service providers to deliver the services to their customers.
Employing traditional approaches to perform forensic analysis of a Cloud environment, especially on a Public Cloud, isn’t effective. As the number of involved parties is always two or more, there is a need for establishing proper regulatory frameworks.
Cloud forensics, indeed, is a subsystem of Network Forensics. Put it another way, cloud forensics is digital forensics applied to cloud computing.
When investigating cybercrimes, forensic analysis plays a major role. As the organisations are showing greater interest in cloud-computing, cloud forensics is going to be a major area to look at.
Large scale log analysis using ML and AI
Log analysis is a crucial part when running computing workloads. These logs contain the warnings and errors, and understanding these logs in advance is necessary to avoid any service disruptions that affect the end customers.
For log analysis, ELK (Elastisearch, Logstash, and Kibana) stack has been the choice for many startups. However, the knowledge one can extract from the ELK stack is bound to the abilities of the personnel operating it.
Artificial Intelligence (AI) and Machine Learning (ML) models can be used to analyse large volumes of logs effectively. A conclusively established AI and ML model can give valuable and actionable insights in much less time.
A tool called Instana that works based on AI and ML has already become the monitoring tool of choice for organisations that are leveraging microservices architecture. The market is moving towards employing AI and ML to analyse large scale logs. We will see more such tools and models in the upcoming days.
Going towards maturity in continuous security in CI/CD
DevOps lets organisations stay ahead by making it easy and efficient to release new features faster. One key aspect of DevOps is the continuous integration and continuous delivery (CI/CD).
The CI/CD pipeline itself should be secure. Instead of passing the final product to the SecOps team and vetting it, the SecOps should be involved much earlier and the best security practices should be embedded into the DevOps process. This approach is known as DevSecOps.
This addition of continuous security in CI/CD needs a lot of improvements to make it easy to adopt. We will see many innovations in the upcoming months in this space.
Integrating OSINT as part of the standard VA/PT
Vulnerability assessment and penetration testing (VA/PT) are two key aspects of doing a security assessment. However, oftentimes organisations don’t do necessary due diligence about their openly available data that can cause breaches.
For example, public-facing IP addresses, data available in the who is lookups of the domains, and technologies being used as well as any data leaks such as credentials, API keys, and so on. Integrating this Open-Source Intelligence (OSINT) with VAPT will allow organisations to secure their IT environment well. And it is going to be a trend across organisations in 2019.
Conclusion
The more the innovations, the more security holes hackers are able to find. Black hat hackers are becoming smarter than ever before. Keeping up the pace with technology along with cybersecurity trends is essential. This will help to defend well against cybersecurity attacks.
(Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the views of YourStory.)