Design – TAG Cyber LLC - BlackRidge Technology...Blackridge Technology – When John Hayes and...
156
Transcript of Design – TAG Cyber LLC - BlackRidge Technology...Blackridge Technology – When John Hayes and...
Design–TAGCyberLLCFinance–M&TBankResearch–TAGCyberLLCLeadAuthor–Dr.EdwardG.AmorosoResearchers–LiamBaglivo,MattAmoroso,MilesMcDonaldFacilities–WeWork,NYCTAGCyberLLCP.O.Box260,Sparta,NewJersey07871Copyright©2018TAGCyberLLC.Allrightsreserved.Thispublicationmaybefreelyreproduced,freelyquoted,freelydistributed,orfreelytransmittedinanyformorbyanymeans,electronicormechanical,includingphotocopying,recording,oranyinformationstorageandretrievalsystemwithoutneedtorequestpermissionfromthepublisher,solongasthecontentisneitherchangednorattributedtoadifferentsource.Securityexpertsandpractitionersmustrecognizethatbestpractices,technologies,andinformationaboutthecybersecurityindustryanditsparticipantswillalwaysbechanging.Suchexpertsandpractitionersmustthereforerelyontheirexperience,expertise,andknowledgewithrespecttointerpretationandapplicationoftheopinions,information,advice,andrecommendationscontainedanddescribedherein.NeithertheauthorofthisdocumentnorTAGCyberLLCassumeanyliabilityforanyinjuryand/ordamagetopersonsororganizationsasamatterofproductsliability,negligenceorotherwise,orfromanyuseoroperationofanyproducts,vendors,methods,instructions,recommendations,orideascontainedinanyaspectofthe2018TAGCyberSecurityAnnualvolumes.Theopinions,information,advice,andrecommendationsexpressedinthispublicationarenotrepresentationsoffact,andaresubjecttochangewithoutnotice.TAGCyberLLCreservestherighttochangeitspoliciesorexplanationsofitspoliciesatanytimewithoutnotice.
September7,2017TotheReader:This2018TAGCyberSecurityAnnual–Volume1:OutlookforFiftyCyberSecurityControlsisacompanionguidetothereportofsimilarnameissuedlastyear.Iwilladmitthatitwastemptingtotakelastyear’sreportandtweakafewwords,addsomenewdescriptions,andmaybedrawacoupleoffreshdiagrams–andcalltheresultanewreport.Luckily,thatlazyoptionpassed,andinstead,Ispentanhourofeachdayforthepastsixmonthswritinganewbook.So,ifyouthoughtyou’dgetoffeasy,thenforgetit:Youhavesomereadingtodo.ThisnewvolumecomplementstwoothernewvolumesissuedaspartoftheTAGCyberSecurityAnnualseriesandavailabletoyouasfreePDFdownloadsathttps://www.tag-cyber.com/.IsupposeonecoulddebatewhetherourTAGCybermaterialisuseful,butthereisfullconsensusthatourmaterialisvoluminous.Asalways,weofferourreportsatawhoppingpriceoffree,butIsuspectthatifweeverdecidetosellthesemassivevolumes,wewillsetpricingbasedondollars-per-pound.Theprocessusedtocreatethisvolumehadmuchincommonwithlastyear’sapproach.ThemostobvioussimilarityisthatIonceagainreceivedalotofhelp.Likelastyear,Icarefullyselectedandreachedouttoaselectgroupofcybersecuritytechnologyvendors–mostofthemnewthisyear–andaskedthattheyinvestthetime,energy,andresourcestohelpmelearntheirspecialty.ThesewonderfulDistinguishedVendorsarelistedonthenextpage–andIhopeyou’llreachoutandlearnfromthemaswell.Yourtimewillbewellspent.Also,likelastyear,Ispenthoursandhoursandhours(andmorehours)withenterprisesecurityprofessionalsandChiefInformationSecurityOfficers(CISOs)fromeverysectorinbusinessandgovernment.Iinvitedthemtodinners,Icajoledthemintoweeklydiscussionsessions,andIcorneredthemateveryconference.Ithinksomenowheadtheotherwaywhentheyseemeapproaching.Butthisisnecessary,becausecybersecurityonlycomesintofocuswithmanydifferentperspectives.Evenwithinthesamecompany,Ioftenheardifferentanswerstothesamequestion.So,therearenoshortcuts.Anawesomenewinputthisyearwasthegroupofpayingcustomers(yes,that’sright)forwhichmygrowingTAGCyberteam–LiamBaglivo,MattAmoroso,andMilesMcDonald–providedcybersecurityconsulting.Torespecttheirprivacy,Iwon’tnamethecompanieshere,buttheyprovidedamazinginsightsintocurrentviewsonbestpracticesincyberdefense.Theseclientsincludedtwobanks,asoftwarecompany,agovernmentsupportteam,atechcompany,anon-profit,andamedicaldevicecompany.Assistingontheirprojectswasenormouslyhelpfulinthecreationofthisvolume.MyannualcaveatonbiasmuststartwithAT&T,whereIservedforthirty-oneincredibleyears.IcontinuetobelievethattheexpertteamthereisdoinggroundbreakingworkinsoftwaredefinednetworkingunderJohnDonovan,anditisridiculousformetotrytoappearunbiased.Mycommentsonmanagedsecurityservicesofferaglowingvisionofself-provisioned,virtualizedsecurityviacloudandSDN,andifthatappearstoalignwithAT&T’sapproach–well,thenIadmitthealignment.Ispentyearshelpingtodesignthatwork,soIcannotuntanglemyself.Ihave,however,carefullyremovedmyselfthisyearfromallmajorboards.IlovedmyyearwithM&TBankasanIndependentDirectorontheirCorporateBoard,buttherelationshiphasbeenredesignedasseniorconsultative.ThatisonefinegroupofpeopleupinBuffalo,andIhopeyouusetheirbankingservices.IalsosteppeddownfromtheNSAAdvisoryBoardsothatIcouldwriteopenly,publishmorefreely,anddevotetheproperamountoftimerequiredforthisresearch.Thatgovernmentboardincludedanawesomegroupofamazingvolunteersandcivilservants–andIwisheachofthemwell.Myacademicaffiliationsremainintact,albeitperhapsmoreintense.Icontinuetoteachtwocoursesperyearinamassivelecturehalltoabouttwo-hundredgraduatestudentsattheStevensInstituteofTechnologyannually.I’vealsoacceptedapositionasaResearchProfessoratNYU,whereIfocusoncooperativelearning,government-fundedresearch,andcyberawarenesseventsforexecutives.Finally,IcontinuetoserveasaSeniorAdvisortotheAppliedPhysicsLabatJohnsHopkinsUniversity,whereIsupportagroupofridiculouslysmarttechnologists.Anyway,enoughaboutme:It’stimethatyoudiveintothis2018TAGCyberSecurityAnnual:Volume1–OutlookforFiftyCyberSecurityControls.Asyoureadthebook,myadviceistousetheFeynmanself-summarizationtechniquetoabsorbthematerialusingasharpenedTiconderoga,afreshlinedpad,andanopenmind.Ihopethisbookisusefultoyou.Dr.EdwardG.AmorosoChiefExecutiveOfficer,TAGCyberLLCFultonStreetStationonBroadway
