Overview of Hot Technologies that are tearing up the security ecosystem. Cyber security experts now have to ‘Move their Cheese’ and deal with threats created by the Cloud, the Internet of Things, mobile/wireless and wearable technology.
1. HOT CYBER SECURITY TECHNOLOGIES
Ruchika Sachdeva, CISSP
Since over an year, with advent of pandemic, the plethora of enterprises has turned inside out .The
accelerateddigital business hasledtoexponentialincreaseincognitionof both the service providers as
well asthe User Community.Nevertheless , the Hacktivists (a combination of hacker and activist) have
found a persistent playground to play their part and constantly outsmart modern cyber security
technologies.AS per Cost Of Data Breach Report (CODB), there has been 10% Increase in average total
cost of a breach, 2020-2021 . Does that end the fight against Cyber Crime. Definitely ‘NO’. Security is a
journey,nota finishline.we have torespondbyreassessingoursecurity infrastructure and technology
thereby respondingappropriately. Cybersecurity expertsnowhaveto‘Movetheir Cheese’ and deal with
threats created by the Cloud, the Internet of Things, mobile/wireless and wearable technology.
As per Gartner,’ this year’s security and risk trends like Cybersecurity Mesh, Identity First highlight
ongoingstrategicshiftsinthe securityecosystemthataren’tyetwidelyrecognized, but are expected to
have broad industry impact and significant potential for disruption.’ The pandemic has pushed
organizationstoFully (ormostly) remote,withplanstoshiftemployees to remote permanently. Infact
$1.07m Cost difference has been reflected in CODB Report where remote work was a factor in causing
the breach. From a security perspective,thiswidenedAttackmatrix requires a total reboot of policies ,
tools and approved technologies to better mitigate the risks.
Before movingtowardsthe hotTechnologiesthatare tearingupthe securityecosystem, lets lookat the
top 10 vulnerabilities of 2021, as per OWASP leading Hackers wreak havoc on enterprises successful
attacks and data breaches .
BrokenAccessControl
CryptographicFailures
Injection
Insecure Design
SecurityMisconfiguration
VulnerableandOutdatedComponents
IdentificationandAuthenticationFailures
Software andData IntegrityFailures
SecurityLoggingandMonitoringFailures
ServerSide RequestForgery(SSRF)
As real-worldretrospectiveof the OWASP Top 10, organizations can now set a priority over which risks
to focuson and helpsthemunderstand, identify,mitigate, and fix vulnerabilities in their technology to
maintaina foundationalsecurityposture in this era of digital transformation. We will see how some of
the technologies discussed are mapped to the OWASP Top 10.
2. Hot Technologies:
Artificial Intelligence and Machine Learning
As in every other domain, AI has emerged as one of the top game changer for cybersecurity.AS
cybercrime isgrowingmanifold, (AI)ishelpingunder-resourcedsecurity operations analysts stay ahead
of threats. Many companies(especiallythose withsomethingtosell) use the termsartificial intelligence
(AI) andmachine learning(ML) interchangeably,asthoughtheyare synonymous. However, they aren’t.
Artificial intelligence is a broad field that includes ML. It gives machines the ability to do things that a
humancan do betteror allowsamachine to performtasks that we previously thought required human
intelligence. AnAIsystemstartswithnothingandprogressivelylearnsthe rules. It then creates its own
algorithms as it learns the rules and applies machine-learning techniques based on these rules.
Application:AIsystemsare beingtrainedtodetectmalware,runpatternrecognition, and detect even
the minutest behaviors of Malware or Ransomware attacks before it enters the system. A behavior-
basedIDS can be labeledanexpertsystemorapseudo-artificial intelligencesystembecause it can learn
and make assumptions about events by consuming billions of data artifacts. Access control on top of
OWASP, AI can prove to be blessing in the security ecosystem as it can be used as a proactive step
against intrusion at a security entrance like a swing door or turnstile and integrated into the access
control and video security systems to provide rich analytics and situational awareness.
Benefit: A significant benefit of AI and Machine Learning based devices for example in case of a
behavior-based IDS is that it can detect newer attacks that have no signatures and are not detectable
with the signature-based method. Finding threats becomes faster with AI that analyzes relationships
between threats like malicious files, suspicious IP addresses or insiders in seconds or minutes and
enablessecurityanalystmake critical decisions andremediate threats in substantially reduced in time.
User And Entity Behavior Analysis (UEBA)
UEBA is the concepts of analyzing the behavior of users, subjects, visitors, customers, and so forth for
some specific goal or purpose.. UEBA tools create user profiles (similar to a baseline for a network)
based on individual behavior .on endpoints and other devices, and then highlighting deviations from
that profile that may indicate a potential compromise.
