If technology professionals learned anything in 2015, it’s that need for new approaches to security — both at the management level and technology level — are greater than ever. A number of prominent security breaches highlighted the challenges in securing data in our increasing cloud-based and connected society.
Let’s start by taking a look at 2015’s major security breaches, and then look at how the security industry can respond. The year included major hacks of the U.S. Federal Government, including the White House, setting the tone. It continued with a steady stream of hacking news as the bad guys exploited loopholes in private servers and various Internet-connected systems.
Each of these security breaches was different, exploiting loopholes that were either man-made (human error) or enabled by technology. Many of these where virtualized or cloud environments.
Here are some of the biggest security breaches of 2015:
- Early in 2015, hackers gained access to the “Get Transcript” application on the Internal Revenue Service’s website, www.irs.gov. As the numbers were updated later in the year, it is estimated that this hack compromised as many as 300,000 taxpayer files and information.
- In February of 2015, health insurer Anthem said a data breach affected up to 70 million members. Anthem is the second largest health insurer in the United States. It includes members of Blue Cross Blue Shield in 17 states.
- In March of 2015, a Washington Post study of Dept. of Health and Human Services information estimated that the healthcare records of 120 million people had been compromised in 1,100 separate security breaches since 2009.
- In July 2015, a live hack of an operational Jeep, documented in this Wired article, kicked off a series of headlines about the threats of automobile hacking, given new rise to security fears about the Internet of Things.
- In July 2015, dating site Ashley Madison disclosed that data on 37 million users had been breached causing panic attacks among adulterers around the world. The hack was even connected to some suicides.
- In late November, children’s toymaker VTech was hacked, revealing that 5 million customer accounts were compromised. The information included customer’s names, addresses, encrypted passwords and possibly birthdays and genders for kids
- In September of 2015, Experian and T-Mobile disclosed that unauthorized parties had accessed an Experian server, gaining access to millions of records of personal information of individuals applying for T-Mobile services. The hack was estimated to affect 15 million people.
This, of course, is only a summary of some of the most high-profile security breaches. Various security experts and Websites track security breaches that happen on a daily basis.
So what have we learned? The specifics of each hack vary from case-to-case, but all of this has resulted in an increased concern about network and cloud security at the highest level of business, reaching to the boardroom.
Approaches to preventing security breaches including implementing basic policies, such as the segmentation of sensitive data, to a wide range of tools that can be applied to data centers and networks, including virtualized environments and SDx.
As we move from the enterprise network to the cloud, it’s clear the approaches and tools need to change. The legacy security model of taking monitor-and-alert approach is no longer sufficient. Security experts have pointed out that one characteristic of many of these security breaches is the slow human response to the situation, not necessarily a problem with technology. The key to next-generation security technology will be to automate responses and take humans out of the picture.
Here are some of the top requirements of the new breed of security solutions:
- Prevention capabilities are needed at every entry point and attack vector, including the cloud. Prevention must be automated to react in real-time.
- Threat resolutions need to be aggregated and shared (across both the customer base and globally) in order to stop so-called “unknown” attacks; malware today is often used over and over (in variations of the original form) because it’s expensive to write new malware. The more information made public about malware, the better for everyone involved in trying to stop it.
- Security and defense technology needs to be built directly into the cloud or virtualization infrastructure, either as native software or in an as-a-service model. Analytics and software-defined networking (SDN) technology will play a key role.
- Corporations and organization need to pay attention to details such as access control and microsegmentation of data, from the highest levels of management. New controls may include extra steps of encryptions, two-factor authentication, or security tokens.
A new generation of security tools and startups is pursuing some of these solutions. SDx research reveals that more than $500 million has been pumped into venture-backed security companies in the last five years.
Some interesting areas to watch include security information and event management (SIEM), which integrates security information management (SIM) and security event management (SEM). to provide real-time analysis of security alerts generated by network hardware and applications. Some SIEM leaders working on integrating SIEM with cloud security include Hytrust, IBM, Intel Security, and Splunk.
An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in different ways. IDS leaders include Cisco (Sourcefire), IBM, Intel Security, and HP.
Another aspect of cloud security will involve the integration of security tools into virtualized environments such as VMware’s NSX and Cisco’s Application Centric Infrastructure. Network virtualization can provide security benefits, such as enabling the microsegmentation of traffic and built-in security analytics.
All of the major virtualization platforms are looking at providing more secure environments, whether it’s VMware, Amazon Web Services, or Microsoft Azure. In addition to providing their own security tools, these virtualization leaders are also partnering with startups and security specialists such as Catbird Networks, HyTrust, Trend Micro and others. For a full list of SDN and cloud security companies, please check out our SDN security directory.
The new cloud networks, in which data and applications are moved on a moments notice, have a new attribute: They’re no longer self-contained elements, guarded within the wall of an enterprise data network. Most of the data is “out there” – in a data center, in a private or public cloud, or on a user’s device.
To deal with a constant barrage of daily attacks, the next security architecture will require a sophisticated blend of both technology investment and management savvy that uses advanced monitoring tools, analytics, and automated responses.