2018TAGCyberDistinguishedVendorsEachofthevendorslistedbelowinvestedtheirvaluabletime,resources,andmoneyinthedevelopmentofthevolumeyouhaveinyourhands.Theywerecarefullyhand-selectedbasedontheuniqueness,importance,andrelevanceoftheirofferingtoChiefInformationSecurityOfficer(CISO)teamsfromthenearly1500vendorswecovereachyear.Iwouldlistthemallasco-authorsifthatwasfeasible–butofcourse,itisnot.Instead,theyarelistedbelowalphabetically,withabriefnoteofthanksfortheiruniqueinsight,friendship,andsupportoftheglobalcybersecurityindustry.Itgoeswithoutsayingthatanyunexpectederrorsinthisvolume,orrecommendationsthatmightultimatelyproveincorrect,areentirelymyfault–nottheirs.Hereisthelist,withawordortwoabouttheirfineleaders:4iQ–Ilovedworkingwiththe4iQteamthisyear,includingMonicaPalandJulioCasal.Thedigitalriskmonitoringandidentitythreatintelligenceservicestheyproviderepresentoneofthemostimportantcontributionsinourcybersecurityindustry.Agari–ItwasadelightworkingagainwithPatPetersonandthenewAgariCEORaviKhatod.TheAgariteamhelpedmeunderstandemailsecurityperhapsbetterthananyothergroup–andIamsoappreciativeoftheirassistance. AlienVault–RogerThorntonissuchawonderfultechnologist,alwaysavailabletoexpertlyhelpexplainsomeaspectofadvancedcybersecurity.MythanksgotoRogerandtheentireAlienVaultteamfortheirpartnershipwithTAGCyber.Appthority–DomingoGuerrawasgenerouswithhistimehelpingtoexplainhowappriskcanbeextendedtoholisticmobilitymanagement.PaulStich,asalways,continuestobesuchawonderfulcontributortoourcybersecurityindustry. ArborNetworks–BrianMcCannandhisteamcontinuetodosuchagreatjobreducingDDOSriskandhelpingtoassurebusinesscommunications.TheArborteamisfirstclassandalwaysgreathostsforvisitstoBoston.Ataata–ItwasadelightgettingtoknowMichaelMadon,CEOofAtaata,andtoimmerseinhisoriginalandamazingcontent.Hisfinesubscription-basedcontentofferingprovidesanaccurateglimpseintothefutureofsecurityawareness. AT&T–ThesecuritycommunityatmyformeremployerhasbeensoincrediblyhelpfultotheTAGCyberteaminareassuchasMSS,SDN,NFV,andevolvingthreat.TheGovernmentSolutionsteamhasalsobeenadelighttoworkwiththisyear!AttivoNetworks–TusharKothariandhiscapableteamatAttivocontinuetoimproveandadvancethestateoftheartinmoderncyberdeceptionfortheenterprise.ThesupportandfriendshipoftheentireAttivoteamaresoappreciated. BayshoreNetworks–FrancisCianfroccaisoneofmyfavoriteindustrypartners.Hisenthusiasm,knowledge,andgoodhumoraresuchwonderfulassetstotheIoT/OT/ICSindustry.Thankyou–Francis,forourmanydetaileddiscussions!BlackridgeTechnology–WhenJohnHayesandMikeMiracleexplainedfirstpacketauthenticationtome,Iwastotallyblownawaybytheconcept.Thisisafinegroupwithdeeptechnicalexpertiseandexperience–andIamsogratefulfortheirhelpthisyear.Bromium-SimonCrosbyisoneofthegreatpioneersintheuseofvirtualizationtechnologytoprotectendpointresources.He’sbeenwillingtoassisttheTAGCyberteamfromthebeginningandit’sanhonortobeassociatedwithhisfinecompany.Capsule8–JohnViegaandDinoDaiZoviaretwoawesometechnologistswithenoughexperienceandexpertisebetweenthemtopopulatefivecompanies.ItwashardnottoplayfavoriteswithsuchanincredibleLinuxsecuritystart-upfromBrooklyn.CIXSoftware–SameerMalhotraisafriendandJerseyneighbor,andhispeoplehavebeensogenerousexplainingtheirareaandhelpingmetounderstandthebestwaytoprotectsoftwareapplications.Iamsogratefultotheteam.CloudPassage–CarsonSweet’sconceptforcloudsecurityalignstightlywithmyownthinking,soitwasnaturalformetogravitateinthatdirectionforassistance.EverytimeIchatwithCarsonandtheCloudPassageteam,Ilearnsomethinguseful.ContrastSecurity–ItwassuchanamazingprivilegetogettoknowJeffWilliamsandtheContrastSecurityteam.Theyhaveamazingcredentialsandtheyreallyknowwhattheyaredoing.Iamsogratefulfortheirvaluabletimeandpartnership.CrowdStrike–GeorgeKurtz,DmitriAlperovitch,andShawnHenrymightbeoneofthestrongestexecutivetechnicalmanagementteamsincybersecuritytoday–orpossiblyever.Iappreciatetheirfriendshipandon-goingsupport.CyberadAPT–KirstenBaywassogenerouswithhertime(includingadayspentatNYUinBrooklynformystudents).Sheisoneofthefineleadersinourindustry,andIsoappreciateherteam’spartnershipthisyearwithTAGCyber.CyberArk–TheCyberArkteamwassogenerouswiththeirtimethisyear,helpingmetounderstandoneofthemostneglectedaspectsofcybersecurity–namely,privilegedaccountmanagement.Thankstothefineteamfortheirwonderfulsupport.Cybereason–IwassopleasedtoseeSamCurryrecentlyjoinCybereason,justmakinganexcellentcybersecuritycompanythatmuchbetter.I’velearnedsomuchfromtheCybereasonteamonvitaltopicsincludingthebestwaystoavoidransomware.Cylance–IamgratefultoStuartMcClureandMalcolmHarkinsfortheircontinuedsupportofTAGCyber.Withouttheirkindassistanceexplainingadvancedalgorithms,machinelearning,andartificialintelligence,thisreportwouldnotexist.Cytegic–ItwaswonderfulgettingtoknowElonKaplan,amanwithaneclecticbackgroundincludinganadvanceddegreeinorganizationalpsychology.Histeam’splatformapproachtoriskmanagementisagreatcontributiontoourindustry.Cyxtera–I’vebeenfriendswithDavidKeasey,LeoTaddeo,andothermembersoftheCyxterateamforyears,andIconsidertheirnewcompanyoneofthebrightspotsinourindustrywithaworld-classapproachtosoftwaredefinedperimeters.DeepInstinct–Fewpeopleunderstandmachinelearning,artificialintelligence,anddeeplearningone-tenthaswellasEliDavidunderstands,explains,andappliesthetechnologytocybersecurity.Iappreciateallhisteamdoesforourindustry!
