Data and info-centric security design key to security

BANGALORE, INDIA: 2010 will be the year of ongoing change. Further adoption of cloud, social media and virtualization technologies will continue to blur the network parameter, while new cybercriminal methods such as ransomware and crime as a service will lure in unsuspecting users and threaten the enterprise at large.

Security postures must move from a container-centric approach that is tied to a physical locale to a data and information-centric security design. To do this, organizations – large and small – should consider a layered, centralized security solution that provides multiple security touch points within the network, rather than around it, in order to protect their information from outside in and inside out.

With this in mind, Fortinet predicts the following top 10 security trends for 2010:

1) Security, Virtually Speaking: Preventing infections from cross pollinating between virtual machines will be key in securing virtual movements of servers.

Securing virtual environments requires protecting the physical perimeter as well as securing the interaction from virtual device to virtual device. When a new virtual machine is created, infection can cross pollinate, so organizations must ensure that policies established for the perimeter will not follow the virtual environment. Security policies, rather, need to be uniquely moved with the virtual motion of servers.

2) Information, Protect Thyself!: Information-centric security, rather than container-centric security, will be necessary in the next decade as access to data will continue to evolve outside the traditional network.

The definition of "the network" has moved much beyond the traditional LAN to encompass distributed networks, cloud-based networks, social-media networks, wireless networks, virtual networks, etc. So, data now needs to protect itself via a networking infrastructure that positions a security control at every data touch-point or internal network segment rather than just at the perimeter. Information-centric security is a more granular, intelligent and multi-layered security approach that guards against penetration of the entire network through the weakest point in the armor.

3) Get Your Head, Not Your Security, Out of the Cloud: Adopting cloud-based services opens organizations up to many risks and vulnerabilities as information travels to and from protected networks via a public pipe, creating many more opportunities for data infection or theft.

Securing the cloud will be hotter than ever in 2010 as more and more companies adopt services such as storage for rent, software as a service, virtual IT and application hosting. The concept of protecting data-at-rest vs. data-in-motion comes into play, forcing organizations to examine various security mechanisms to secure their data, including encryption, SSL inspection, data leakage protection, antivirus among others. Data while at rest in the cloud may be protected in a lock and key manner to prevent unauthorized access, but infected data is not necessarily cleansed in the cloud and can be brought back to the network in transit.

4) Don't Throw the Apps Out with the Bath Water: Second-layer security will be adopted to help enterprises have better application control beyond just allow or not allow.

Enterprises will be more than ever confronted with employees' use of social media apps that don't always have an obvious business benefit, and many of these tools come with them some very nasty threats. From recent memory, witness Koobface and Secret Crush targeting and wreaking havoc on millions of Facebook and MySpace users. Beyond social networking sites, application threats are also targeting business-critical applications, causing many companies to implement countermeasures for these new sophisticated/targeted attacks. But in 2010, organizations do not have to implement an all-or-nothing policy. Application security exists to provide intelligent second-layer security controls to enable (1) defining of granular application policies that allow or disallow applications by layers and (2) screening malicious activities within allowed applications, then capturing and disposing of it at the gateway. This is a much more intelligent and productive approach than alienating a workforce and, in the process, possible missing out on next-generation marketing vehicles with a "no-Facebook/YouTube/MySpace," etc. policy.

5) Security and Network Services Aren't Strange Bedfellows: A natural evolution with the trend in consolidating network devices is to integrate more network functionality into security devices.

We've seen the successful convergence of multiple security and network services into a single appliance with the strong adoption of unified threat management solutions over the past decade. As security performance has gotten faster and faster, customers have increasingly seen the benefit in the convergence of network and security services on the same platform, especially in the economic climate of the past 18 months when the benefits of consolidation have resonated well with customers. Moving into 2010, additional consolidation of network services will find continued acceptance with budget-conscious customers. For example, WAN acceleration has seen strong acceptance by customers earlier this year when the service was integrated into a consolidated security device to accelerate the good traffic while stopping the bad. Switching and VOIP capabilities might be other network services to be integrated into consolidated security devices in the future.

6) CaaS vs. SaaS: Cybercriminals will take a page from the new security-as-a-service business model to implement their own crime-as-a-service approach, a criminal "environment for hire," so to speak.

