Security is the gift that keeps on giving. There’s always one more vulnerability to be exploited, one more household-name company that’s about to be breached.
So, it shouldn’t be surprising that 2016 offered up some new lessons — or, in some cases, things the industry already knew but needed a reminder about.
1. IoT Can’t Be Trusted
It isn’t exactly the rise of the robots, but the Mirai botnet proved that the Internet of Things (IoT) is easily exploitable. This is a possibility that’s been lurking all along, but in 2016, it became real.
In the last few months, the largest distributed denial-of-service (DDoS) attacks in history have occurred, including one against DNS provider Dyn, with reports saying Mirai was a participant. If you’re still not a believer, try it yourself: The code to control Mirai is available.
The inherent problem is that many IoT devices are envisioned as inexpensive widgets that aren’t meant to be scrutinized. Security cameras helped fuel Mirai. Smart light bulbs could be a future attack vector, as researchers showed at the Black Hat conference in August.
As security expert Bruce Schneier noted in October, normal market forces won’t solve this problem. Most of the time, neither the buyer nor the seller of an IoT device gets hurt when that device gets used in a botnet. There’s no easy way to fix this one. Happy holidays!
2. These Breaches Can Be Huge
This is the tale of Yahoo, essentially — a company that started the year with enough problems but then revealed two breaches compromising 500 million and 1 billion user accounts, respectively. (It’s unclear how much overlap there is between those two groups of accounts, and we’re not about to go count.)
You might ask how Yahoo didn’t notice 1 billion accounts being probed. One possible answer is that in 2013, the company just wasn’t looking for intrusions. Another likely possibility is that the information was funneled out of Yahoo’s network in what security experts call a slow bleed — small amounts of data at a time, so as not to create a bandwidth spike that would draw attention.
3. Big Data & AI Will Point the Way
It’s now feasible to track all activity in the network. Sifting through that data is only part of the trick; what turns the technology into a product is the ability to present the information in a form useful to human operators.
Vectra is one startup offering software to interpret the data, draw conclusions, and (within reason) notify operators. Companies such as Deepfield (being acquired by Nokia) similarly scan network activity, mostly with an eye toward finding performance problems, but they can keep an eye on security as well.
Machine learning plays a role in systems such as Vectra’s. With artificial intelligence becoming a bigger deal in the public cloud, it’s natural to assume that technology will be increasingly applied to security as well. Deep Instinct is a startup pursuing the AI discipline called deep learning, applying it specifically to security, and other AI-minded security startups seem likely to emerge.
4. There Are Still Too Many Security Companies
SDxCentral reported on that trend from the RSA Conference in March. This isn’t necessarily a bad thing, considering the looming IoT threats mentioned above.
Plenty of security startups got funding this year. Here’s a small, arbitrary sample, focusing on the largest deals and the startups SDxCentral had covered in the past.
- Prevalent Closes $60M in Funding
- vArmour Raises a $41M Series D
- Skyport Systems Grabs Google & Cisco in $30M Series C
- GuardiCore Raises $20M
- RiskIQ Rakes in $30.5M in Series C Funding
Even if there’s a glut, the security industry will need to cope with new concepts such as microservices. That’s where new companies such as Aporeto, which is focused on cloud-native applications, could become useful.
And at a time when IT giants are merging — Dell and EMC being the prime example — security is following suit. Symantec alone purchased Blue Coat for more than $4 billion earlier this year, then followed up with a $2.3 billion offer for LifeLock.