DigitalDefense–IwassopleasedtoseeLarryHurtadoandhisteamapplytheiryearsofexperienceandexpertisetoanewworld-classplatformforenterprisevulnerabilitymanagement.Iappreciatehisteam’scontinuedsupport!E8Security–IndustryveteranMattJonesandhisfinetechnicalandmarketingteamsatE8Securityaresoknowledgeableonbehavioralintelligenceandanalytics,andtheywereamazinglysupportiveofTAGCyberthisyear.Fireglass–IenjoyedgettingtoknowGuyGuznerandhisteamatFireglassanditwaswonderfultoseetheSymantecacquisition.Isolationissuchapowerfultechniqueforpreventingmalwareanditwasexcitingtolearnfromtheexperts!Fortinet–KenXieisoneofthefinestandmostcapableCEOsinourindustry.WeallowemuchtoKen,MichaelXie,andtherestoftheFortinetteamfortheirclearvisionandstrongcontributionstocybersecurityprotectionofourglobalinfrastructure.GlobalDataSentinel–TheGlobalDataSentinelteammightbeoneofthemostexperiencedgroupsI’veencounteredinmycyberanalysiswork.IenjoyedmyinteractionswithAlfPoor,JohnGalinski,andtherestofthemanagementteam.GuidanceSoftware–PatrickDennisandhisteamofferedwonderfulinsightsintothesynergiesbetweencyberinvestigativesupportandendpointsecurity.AnthonyDiBellowasparticularlyhelpfultothisreport.Thankstotheteam!IronNetCybersecurity–EverytimeIvisittheIronNetteaminMarylandunderthedirectionofretiredGeneralKeithAlexander,Ireturnwithsucharenewedsenseofprideatthefinepeopleandtechnologythecompanyexemplifiesforourindustry.JavelinNetworks–ItwasthrillingtolearntheJavelinapproachtoActiveDirectorysecurity,whichIbelieveisperhapsthemostneglectedaspectofIToperationsprotection.RoiAbutbulandhisteamweresokindtoexplaintheirtechnologyindetail.Lookout–MobilesecurityisoneofthemostimportantaspectsoftheCISOportfolio,andLookouthasbeenagreatleaderinthisareafromtheinception.IamindebttoJimDolceandhisteamforthison-goingsupportofourworkatTAGCyber.Lumeta–ReggieBesthasalwaysbeenwillingtositdownandexplainthefineworkhisteamdoesatLumeta.SanjayRaja,morerecently,hasbeenagreatpartner.I’msoproudtocontinueworkingwithsuchanawesometeam!MenloSecurity–IsoenjoyedworkingcloselywiththeMenloSecurityteamthisyear,includingPoornimaDeBolle,whoissuchafinetechnologist.Ifindisolationtobeoneofthebrightspotsinourindustry,oneIhopeallCISOswilladoptmorereadily.NIKSUN–IconsiderParagPruthitobenotonlyagreatcontributorandrepresentativeofourindustry,butalsoaninspirationforhisvisionofhowcyberprotectionsmustevolve.TheNIKSUNstoryisagreatone,andIamsoappreciativeofalltheydo.Panaseer–ItwassuchapleasuremakingfriendswiththePanaseerfolksfromtheUK.Theyweresokindwiththeirtimeandenergy,spendingmultiplehourswithmeexplainingtheirapproachtoadvancedenterpriseriskmanagement.PingIdentity–Likelastyear,Pingwassogeneroustohelpmeinoneofthemostcomplexaspectsofcybersecurity.PatrickHardingspenttimewithmeinNewYork,providingdeepinsightsintomodernIAM.ThankstothePingteam!Prevalent–ItwasgreatmakingfriendsthisyearwiththePrevalentteam,myNewJerseyneighbors.JonathanDambrotisatrueexpertwhenitcomestomanagingriskinthirdparties,whichmaybethehighestcontributortoenterpriseattackstoday.Prevoty–Irarelyusethephrase“readdeal”whenreferencingatechnologyandmanagementteam,butthePrevotygroupisjustthat.KunalAnandisatruerisingstarinourindustry,andIlovegettingtogetherwithhimtolearnaboutsoftwaresecurity!RiskIQ–LouManusoshasbeensogenerouswithhistimethisyear(includingbravingtheBrooklynsubwaysystemforourmeetings).TheworkatRiskIQisworld-class,anddigitalthreatmanagementhasbecomeessentialforeveryCISOteam.RiskSense–IwassoimpressedthisyearwithSrinivasMukkamalaandhisfineteamatRiskSense.IlearnedsomuchthisyearfromtheRiskSensegrouponautomatingriskmanagementintoaworld-classplatform.Thankstotheteamfortheirsupport! Securonix–SachinNayyarhasassembledoneofthefinestteamsinthecybersecurityindustry.IlearnedsomuchthisyearfromSecuronixaboutadvancedanalytics,withthebonusthattheyunderstandIAM-basedanalysisaswellasanyone!SertintyOne–TheSertintyONEteamisascapable,helpful,andknowledgeableasanyI’veencounteredinourentireindustry.GregTaylorsetsamoodinthatcompanythatservesasamodelforallofus–andIamsoappreciativeoftheirgreatsupport.Skycure–I’vehadthegreatpleasuretobefriendswithAdiSharabani,andconsiderhimoneoftheleadingexpertsinourfield.Iwassopleasedtoseetheacquisitionthisyear,andbelievetheSkycuresolutionwillcontinuetogrowinitseffectiveness. SkyhighNetworks–RajivGuptaisoneofthemostcapableCEOsinourbusiness.EverytimeheandIsitdown,Icomeawaywithtwentypagesofnotes.MysincereappreciationtoRajivandtheSkyhighteamforalltheirsupporttoTAGCyber!Skyport–Itissuchadelighttorunintotrulynovelsolutionsinourindustry,andso,itwasthrillingtolearnabouttheSkyporttechnologyfromMichaelBeesley.Iloveddiggingintoandlearningthedetailsofhypersecuredinfrastructurethisyear!Sqrrl–TheSqrrlteamiscapable,energetic,andgiftedintheirunderstandingofhowbesttosupportthecyberhunterworkingwithdatainaSOCfocusedonUEBAandotherindicators.Iamsogratefulforallthetimetheyspentwithmethisyear!Symantec–Idon’tthinkIcansayenoughabouthowmuchIvaluemyfriendshipwithGregClark,HughThompson,andtheSymantecteam.Idoubtyoucouldeverfindamorecapableandknowledgeableexecutiveteam.Iappreciatetheirsupport!Synack–TheSynackteamhasbeensohelpfultomeoverthepasttwoyears,helpingmeseethefutureofvulnerabilitydiscoveryusingvettedteamsofexperts.AislingMacRunnelswentwaybeyondthecallofdutywithheradviceandassistance!TenFour–BruceFlitcroftisoneofthemostenergeticCEOsinthebusinessanditwasexcitingtohaveafontrowseatasherebrandedhisfinecompanytoTenFourthisyear.Hisutilitymodelhaspowerfulimplicationsforsecurityatthenetworklevel.Tripwire–ItissuchaprivilegetohavetheassistancethisyearofsuchacapableteamfromtheiconicTripwirebrand!IlovetheirfocusonareturntothefundamentalsandIlovedworkingwiththemonhowtheirsolutionscanassisttheCISO.TruSTAR–I’vebeenfriendswithPaulKurtzforyears,andIcanattesttohispersonalconvictionsaroundtheimportanceofthreatinformationandintelligencesharing.HeandhisteamareassetstoourindustryandIappreciatetheirfinesupport.