Most people have heard of the growing popularity of Security as a Service in which companies opt to unburden themselves from the complex task of securing their networks and, instead, outsource it to a third-party service provider. The popularity of the outsourced security approach will continue to grow into 2010 for its cost effectiveness and ease. Such an elegant model has not been lost on the cyber criminal element, many of which have adopted the "Crime as a Service" approach, which serves to both increase their reach and obfuscate their identity. We expect to see an increase in the number of "crime kits" that allow centralized control panels for botmasters to anonymously administer their malicious networks, with these kits further revolving in 2010 to include maintenance, help and QA support from the criminal syndicates. To date, common CaaS methods have manifested themselves through rental of networks for malware/adware distribution or spewing spam. This will likely begin to evolve into an extensive set of services: think consultation, hackers for hire – DDoS, infostealing and blackmail attacks on political parties, governments, enterprises and even civilian scenarios. Thus, the attack processes will become easier and more transparent by placing the technical requirements behind a service for hire.

7) Scareware and Affiliates Find New Ground: With consumers becoming wise to scareware, cybercriminals are expected to up the stakes in 2010 by holding consumers' digital assets hostage for ransom.

The highly profitable nature of fake security software, or scareware, will make it a mainstay in 2010. But with greater public awareness, the profitable affiliate programs backing these scareware campaigns will begin to seek new ground with new vehicles such as ransomware. Ransomware destructively encrypts valuable data and files on a victim's machine, holding it for ransom with recovery theoretically possible only through a supplied key. Of course, this key comes at a price and could readily be offered by fraudulent data recovery software, backed by the very same affiliate programs that support scareware. Recent attacks already show a progression of ransomware to utilize services such as MMS to send keys to recipients for their convenience.

8) Money Mules Multiply: Unwitting consumers may find themselves accessories to a crime as cybercriminals find new "mules" to launder their ill-gotten gains.

More money laundering vehicles will be created to transport cash rampant in the digital underground. Money mules, often innocent individuals used to transfer illicit funds for a commission, will be a common example of such a vehicle. We will see more innovative and professionally created job advertisements to lure tempted prospects into becoming a mule. Cyber criminals will go above and beyond the blatant use of mules we have witnessed to date and focus on concealing their mules. Authentication techniques will be further developed to feed red herrings to researchers and law enforcement agencies attempting to communicate with criminal networks, while real information such as money mule accounts are fed only to authenticated connections.

9) Multiple Platforms in the Crosshairs: With a growing number of users on new platforms, cybercriminals will target their attacks beyond Microsoft Windows.

The majority of attacks have been aimed at Microsoft Windows platforms simply due to market share. With a large user base and vulnerable components/developed software in place, ample opportunities exist for attack and with more to come with the latest release of Windows 7. Two main factors will spread attacks to other platforms moving into 2010. First, more applications will be able to execute cross-platform (on many devices) as these platforms connect support for technologies for web applications and supplements (Flash, Javascript, etc). Therefore, many attack targets will exist for one given attack vector. Second, black hat hackers – a growing resource – will focus on exploiting these platforms. More vulnerabilities are being discovered in mobile platforms and components, such as MMS messages on the iPhone. We already witnessed more sophisticated, malicious code on mobile platforms such as SymbianOS in 2009. While this will certainly continue in 2010, other opportunities are opening up. For example, Palm just opened up WebOS to developers.

10) Botnets Hide Through Legit Means: Botnets will no longer just obfuscate their binary codes to escape detection. Instead, they will piggyback on legitimate communications vehicles to propagate and cloak activities.

Threats today are quite blended, arriving through many attack vectors and associated with many working components. This has proven to be a successful model as cyber criminals look to effectively infiltrate machines and bypass any security measures that may be in place. Botnets have long used this technique to obfuscate and pack their malicious binary code to evade detection. Moving into 2010, we will see botnets continue to attempt to evade detection beyond the binary, with a focus on network communication. This will come in the form of piggybacking on legitimate protocols, communication encryption, authentication, and obfuscation. Already we have seen botnets communicating through Twitter and Google groups – certainly this scope will expand. These efforts will also help cloak command and control servers.