Application: UEBA can be provide huge sense of relief as it strengthens the security by monitoring
users and other entities, detecting anomalies in behavior patterns that could be indicative of a
threat, somewhat similartothat occurredin June 21 withthe Professional networking giant LinkedIn
wherein a huge bundle of 700 million user records apparently scraped from via an API in June 2021,
impacting more than 90% of its user base.
Benefits:Some of the benefitsof UEBA includesEarlydetectionof InsiderThreats,detectionof breach
due to access to Protecteddatabyuserwhenhe or she doesnothave legitimate businessreasonto
access it,detectionof brute force attack of cloudbasedentitiesand helpsin prioritizingaccounts
3. generatingabnormal failedlogins. Lastbutnotthe leastUEBA can reduce false positivesthroughwhen
combinedwithmachine learning.
Blockchain
The Blockchain is,initssimplestdescription,adistributedandimmutable publicledger.This means that
it can store records in a way that distributes those records among many different systems located
around the world and do so in manner that prevents anyone from tampering with those records. The
Blockchain creates a data store that nobody can tamper with or destroy. Infact Organizations must
ponderuponBlockchainTechnologyespecially when Security Logging and Monitoring Failures (One of
OWASP Top 10) is their key vulnerability relevant to their environment.
Application: The first major application of the Blockchain is Cryptocurrency. The Blockchain was
originallyinventedas afoundational technologyforBitcoin,allowingthe trackingof Bitcoin transactions
without the use of a centralized authority. Although Cryptocurrency is the Blockchain application that
has receivedthe mostattention,there are manyotherusesfor a distributedimmutable ledger-so much
so that new applications of Blockchain technology seem to be appearing every day. For example,
property ownership records could benefit tremendously from a Blockchain application. This approach
would place those records in a transparent, public repository that is protected against intentional or
accidental damage. Blockchain technology might also be used to track supply chains, providing
consumerswithconfidence thattheirproduce came from reputable sources and allowing regulators to
easily track down the origin of recalled produce.
Benefits: The key reason behind Blockchain gaining much traction are the promising benefits that it
offersthat includes but are not limited to Better Transparency, Enhanced security, Reduced cost, True
traceability, Improvedspeedandefficiency. Blockchainisarevolutionarytechnologywithahuge impact
on everysectoroutthere namely Energy, Real Estate, Logistics, Healthcare, Finance, and Government.
There are alreadymany companies usingBlockchaintechnology actively after realizing the potential of
this tech. So organizations can make educated decisions whether to use Blockchain technology over
other traditional technologies.
Automating Incidence Response throughSOAR
Security orchestration, automation, and response (SOAR) refers to a group of technologies that allow
organizations to respond to some incidents automatically. It goes well beyond SIEM. Traditionally,
security administrators respond to each warning manually. This typically requires them to verify the
warningis valid and then respond. Many times, they perform the same rote actions that they’ve done
before.
Application:Some of the applications of SOAR includes automating response for DOS attack. Imagine
attackershave launcheda SYN floodattack on serversinascreenedsubnet(sometimes referred to as a
demilitarizedzone).Networktoolsdetectthe attackand raise alerts. they manually change the amount
of time a serverwill waitforanACKpacket.Afterthe attack has stopped,theymanuallychange the time
back to its original setting. SOAR allows security administrators to define these incidents and the
4. response,typicallyusingplaybooksandrunbooks.Withinthe contextof incidentresponse,aplaybookis
a document that defines actions, and the runbook implements those actions.
Benefits: The ultimate goal of SOAR is to bring efficiency to Security Operations Centre (SOC)
processes and improve incident response in the face of thousands of security alerts. Some of the
main benefits include Faster Response Time, Optimized Threat Intelligence, Optimized Threat
Intelligence, Streamlined Operations, Reduced Cyberattack impact, Lowered cost . A typical enterprise
is surely to experience significant savings by integrating a SOAR platform into its business model.
Zero Trust Architecture
Zero trustis a securityconceptwhere nothinginsidethe organizationis automaticallytrusted.There has
long been an assumption that everything on the inside is trusted and everything on the outside is
untrusted. This has led to a significant security focus on endpoint devices, the locations where users
interact with company resources. An endpoint device could be a user’s workstation, a tablet, a
smartphone, an Internet of Things (IoT) device, an industrial control system (ICS), an edge computing
sensor,orany public-facingserversinascreenedsubnetorextranet.Zerotrust isan alternate approach
to security where nothing is automatically trusted. Instead, each request for activity or access is
assumed to be from an unknown and untrusted location until otherwise verified.