vArmour–TimEadesandhisteamatvArmour,includingMarcWoolwardandMarkWeatherford,weresogenerouswiththeirpersontimethisyear.Theyarealwayswillingtositdownface-to-faceandhelpmelearnmoreaboutvirtualizedsecurity.VectraNetworks–TheapplicationofmachinelearningandAItocybersecurityisagreatbrightspotinourindustry,andVectradoesitaswellasanyone.IappreciatetheirtimeandassistancetoTAGCyber,andIlearnedsomuchfromtheirfineteam!VMWare–AlexTosheffisarisingstarincybersecurity,andhehelpedmeunderstandtherolethatvirtualoperatingsystemsandinfrastructurewillplayinnextgenerationcyberprotection.ItwassuchadelighttoworkwiththeVMWareteam!WaterfallSecurity–ItisimpossibletospendtimewithLiorFrenkelfromWaterfallandnotcomeawayexcitedandinvigoratedtomeetthegrowingchallengesofprotectingindustrialcontrolsystems.Keepupthegreatwork,Liorandteam!ZeroFOX–ThewonderfulteamatZeroFOXunderJamesC.FosterwasgenerouswiththeirtimeandassistancetoTAGCyber,helpingusbetterunderstandthebestwaytoaddresssocialanddigitalrisks.ThankstotheZeroFOXteam!
2018TAGCyberSecurityAnnualVolume1:OutlookforFiftyCyberSecurityControlsPreparedbytheTAGCyberSecurityAnalystsTeamLead:Dr.EdwardG.AmorosoIntroductionToassisttheenterprisecybersecurityteaminthereductionofrisk,TAGCyberhasidentifiedandpublishedfiftycontrolsthatmustbeaddressedinanyeffectiveorganizationalprotectionprogram.Thesecontrolsaredepictedusingatabulardiagramthatmanyusershavecometorefertoastheperiodictableofcybersecuritycontrols:
Figurei.TAGCyberPeriodicTableofFiftyCyberSecurityControlsThefiftycontrolsareintroducedandexplainedinVolume1ofthe2017TAGCyberSecurityAnnual,alongwithdetailedcross-referencelistingsofworld-classcybersecurityvendorssupportingeachcontrol.ReadersareadvisedtotakesometimetoreviewthatvolumetobuildfamiliaritywiththeTAGCyberapproach.ItisavailabletoyouasafreePDFdownloadathttps://www.tag-cyber.com/.Thepurposeofthisvolumeistoprovideadetailed2018outlookoneachofthefiftycontrolsforbothenterprisepractitionersandcybersecurityvendors.Eachofthefiftycontroloutlookswasdevelopedtohelpsecurityteamsoptimizetheirprograms.Manywonderfulframeworksexistthatprovidetipsandguidanceforexistingprograms,buttheTAGCybercontrolsmatchupwiththespecific,day-to-day,practicalissuesthatariseforenterprisesecurityorganizations.Theoutlooksinthisvolumewerewrittenundertheassumptionthattheenterprisesecurityteamisunsatisfiedwiththeeffectivenessoftheirexistingapproach.Wehavetriedtocapturea
generalviewofhowmostteamsareeitherplanning,orshouldplan,acomprehensiveimprovementoftheircybersecurityecosystem.Thisgeneralviewisbestcapturedbyitssimplemoniker:Explode,Offload,andReload.
Figureii.Explode,Offload,andReloadMethodologyByexplode,weimplythateveryenterprisesecurityteammustimmediatelybreak-upanddistributetheexistingflatperimeter-protectednetwork.Byoffload,weimplythateveryenterprisesecurityteammustthenvirtualizetheresultdistributedworkloadsintoaserviceprovider-supportedcloudandnetworkinfrastructure.Byreload,weimplythattheresultantnewset-upmustthenbeprotectedwiththebestnewsecuritysolutionsavailable.Readersmustunderstandthatouroutlooksareuselesstoanysecuritypractitioner,technologydeveloper,complianceauditor,orothercyberindustryprofessionalwhodoesnotbuyintotheTAGCybermethodology.Eachoftheoutlooksassessesappropriatenessandreadinessofagivencontroltosupportdistribution,virtualization,andprotectionupgradeinthecontextoftheevolvingenterprise.Ifyouloveperimetersandmainframes,thenthisbookisnotforyou.Thesectionsbelowfollowdirectlyfromtheperiodictableofcontrols.Eachsectionbrieflyintroducestheassociatedcontrol,andthenoffersanoutlookbasedonourmethodology.Specificguidanceisofferedforenterprisesecurityprofessionalsandcybersecuritytechnologyproviders.Thisguidecanbereadstand-alone,orcanbeusedasacompaniondocumenttotheoriginalTAGCyberSecurityAnnual.Vendorlistingsforeachcontrolareahavebeenupdatedfor2018.Control1:IntrusionDetectionandPreventionSystemsIntrusiondetectionandpreventionsystems(IDPS)arecybersecurityfunctionalcontrolsthataredesignedtodetectandmitigatecyberattacks.Suchfunctionalityissufficientlybroadandgeneraltocomplicateaneasydefinitionofthiscontrol.Thiswasnotalwaysthecase,ofcourse,sinceearlyintrusiondetectionsystems(IDS)involvedsensorsinnetworksandhoststhat
collectedindicatorsforcorrelativeprocessing.DefiningIDSwassimplethen.Today,enterprisesecurityteamsshouldviewmodernIDPSasconsistingofthreefundamentalapproaches:
• TraditionalIDPS:TraditionalIDPSnetworkandhostappliances,nowmostlyvirtual,collectsignature-basedindicatorsandprovideoptionalmitigation.
• AdvancedIDPS:AdvancedIDPSuseclevermethodssuchasvirtualizeddetonationtoidentifyseriousandsubtleconditionssuchasadvancedpersistentthreats.
• Deception-BasedIDPS:Deception-basedIDPSdemonstrategreatpromiseinusingcreativelures,traps,andhoneytodetectandultimatelymitigatethreats.
ThetechniquesusedintheseIDPScategoriesincreasinglyrelyontheuseofmachinelearning,deeplearning,andartificialintelligence.Whilethesemethodsarewell-establishedmeansforapplyingheuristicmathematicalreasoningtocomputingproblems,theirproperapplicationincybersecurityproductsisnon-trivial.Somesolutionsappeartodothiswell,whereasothersmightbeusingthetermstoadvancemarketinggoals.GeneralOutlookThegeneraloutlookforIDPSinvolvestransitionfromastand-alonefunctionin1998toincreaseduseasafunctionintegratedintoothersecuritycomponents.IDPShasalsoundergonetransitionfromamoregeneralizedattackdetectionfunctiontoonethatinvolvesmoredomain-specificcapability.FirstgenerationIDPSfrom1998to2007wascharacterizedbyearlyintroductionofhost-basedintrusiondetectionsystems(HIDS)andnetwork-basedintrusiondetectionsystems,bothofferedashardwareappliancesusinggeneralintrusionsignatures.SecondgenerationIDPSfrom2007to2016wascharacterizedbyintegrationwithnext-generationfirewalls(NGFW),earlyintroductionofbehavioraldetectionalgorithms,earlyuseofsimpledeceptiontechnology,andthebeginningsofvirtualizationforcloudworkloads.ThirdgenerationIDPS,whichbeginsin2016andcanbepredictedaccuratelythrough2025willinvolveheavyimplementationinInternetofThings(IoT),mobileandcloudinfrastructure,generallyaslighter,virtualizedappliances,runningincloudoperatingsystemswithsoftwaredefinednetwork(SDN)support,andmoreeffectiveuseofdeception.
