My post-RSA research is moving along at a nice accelerating pace! After being laid up for far too long, I have set an ambitious 2015 plan intending to cover:
- User controls and behavior analytics,
- Next generation endpoint security,
- Securing virtualized infrastructures,
- Re-imagining file security, and
- Advances in practical network integrity monitoring
My user controls and behavior analytics report is well underway with several vendor briefings and a few background-only enterprise briefings already completed with a June publish date targeted. As usual, my security segment reports always come up with interesting trends - what started out as a "protect the business against unauthorized privileged insider activity" has become more of a "protect the business against malicious threats via inappropriate user behavior detection". Makes sense in that security must detect malware grabbing a user's credentials and enterprises always have more budget for anti-malware provisions than for controlling users. Stay tuned as I did deeper into some clever innovations that every security team should be evaluating.
Along the same line, vendors are looking at re-imagining file security in light of malware protection and the evolution towards cloud architectures. It is stunning to think in these days of disclosing sensitive data loss that none of the primary security technologies - firewalls, antivirus, IPS, IAM, SIEM - have any concept of file security! The best you can do is to control access to servers, but honestly you cannot control where your files go once they reach a remote PC. Fortunately, there are vendors worrying about what happens to your files once they travel beyond the firewalls. There are some excellent concepts discussed by SC Magazine and FinalCode in a May 21st webcast that you may find interesting.
A lot of vendors are scrambling for a category to detect attacks that evade classical signature-oriented defenses. I am quite enthused about the next generation endpoint players and about those looking at the problem from a network integrity viewpoint. Lots seem to be scrambling towards EDR even though nobody, including Gartner, really knows what EDR is. So I'll take a crack at defining next generation endpoint security and network integrity with an eye to solving specific enterprise problems that cannot be solved via classical methods.
Finally, let's hope that the government actually does the right thing by restricting NSA cyber activities, and that the NSA stops treating laws like Massachusetts drivers treat yellow lights. Just because you can eavesdrop, collect data on private conversations, and develop malware attacks doesn't mean that you should. Mother's Day just passed - maybe the NSA got an earful from their moms on how to behave?