Application: Zero trust is implemented using a wide range of security solutions, including internal
segmentationfirewalls (ISFWs), multifactor authentication (MFA) ,Single Sign On (SSO),RBAC coupled
withvirtual patching, identityandaccess management(IAM) (Identification and authentication failures
on OWASPtop10 list), Auditingandlogging(alsoonOWASP Top 10 list) and next-generation endpoint
security.
Benefits: Key benefits of Zero Trust Architecture include Reduced threat surface, Increased visibility
into all user activity Limit possibility for data exfiltration, Improved overall security posture both on-
premises and in the cloud. As per Cost Of Data Breach (CODB) report , 2021, a zero trust approach help
reduce the average cost of a data breach. A cost difference in breaches of $1.76m has been observed
where Zero Trust wasdeployedascomparedtono zerotrust. Zero trust can help prevent attacks based
on the OWASP top 10, as zero trust attackers will have no visibility into potential OWASP applicative
vulnerabilities.
Embedded Hardware Security
An emerging area of vulnerability is the code in device firmware that runs at startup to prepare the
operating system launch. Hackers are looking for ways to inject malware into this code beneath the
operating system, which by default never required security and integrity checks designed into its
sequence. As a result, the operating system will trust this code even when it contains a nefarious
malware payload. To mitigate this threat, a modern PC platform can integrate Hardware-Enhanced
Security that starts at the assembly line.
It isbasedon conceptof Privacy by Design (PbD).PbDisa guideline tointegrate privacyprotections into
productsduringthe earlydesignphase ratherthan attempting to tack it on at the end of development.
5. It iseffectivelythe same overall conceptas“securitybydesign”or“integratedsecurity,” where security
is to be an element of design and architecture of a product starting at initiation and being maintained
throughout the software development lifecycle (SDLC).
Application:EmbeddedsecurityICscanprovide aturnkeysecuritysolution,delivering capabilities and
featuressuchas layersof advancedphysical security,cryptographicalgorithms,secureboot,encryption,
secure keystorage,anddigital signature generation and verification. Infact Organizations must ponder
uponHardware Securityespeciallywhensensitive data disclosure is their key vulnerability relevant to
theirenvironment.CryptographicFailure being on top of OWASP, Embedded hardware Security seems
to be the need of the hour.
Benefits: Some of the benefits of embedded hardware security include root-of-trust, mutual
authentication, data confidentiality and integrity, secure boot, secure firmware update, and secure
communications. It addresses most vulnerabilities in the OWASP list (Cryptographic Failure, Data
Integrity ,Insecure Design to name a few) Vendors like Maxim, Intel features authentication IC that
provides a unique approach to mitigating key threats by providing a built-in key that uses the random
variationsinsemiconductordevice characteristicstoprovide aphysicallyunclonablefunction(PUF). The
PUF feature is used to create a unique secret key that remains constant over time and under different
operatingconditions,including operating voltage and temperature. The only way the PUF output (and
resulting key) changes is if someone attempts to probe low level chip operations. Designed to
revolutionize ‘authentication security’, these employ multiple levels and methods of authentication
working in tandem. Some business grade PC are providing AI based Hardware-Enhanced Endpoint
Security that make use of hardware telemetry to help detect stealthy attacks.
Conclusion
As per NIST 800-36, Guide to Selecting Information technology security controls, the specific blend of
securitycontrolsan organization employs is tied to the mission of the organization and the role of the
systemwithinthe organizationasitsupportsthatmission. Anyof the technologiesthatthe Organization
choses to adopt , it must ensure the following general considerations when selecting IT security
products:
Organizational considerations shouldincludeidentifying the user community; the relationship
between the security product and organization’s mission; the sensitivity of the data; the
organization’ssecurity requirements, policies, and procedures; and operational issues such as
daily operation, maintenance, and training. ƒ
Product considerations shouldinclude total life-cycle costs (including acquisition and support),
ease-of-use, scalability, and interoperability requirements; test requirements; known
vulnerabilities;implementationrequirementsforrelevant patches; requirements and methods
for reviewing product specifications against existing and planned organizational programs,
policies, procedures, and standards; security critical dependencies with other products; and
interactions with the existing infrastructure. ƒ
Vendor considerations should include whether the selection of a particular product will limit
future securitychoices;vendorexperience with the product; and vendor history in responding
to security flaws in its products.