Like computing itself, the information security or InfoSec landscape is continuously evolving.
What was once the cyber-threat or threat remedy of the month can give way to alternatives, as new techniques and technologies are pioneered by cyber-criminals or InfoSec professionals, alike.
As 2017 moves into its second quarter, we’ll be looking at five of the emerging security technologies that are currently making waves in the information security sector.
Five Emerging Security Technologies
1. AI, Machine, and Deep Learning
“Deep learning” has been used as a blanket term to cover a group of technologies that operate by observing their working environments (including internal processes, external communications, and interactions with external actors) and creating a knowledge base of what they “see” and experience. Using this archive, they can set up a baseline condition for normal operations, against which they compare activities and processes that they continue to observe in real time.
Each element that these technologies monitor is capable of adding to their knowledge base, meaning that they can essentially “learn” by experience. Systems may, in turn, be able to act upon what they learn, in various ways – a suite of actions that may continue to evolve as more knowledge and experience are gathered.
In a security context, this kind of behavior clearly has positive implications, as artificially intelligent systems could be configured to establish an internal image of a safe and secure operating environment, taking proactive steps to ensure its safety in direct response to activities that the system observes.
Rather than necessarily looking at users, machine learning systems observe “entities” – which may be network traffic flows, system processes, individual data files, etc. – at all scales and levels. For security deployments, deep learning systems may be used to flag behavior which is anomalous to what’s expected – whether that be the behavior of a program, workload, connection, or an entire data center.
2. Cloud-Specific Applications and Solutions
Recent years have seen a move away from on-premises deployments of information technology and telecommunications, with enterprises increasingly reliant on web-based resources and hosted cloud solutions for the provision of infrastructure, applications, and services. With this shift comes an attendant need for security strategies and solutions specifically tailored for the cloud, as threat vectors and technologies rise to the challenge of specifically targeting cloud-based infrastructures and platforms.
Securing the cloud in this regard may occur on a number of levels.
At one level, there’s the emergence of cloud-based equivalents to the kind of security measures traditionally deployed on-premises. Virtualization technology can allow the creation of firewalls, intrusion detection and prevention systems, and specialist security hardware – with the option to generate or destroy virtual security instances on a session by session basis.
Then there’s the setting up of standards and quality assurance levels for enterprise cloud deployments. Organizations like the Information Systems Audit and Control Association (ISACA) provide certifications (e.g. the SSAE 16 and CoBIT 5 frameworks) or industry-specific frameworks which may be assigned to service providers, allowing enterprises a more transparent view of their security status before they commit to a subscription.
And then there’s what Gartner, Inc. refer to as cloud access security brokers (CASBs), which can provide InfoSec professionals with a security overview of the available set of cloud service providers in a given sector, to inform better procurement decisions, along with the ability to better manage risks and establish security policies.
3. Endpoint Hardware Authentication
The proliferation of mobile computing devices, removable storage media, hardware tokens, and Internet of Things (IoT) hardware has multiplied the available options for cyber-attackers to attempt to gain access to user credentials, personally identifiable information (PII), intellectual property, and other high-value data – to say nothing of the opportunities to use endpoint devices for gaining unauthorized entry to networks for any number of purposes.
A technological response to this challenge comes in the form of hardware authentication, whereby unique identifiers may be coded into the hardware itself – in essence giving each device its own digital fingerprint. Chipsets and firmware may also have security mechanisms built in, enabling a device to be used as part of a multi-factor authentication process.
So, a smartphone or smart token holder might, for example, be required to provide a username and password, their device with its unique identifier, and/or one of their own biometrics (fingerprint, voice, facial scan, etc.).
Endpoint devices are also being written into security frameworks, with endpoint detection and response (EDR) solutions with related tools capable of recording network and endpoint events, or storing information locally on endpoints for comparison with databases of known indicators of compromise (IOC).
4. Emerging Security Technologies for Preventing Data Loss
The theft or loss of sensitive information, the interception or corruption of unprotected data streams, and the compromise of data archives may represent as big a loss to enterprise security as a malware infection or Denial of Service (DoS) attack. So techniques and technologies for preserving data integrity and preventing data losses are highly valued.
Authentication and encryption are the prime movers here. Strong encryption can ensure that, even if an attacker gains access to important information, their chances of deciphering and monetizing it are severely reduced. Data can be protected down to field or character levels, and with the latest encryption algorithms and technologies, data transmissions can be processed and analyzed in their protected form, reducing its risk and exposure.
Fool-proof authentication methods are essential in protecting encryption keys and their safe transmission – and advances in token-based and biometric authentication protocols are enhancing this protection.
5. User Behavior Analytics (UBA)
The way in which users interact with their systems and devices (pressures exerted on a keyboard, swipe patterns on a touchscreen, applications typically opened, habitual spelling errors, etc.) can be identifiers as unique and personal as physical biometrics – and user behavior analytics or UBA technology takes advantage of this.
Behavior profiles may be built up from observations of past activities, in addition to a comparison with the actions typical of those in the same pay grade, department, or workgroup as a particular user (known as “peer analysis”). UBA may also serve as a tool in corporate security training, establishing benchmark levels of appropriate behavior.
Systems deploying UBA techniques are better placed to red flag anomalous/malicious behaviors – the kind that deviates from what would normally be expected of recognized and authorized users.
A UBA system that’s established a “situation normal” analytic and archive of behaviors from its authorized user base is in a position to more quickly identify the activity of a user (such as a successful hacker) whose credentials might match those of someone recognized, but whose subsequent actions on the network prove suspicious.
Behavioral analysis can extend beyond the personal to include the behavior of processes and systems (the “entities” involved in deep learning). This expands the scope of UBA into the realm of user and entity behavioral analytics (UEBA), which takes users, endpoints, applications, and entire networks into account. Co-ordinating analysis across the various entities increases analytical accuracy, and improves the effectiveness of threat detection.
UBA and UEBA are considered as the evolutionary next step for security information/event management (SIEM), with the ultimate aim of being able to predict the occurrence of a security breach before it happens, based on abnormal user or system behaviors.
Share this Post