Figure1.2018IntrusionDetectionandPreventionSystemOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,giventheratherclearmomentumtransitionthatison-goingtoday.Thevisualdrop-offinthegraphicshowingtransitionbacktomorestand-alonefunctionsshouldnotbeviewedasanegativetrend,butratherasamoreappropriatemeansfordeliveryofattackdetectionfunctionsusingspecificvirtualappliances.Stand-aloneprocessinglendsmorenaturallytovirtualservicechainsandtothedevelopmentofflexible,defense-in-depthcloudsecuritygauntletsfoundinmicrosegmentsandcloudaccesssecurityarchitectures.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsareadvisedtodiligentlyensurefullandpropercoverageinallthreeareasofIDPS,includingtraditional(signature),advanced(virtual,behavioral),anddeception-based,sinceeachareaoffersuniqueandnecessaryprotections.Domain-specificenvironmentssuchasindustrialcontrolwillbenefitfromtheadditionaldomainoptionsforIDPS,especiallywheremorestandardindustrialcontrolprotocolssuchasModbusandCANbusarebeingused.IDPSfunctionalitymustbeconnectedtoreasonableback-endsupportinfrastructureforthreatanalysis,evenifthisrequirespartnershipwithasuitablemanagedsecurityservice(MSS)provider.AdviceforSecurityTechnologyVendorsIDPSsecuritytechnologyvendorsshouldrecognizethatthegenericfunctionstheypreviouslysupportedwillcontinuetobecomecommoditized.Initsplace,domain-specific,stand-alone,virtualizedIDPScapabilityusingadvancedalgorithmswillgeneratesales.VendorsshoulddifferentiatetheirIDPSproductsbasedonspecific,targetedcapabilities,becauseIDPSfunctionalitywillbecomesufficientlyubiquitousthatgeneral,signature-basedfunctionsdetectingwell-knownattackswillgothewayofcalculatorsandflashlights.Thatis,theywillbecomevirtualizedandintegratedintoothercomponents.Deceptionwillcontinuetogrowinrelevanceandthebestvendorswilllearntodealwithspecificbusinesscharacteristicstoensuretargetbelievability.ListofSupportVendorsAlcalvio–ThroughacquisitionofShadowNetworks,Alcalviocreatesvirtualnetworkswhereprogrammerscansimulateattacks.AlienVault–AlienVaultisaSIEMvendorthatincludesIPSsecurityfunctionsinitscrowd-sourcedcybersecuritycapabilities.AttivoNetworks–AttivoNetworksprovidescustomerswithdeception-basedattackdetectionandpreventioncapabilities.Bricata–Bricataoffershighperformanceintrusionpreventionthatoperatesatlinespeedwithalargenetwork.BluVector–BluVectorprovidesadvancedthreatdetectionsolutionsincludingacapabilitybasedonartificialintelligence.CheckPointSoftware–CheckPointSoftwareofferssolutionswithIPSasanintegratedfeaturesorstand-alonecapability.Cisco–Cisco’sintrusiondetectionproductshelpedtoestablishtheenterpriseIPSmarketinthemid-1990’s.CoreSecurity–CoreSecurityprovidesanadvancedplatformforrealtimenetworkdatacollectionandsecurityanalytics.Cymmetria–Cymmetriaoffersdeception-basedcomputingtodetectingadvancedcybersecuritythreats.DBNetworks–DBNetworksprovidescontinuousmonitoringandattackdetectionfordatabaseinfrastructure.DeepInstinct–DeepInstinctemploysdeeplearningtodetectadvancedrealtimeAPTinendpoints,servers,andmobiles.Endian–EndianprovidesawiderangeofUTM,firewall,VPN,andrelatedsolutions,manywithintegratedIPScapability.enSilo–enSiloprovidesadvanceddataexfiltrationdetectionsolutionsforenterprisecustomersexperiencingabreach.ExtremeNetworks–ExtremeNetworksoffersanIPSbasedonitsEnterasysacquisitionyearsago.FireEye–FireEyeprovidesAPTdetectionandpreventionthroughdatacollectionandvirtualdetonationofsuspiciouspayloads.Fortinet–FortinetofferstheFortinetIntrusionPreventionSystemwiththeabilitytocustomizesignatures.
HPE–TheTippingPointproduct,acquiredbyHPE,wasoneoftheearliestintrusionpreventionsystemsinourindustry.Huawei–HuaweiisamajorChinesetechnologyandnetworkproviderthatincludesIPSsolutionsforenterprise.IBM–SolutionproviderIBMoffersitsSecurityNetworkIntrusionPreventionsystemappliancespoweredbyX-ForceR&D.Idappcon–Idappconoffersin-linenetworkintrusiondetectionsolutionswiththeabilitytowriteSnort-basedsecurityrules.Illusive–IllusiveprovidesIDSutilizingdeceptionbasedontheexperienceoftheprincipalsworkinginIsrael’seliteUnit8200.Intrusion–IntrusionhasbeenofferingarangeofIDSandIPSsolutionssince2000.IronNetCybersecurity–IronNetisanetworkmonitoringandsecurityanalyticsfirmprovidingstate-of-the-artattackdetection.JavelinNetworks–ThecompanyusesdeceptiontoprovideadvancedActiveDirectoryprotectionforenterprise.LightCyber–LightCybersupportsadvancedbehavioralattackdetectionthroughitsMagnaplatform.MetaFlows–MetaFlowshasdevelopedintrusionpreventiontechnologybasedonin-lineSnortoperation.Intel–McAfee,previouslyIntel,offersintrusionpreventionsystemproductswithsignatureandsignature-lessinspection.Niara–Niaraprovidesasecurityanalyticsplatformthatsupportsforensicsandbasicrealtimeattackdetectioncapabilities.NIKSUN–NIKSUNcansupportpacketcaptureandanalysisatextremelyhighnetworkcapacityrates.NSFOCUS–NSFOCUSincludesintrusionpreventioncapabilitiesinitsanti-DDOSproductandservicesuite.Onapsis–OnapsisprovidesautomatedsecurityassessmentandattackdetectionservicesforSAP.PaloAltoNetworks–PaloAltoNetworksprovidesarangeofembedded,integratedsupportforIPSinitssecurityproducts.PrivacyWare–PrivacyWareoffersadvancedintrusionpreventionandWebapplicationsecuritysoftwareforMicrosoftIIS.Radware–TheDefenseProNetworkIntrusionPreventionisintegratedwithDDOSandSSL-basedattackprotection.ReversingLabs–ReversingLabsprovidesautomatedsupportfordetectingmalwareinfiles,web,andemail.Seculert–Seculertprovidesavirtual,cloud-basedplatformthatisaccessibletotheenterpriseviaAPIs.Securonix–Securonixprovidesaplatformforcollectingandanalyzingcybersecurityintelligenceforthreatdetection.Snort–Snortconsistsoffreeintrusiondetectionsoftwareusedinacademic,research,andinnovativeenvironments.SS8–SS8extendsitsexpertiseinlawenforcementdatacollectionandintosupportformodernIPSbasedondeepinspection.Symantec–Symantecoffersmaturenetwork-basedIPSprotectionsolutionsaspartofitswiderangeofsecurityofferings.TrapXSecurity–TrapXprovidecyberattackdetectionthroughcamouflagedmalwaretrapsanddeceptivecomputing.TrustedMetrics–TrustedMetricsoffersanintrusiondetectionsystemwithadvancedthreatandmalwaredetection.TrustWave–Thewell-knownsolutionproviderincludesIPScapabilitiesinitsrangeofITsecurityofferingsforenterprise.VectraNetworks–Vectraprovidesadvanced,realtime,AI-basedcontinuousmonitoringofnetworks.Veedog–TheVeedogsolutionoffersmalwarepreventionthatsandboxessuspiciousfilesandscreensthemforproblems.WebrootCyberFlowAnalytics–WebrootacquiredtheCFAadvancedbreachdetectionproductforenterprisecustomers.Control2:DataLeakagePreventionSystemsDataleakageprevention(DLP)systemsarecybersecurityfunctionalcontrolsthataredesignedtodetectbothaccidentalandmaliciousreleaseofproprietaryorsensitiveinformationtoanyunauthorizedentity.Whensuchoperationinvolvesinadvertent,accidentaldataleakage,DLPsystemsexistonthemarginsofsecurityandinformationtechnology(IT).Increasingly,however,DLPsystemsareexpectedtodetectmaliciousactivityinvolvingtheexfiltrationofdatatoexternalsources.Thesearetoughmarchingordersforanysecuritycomponent.Today,enterprisesecurityteamsshouldviewDLPasconsistingoftwomaintechnicalapproaches:
• EndpointDLP–FunctionalityisembeddedinendpointssuchasPCs,mobiles,andevencloudworkloadstodetectandoptionallyblocksensitiveinformationtransferacrossnetworks,USBconnections,andothermeans.
