As we are about to enter another RSA conference, it is a good time to reflect on what changes we are seeing in the cybersecurity space. Between now and RSA 2020, here are five trends that I expect to see rise to the top.
There is a traditional way of thinking about application security. In the past, an application may be running a data center, with firewalls looking at traffic east and west, as well as north and south. Application protection might include database security and encryption. However, with applications moving to the cloud, the ways in which you secure your workload must change, and we’re just beginning to see this new wave of application security technology be adopted.
With a fundamental change in how applications are built and deployed, there must be a corresponding change in how those applications are secured. Just over a year ago, CISOs weren’t recognizing the need for a shift in workload security strategy, but at Cisco’s recent annual CISO summit, the conversation had changed to an acknowledgment that application security must evolve.
Cloud environments, like Amazon Web Services (AWS) and Google Cloud Platform (GCP), are so different from old environments that a new breed of services is needed to more capably secure workloads. Two examples of these new services are Web Application Firewalls that can provide specialized security for these new environments and container security that can be integrated to secure the container pipeline and application.
In 2019, expect to see a major step forward in cloud application security technology. Products like Cisco’s Tetration and Stealthwatch Cloud offer an alternative to traditional means of application workload protection, but these represent a first step in what will be an increasingly important new technology landscape. We’re not sure which of the emerging technologies like NG-WAF, RASP, cloud posture and container security (just to name a few!) will prove most valuable, only that a few of them will start to gain material traction in the coming year.
2. Identity security becomes a necessity of cybersecurity strategy.
The completed acquisition of Duo Security in October 2018 signaled a major shift toward Cisco’s adoption of identity security across our entire portfolio of security products. Stolen or weak passwords are an overwhelming (81 percent) reason for hacking-related breaches, according to a Verizon 2017 Data Breach Investigation Report. So it’s clear that compromised credentials must be avoided at all costs, and multi-factor authentication (MFA) and identity access management (IAM) are increasingly effective means of protection against this vulnerability. A recent blind survey by Cisco found that the top investment area for CISOs in the next 12 to 18 months is identity security and access management. The survey also concluded that individuals in the cybersecurity community are noticing that effective MFA and IM could have deterred some data breaches of their peers.
Expect to see the adoption of this technology grow in 2019, as MFA and IAM continue to advance. A simple username and password are no longer enough to guarantee the authenticity of a user’s identity. Duo’s technology offers contextual user-access policies and the ability to check the trustworthiness of a device through security health inspections. These additional layers of security can restrict remote user access to reduce the risk of critical data being accessed by the wrong individuals.
3. SD-WAN transforms how perimeter security is deployed.
Much like workload protection in the cloud has changed, perimeter security is changing because the perimeter has moved. As traffic is increasingly moving to the cloud, enterprise networking is changing the way that traffic gets there, and the primary driver of that change is the transition to software-defined wide-area networking (SD-WAN).
SD-WAN allows our customers to use the internet as their virtual network through direct internet access (DIA), and offers a better user experience and increased cost efficiency. However, this traffic still needs to be secured. As a result, security will increasingly move to the branch edge, i.e. into the router, or to the cloud edge. With Cisco’s security engine embedded in the network device, network traffic can avoid being backhauled to security services hanging off a centralized core.
Cisco’s VNI report forecasts that SD-WAN will increase five-fold and will be 29 percent of WAN traffic by 2022. This accelerated growth and DIA means that security has to keep up. Cisco is meeting this challenge by integrating security not only into the router but also in the cloud with Umbrella integration into SD-WAN.
As SD-WAN adoption grows in 2019, expect to see an increased significance placed on the deployment of perimeter security. At Cisco, we provide our customers the freedom of deploying world-class security services in the place that makes the most sense for them in their network environment.
4. New capabilities coming to the Security Operations Center (SOC) continue to mature.
The second ranked investment area cited in Cisco’s blind CISO survey was security information and event management (SIEM); orchestration and automation; and integration. The SOC has always struggled with what to do with the immense data at its disposal. Expect to see more companies lean into ways to help an overworked SOC be more effective and efficient with tools that offer capabilities like orchestration, automation, and network traffic analytics.
Gartner recently forecasted that 15 percent of organizations with a security team larger than five people will leverage Security Orchestration, Automation and Response (SOAR) tools by year-end 2020, which is an exponential increase from the less than 1 percent reported in 2017.
A leader in this space and Cisco Partner, Splunk recently acquired Phantom, which is a leader in SOAR technologies. As companies and technologies continue to evolve to take advantage of machine learning, expect to see the SOC become more productive and proactive in its threat detection and response capabilities.
This move toward increased capabilities in the SOC tool chain perfectly aligns with Cisco’s initiatives like Stealthwatch and Threat Response,, our continued focus on integrating with leaders in this space such as Splunk and IBM QRadar, as well as our broad ecosystem of partners (over 160!) in Cisco’s Security Technology Alliance. Many of these tools help the SOC leverage data to improve operations and drive innovation. At the end of the day, security tools must be able to solve customer problems faster or find the data point that is the proverbial needle in the haystack.
5. The importance of underlying data for machine learning (ML) comes to light.
There is a lot of hype around ML, and in many respects the hype is justified. The ability to harness the power of these technologies to predict and stop data breaches is incredible, but this technology is not new. However, it is always learning, growing and evolving. This evolution is where data becomes paramount. Your ML security tools will only advance as far as the data each has the ability to access and leverage.
All security vendors are doing work in the ML and AI space. But there is a direct correlation to the quality of the underlying data and the quality of output from these technologies. Under the hood of Cisco Security products, you’ll find that ML is a critical component. The differentiator for Cisco is our ability to leverage a vast amount of data because of our unique position in our customers’ networking ecosystem. This data, harnessed by Cisco Talos Intelligence Group, allows us to offer world-class security detection and response for our customers.
As companies rely more and more on ML, we’ll see who has the data to back up the claims seen in today’s security marketing.
The Cisco Security team is always working to keep our customers protected against every kind of cyber attack. As we move through 2019, we’ll keep an eye on these trends to see where they go and what other tools and technologies in cybersecurity make news this year.
If you’re interested in keeping up-to-date on the biggest security threats and news each week, be sure that you’re plugged into the Cisco Talos Intelligence Group blog. Don’t forget to follow me on Twitter and LinkedIn for all the latest trends in cybersecurity and announcements from the Cisco Security team.
Click here to subscribe to our RSAC blog series.