• GatewayDLP–Functionalityisembeddedingateways,bothlogicalandphysical,todetectandoptionallyblockinformationtransfer.Gatewaysarebecomingincreasinglyvirtual,andhaveexpandedtoincludeadjacentmechanismssuchasapplicationprogramminginterfaces(APIs)betweensoftwareprocesses.
ThetechniquesusedinDLPstartedwithsimplepatternmatchingonafewphrasessuchas‘proprietary’or‘confidential’thateachorganizationwouldusetodetectdataleakage.Thismethodquicklyexpandedtoincludematchingonnumericpatterns,sometimesusingregularexpressiondefinition.Thegoal,obviously,wastodetectcreditcardnumbersandUSsocialsecuritynumbersbeingsentinappropriately.Suchtechniqueshavebeencomplicatedbyencryptionandcomplexarchitecturalset-upswiththird-parties,hybridclouds,andmobiledevices.Hence,themodernDLPvendorwilltakeamoreholisticapproachtodetectingleakage,oftencombiningtraditionalmeanswiththeuseofbehavioralanalytics,machinelearning,andotheradvancedpredictivealgorithms.GeneralOutlookThegeneraloutlookforDLPinvolvestransitionfromanobservational,reactivesolutiontoonethatusesbehavioralmethodstopreventleakage.Architecturalpositioningwillshiftfromcentralizedgatewaysandendpointstoamoredistributedhybriddeploymentfocusedoncloudworkloaddataleakage.FirstgenerationDLPfrom1998to2007wascharacterizedbyphrase-matchingmethodsonendpointsandnetworkstodetectnon-maliciousinformationtransfer.SecondgenerationDLPsystemsfrom2007to2016begantoincorporatemoreadvancedalgorithms,includingmachinelearningandregularexpressionparsing,todetectmoresubtleleaks.ThirdgenerationDLP,beginningin2016andadvancingto2025,shouldbeexpectedtocontinuetheiralgorithmicimprovementusingmachinelearningtoproactivelypreventadvanced,subtledataleakageattemptsfromvirtualizedcomputingstructuressuchashybridcloudworkloads.AsperimetergatewaysdissolveandasphysicalPCandmobileendpointsbecomesoftware-defined,behavioraldeterminationofdataleakagewillbecomefullyvirtual.
Figure2.2018DataLeakagePreventionSystemOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishighgiventheclearmomentumviewsthathavebeenestablishedintheDLPmarketoverthepasttwodecades.ThesuggestionthatphysicalendpointPCandmobiledeviceswillbecomesoftware-defined(likeyourcalculatorandflashlight)canbejarringtosomeobservers,butshouldbenonethelessexpected,giventhepredictablepatternforhowtechnologyprogresses.
AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsareadvisedtofocustheireffortsinthreeareas:First,theymustrevisitandimproveondataclassificationdefinitionsacrosstheenterprise.Thistaskisalwaysdonepoorly,includinginmultilevelsecurityenvironmentsingovernment,andthisisunfortunate,becauseproperDLPisnotpossiblewithoutproperdefinitions.Second,theymustoptimizeexistingDLPdeploymentsthatarelikelytobescatteredacrossgatewaysandendpoints.Formostcompanies,thisisamess,anditwillcontinuetobeforsometime.Third,andthisisthegoodnews,enterpriseteamsshouldbeginreviewingandtestingtheuseofDLPincloudmicrosegments,cloudaccesssecuritybroker(CASB)tools,softwaredefinednetwork(SDN)applications,andothervirtualizedcomputingentities.ThisisthefutureofDLP,asapowerfulembeddedcapability,soit’stimenowtobeginlearninghowtoorchestratesuchcollectivedataleakageprocessing.AdviceforSecurityTechnologyVendorsDLPsecuritytechnologyvendorsshouldrecognizethatthegenericfunctionstheypreviouslysupported,especiallyfornon-maliciouspatternmatching,willcontinuetobecomehighlycommoditized.Initsplace,domain-specific,stand-alone,virtualizedDLPcapabilityusingadvancedalgorithmswillbecomethenorm.ItwillbechallengingforDLPvendorstoorchestratedynamicpolicychanges,buildadistributedsnapshotofleakagerisk,andpreventadvancedattacksacrossmultiplecloudworkloads.DLPvendorswhoignorethisobviousshifttohybrid-cloudbased,SDN-orchestratedvirtualizationwillbecomeextinctinthenextdecade.ListofSupportVendorsAbsoluteSoftware–ThroughitsacquisitionofPalisadeSystems,thecompanyoffersenterpriseDLPsolutions.Axway–AxwayprovidessecurefiletransferandemailsecuritysolutionsincludingsupportforDLP.BHCLaboratory–BHCisacybersecurityconsultingandtrainingfirminEstoniathatincludesarangeofDLPproducts.BooleServer–BooleServerisanItalianencryptionsoftwarefirmthatincludesDLPforadvanceddataprotection.CATechnologies–CAoffersenterprisecybersecuritycapabilitiesincludingdataleakageprevention.CenterTools–TheGermancompanyoffersITsecurityanddataprotectiontoolsincludingDriveLocksoftwareforDLP.CheckPointSoftware–CheckPointoffersDLPsolutionsforon-premiseorvirtualdeployment.CipherCloud–CipherCloudsupportsDLP-basedcybersecuritycompliancesolutionsforpublic,hybrid,andprivateclouds.Cisco–ThecompanyofferstheCiscoIronPortproductforhighperformanceprotectionofemailandWebdata.Comodo–SecurityfirmComodoacquiredtheMyDLPdatalosspreventionsoftwaresolution.CoSoSys–CoSoSysincludesdatalosspreventionfunctionalityaspartofitsendpointsecurityofferingsforenterprise.DataLocker–Kansas-basedDataLockerincludesaUSB-basedDLPprotectionsolutionwithdigitalrightsmanagement.Deep-Secure–Deep-Secureprovidesnext-generationcontentinspectionforitsfirewallandrelatedenterpriseproducts.DeviceLock–DeviceLockofferstheDeviceLockDLPsolutionforprotectingpersonalandbusinessdata.DigitalGuardian–DigitalGuardianoffersnext-generationDLPtocontroldata,enforceegresspolicies,andmore.FidelisCyberSecurity–FidelisisaleaderinprovidingcybersecuritysolutionsincludingsupportforenterpriseDLP.Forcepoint–TheForcepointsecurityofferingsincludeaDLPModuleinitsTRITONAPXproduct.Fortinet–AdvanceddataleakagepreventionfunctionalityfortheenterprisecanbeconfiguredusingtheFortiGateproduct.GajShield–TheGajShieldnext-generationfirewallappliancesincludeadvanceddataleakagepreventionfunctionality.GroundLabs–TheEnterpriseReconsolutionfromSingapore-basedvendorincludessensitivedatadiscoveryandmanagement.GFISoftware–GFISoftwareprovidesarangeofadvanceddataleakageprotectionanddataawarenessforportabledevices.GTBTechnologies–TheCalifornia-basedfirmoffersenterprisedatalosspreventionandcybersecuritysolutions.HPE–TheHPEnterpriseAtallainformationprotectionandcontrolsolutionincludesdataleakageprotectionfunctionality.IBM–GlobaltechnologyfirmIBMoffersdatalosspreventionproductsaspartofitsDataSecuritysuiteofsolutions.InfoWatch–RussianfirmInfoWatchofferscustomerstheTrafficMonitorEnterpriseintegrateddatalosspreventionsystem.Intellinx–Intellinxoffersanadvanceddataleakagepreventionsolutionaspartofitsoverallsetofenterpriseproducts.JIRANSOFT–JIRANSOFTprovidesarangeofSaaS-baseddataleakagepreventionsolutionsforthemodernenterprise.
McAfee–RecentlyspunofffromIntel,McAfeecontinuesasaleaderinenterprisecybersecurityincludingDLP.Microsoft–MicrosoftincludesarangeofadvanceddatalosspreventionaspartofitssuiteofsolutionsincludingOffice365.Mimecast–UK-basedfirmMimecastprovidesdatalosspreventionforemailtosupportgovernance,risk,andcompliance.Minereye–ThisIsraelistart-upsecuritycompanyappliesmachine-learningcontrolstoprotectcompaniesfromdataloss.Intelisecure–ThroughacquisitionofPenturain2015,Intelisecurenowprovidesamanageddataleakagepreventionservice.Proofpoint–Proofpointincludeshigh-quality,advancedDLPfunctionalityinitsadvancedemailsecurityfilteringtechnology.RSA–Thecybersecuritypioneeringcompanyincludesdatalosspreventioninitscybersecuritysuiteofenterprisesolutions.RUAG–RUAGprovidesaDLPProductfortheenterprisethatisreferredtoasAdaptiveDataLossPrevention.SilverSky–NowpartofBAESystems,SilverSkyoffersemaildataleakagepreventionsolutionsforenterprisecustomers.Skyhigh–Skyhighoffersacloud-basedsecuritysolution,includingdataleakagepreventionforenterprise.Sophos–Sophosincludesadvanceddatalosspreventioncapabilitiesinitssuiteofcybersecurityprotectionsolutions.Somansa–Thecompany,locatedintheUSandMexico,offersDLPfornetwork,email,andotherenterprisesystems.Spambrella–Spambrellaofferscloud-baseddatalosspreventionsolutionsforcustomersaspartofitsemailfilteringservice.Symantec–Thecybersecurityfirmincludesadatalosspreventioninitsoverallcybersecuritysuiteofenterprisesolutions.TrendMicro–TrendMicroincludesdatalosspreventioninitsextensivecybersecuritysuite.Trustwave–TrustwaveoffersadvanceddatalosspreventionsolutionsthroughitsacquisitionofVericeptin2009.Zecurion–ZecurionprovidesmobiledatalosspreventionsolutionsforenterprisethataddressBYODinitiatives.ZixCorp–ZixCorpintegratesitsemailencryptionproductwithdatalosspreventionfeatures.Control3:FirewallPlatformFirewallplatformsseparatenetworks,orothercomputingenvironments,toenforceadesiredsecuritypolicy.Mostfirewallplatformsresideongatewaysbetweennetworks,butsomeresideonendpointstoenforcemorelocalpolicies.Firewallplatformoperationisdefinedbyasetofrules,usuallyadministeredusingvendor-providedtools.Notethatwereferencefirewallsasplatformsheretohighlighttheintegratedsetofcapabilitiesfoundinmostmodernfirewalls.Readersalreadyknowthatfirewalltechnologycontinuestowintheawardformostexplanatorytaxonomies–withsomepointingtotwomaincategoriesoffirewalls,somepointingtothreemaincategories,somepointingtofive,andonandon.Ourviewisthattheenterprisesecurityteamwillwanttodifferentiatefirewallplatformsbasedonthefollowingsevencriteria:
• StatelessPacketFilter–Thesearesimplefirewallcomponents,oftenimplementedinrouters,thatprovideenterprisesecurityteamswithfilteringthatcanbedeployedquicklyandatlowcost.
• StatefulApplicationGateway–Thesearemorecomplexfirewallproductsthatincludeapplication-levelfunctionalitysuchasproxiesandthatarealsosimpletodeploy,andatrelativelylowcost.
• Next-GenerationPlatform–Thesearemoremodernandpowerfulfirewallplatformswithanimpressivesetofintegratedsecuritycapabilitiesandfeatures,especiallyattheapplicationlevel.
• SharedNetwork-BasedPlatform–Thisisafirewallplatformthatresidesinanetwork,usuallyaspartofamulti-customer,sharedmanagedservicefromasecuritysolutionprovider.
• VirtualAppliance–Thisisafirewallpolicyenforcementcapabilitythathasbeenvirtualizedtoruninacloudoperatingsystemoftenaspartofamicro-segmentedarchitecture.
• FirewallPlatformSupportTools–Thesearefirewallsupportcapabilities,usuallyfocusedonassistingfirewalladministratorswiththeirgrowingnumberofrulesetsandpolicymanagementobligations.
Notethatendpointfirewallsrequiredifferentmanagement,andarebestviewedseparatelyaspartofaprotectionsolutionforPCs,servers,mobiles,IoTdevices,andthelike.Itgoeswithoutsayingthatfirewallswillcontinuetoserveasthebackboneformostenterprisesecurityarchitectures.Toillustrate,justaskanyChiefInformationSecurityOfficertosketchtheirarchitectureonawhiteboard,andtheywillstartdrawingfirewallsandnetworks.Thisimpliesthatregardlessofwhetherthefirewallplatformisstatelessorstateful,packet-levelorcircuit-based,simplegatewayorcomplexnextgenerationplatform,locally-managedorserviceprovidercontrolled,orphysicalorvirtualized–thefirewallwillremainatthecenterofeveryenterprisesecuritysolutionfortheforeseeablefuture.GeneralOutlookThegeneraloutlookforfirewallplatformsinvolvestransitionfromhardwareappliancestomorevirtualsolutions,andthesinglegatewaynatureofmostolderenterprisenetworkswillcontinuetoevolvetodistributed,cloud-basedsystemswithmultipleworkloadsrequiringfirewallprotection.Firstgenerationfirewallsfrom1998to2007combinedabasicfive-tuplepacketfilteringmethodologywithearlyproxyfunctionsintoasimplegatewaysolution.Thecapacityrequirementsforsuchfirewallscertainlyexpandedduringthisperiod,butremainedmodestbytoday’sstandards.Secondgenerationfirewallsfrom2007to2016includedthemassivegrowthofnext-generationfirewallsolutionswiththeabilitytodynamicallylearnhowapplicationsworked.Duringtheperiod,however,thecomplexityoftheperimeterapproachproducedspectacularcollapsesformostenterprisesecurityteams,andthefirewallgatewaycouldnotkeepupwiththeexpandednumberofrules,features,andgateways.Italsodidnothelpthatcapacityneedsgrewconsiderablyduringthisunfortunateperiod.Thirdgenerationfirewalls,from2016to2025,havetheobligationtofixtheproblemofnon-workingperimeters.Theywilldothisbyembracingdistribution,virtualization,andsimplification.Expecttoseesimplervirtualfirewallcapabilitiesthatself-tailortotheneedsofaspecificcloudworkload.ExpecttoseevirtualfirewallcapabilitiesthatcanworkinthedifficultterrainofIoTandindustrialcontrolprocessing.Alsoexpecttoseeamassiveincreaseindistributedfirewalldeploymentsintomicro-segmentedenvironmentsoncloudoperatingsystemssuchasOpenStack.Inaddition,aslargenetworkgatewaysaredistributedandvirtualized,thecapacityneedsforenterprisefirewalls,whichbeganmodestlyandthenexpandedduringthesecondgeneration,willnowbecomereducedonceagaintomoremodestsizes–althoughtheaggregatecapacityinatypicalenterprisewillbecomemuchgreater.
Figure3.2018FirewallPlatformOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,butthepowerfulfirewallindustrymightnotenjoyallaspectsofthisevolution.Existingfirewallhardwaremightcontinuetoamortizeontheorganization’scapitalbooksforyearsintothefuture,andteamsmightbehesitanttoimmediatelyreplacethem.Despitethis,theobviouscollapseoftheenterpriseperimeterineverysizenetworkwilldrivedistribution,virtualization,andsimplificationfasterthananyonemightcurrentlyexpect.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsareadvisedtotakeasmuchtimeaspossiblethisyeartolearnthevariousoptionsthatareavailableforfirewallplatformprotectionastheperimeternetworkevolves.Basicunderstandingoffive-tupletechnologyisinsufficientinthecomingyearstodealwiththemyriadofdecisionsthatwillberequiredtooptimizefirewallplatformselection,installation,andmanagement,especiallyfornext-generationsolutions.Thisisadifficulttimeforenterpriseteamswithadissolvingperimeter,soitistimetostudy,learn,andabsorbeverythingavailableregardingfirewallplatformtechnology.Teamsshouldalsotaketimetounderstandevolvingoptionsfromserviceprovidersfornetwork-basedandcloud-residentvirtualfirewallcapabilities.AdviceforSecurityTechnologyVendorsIDPSsecuritytechnologyvendorsshouldrecognizethattheperimeterismeltingquickly,andwiththischangewillcomegreaterdemandfordistributed,virtualfirewallsolutions.Vendorsarewarnedthatthehistoryoftechnologyteachesusthatthesechangessometimescomeinachoppymanner,ratherthanasasmoothtransition.Traditionalhardwareproductsthatresideonaperimetermightbepayingthebillsforvendorstoday,butthiscanchangeinaheartbeat–sofirewallplatformvendorsmustbecarefulnottowaittoolongbeforerethinkingtheirtechnologyapproach.Thenextdecadewilldemandsimpler,domain-specificfirewalltoolsthatarelight,virtual,anddistributed.Vendorswhomissthistransitionwillsuffertheconsequences.ListofSupportVendorsAlgoSec–AlgoSecprovidesadvancedtoolsforsupportingenterprisefirewallpolicymanagementandoperations.
BarracudaNetworks–Barracudaprovidestoolsforfirewallpolicymanagementandoperationsintheenterprise.BlackridgeTechnology–Thecompany’sfirstpacketauthenticationprovidesadvancednetworkaccesscontrolforenterprise.CalyptixSecurity–TheCalyptixteamofferstheAccessEnforcerfirewallaspartofitsunifiedthreatmanagementsolution.CheckPointSoftware–CheckPointSoftwarewasthefirstmajorfirewallvendorandremainsaforceinthefirewallmarket.Cisco–Ciscocomplementstheirofferingswithafirewallproductforpremiseandnetwork.Clavister–TheClavisterteamprovidessoftwareandappliance-formatfirewallandVPNsolutionsforbusiness.Comodo–Comodoincludesafreefirewallfordownload,whichfocusesonPCsecurityprotections.Deep-Secure–Deep-SecureisaUK-basedcompanyprovidingcybersecuritysolutionsrangingfromDLPtofirewalls.Dell–DellofferstheSonicWallfirewallsolution,whichintegrateshardware,software,andservicesintoacommonplatform.Endian–Endianprovidesaunifiedthreatmanagement(UTM)solutionthatincludesenterprisefirewallcapabilities.F5–F5isasuccessfulnetworksolutionsproviderwithanextensiverangeofsecuritycapabilitiesincludingfirewallsolutions.Forcepoint–In2015,RaytheonacquiredandspunofftheformerWebsense,aspartofForcepoint.Fortinet–Fortinetoffersasecurityfabricofpremiseandnetwork-basedfirewallandrelatedenterprisesecurityproducts.GajShield–GajShieldprovidesnext-generationfirewallcapabilitywithdataleakagepreventionandcloudsecuritysupport.gateprotect–NowapartofRohde&Schwarz,gateprotectoffersarangeofnext-generationfirewallandUTMproducts.HillstoneNetworks–HillstoneNetworksprovidesnextgenerationfirewallcapabilitieswithintegratedbehavioralanalytics.Huawei–HuaweiisaChinesecompanythatprovideshighqualityfirewallappliancesincludinghighperformanceoptions.Juniper–NetworksolutionproviderJuniperofferstraditionalandnext-generationfirewallsolutionsfortheenterprise.Kerio–TheKerioteam,nowapartofGFISoftware,offersapersonalfirewallandfirewallfunctionalityinitsUTMsolution.ManageEngine–TheManageEngineteamoffersasuiteofenterprisenetworksecurityproductsincludingfirewalls.NetAgent–JapanesefirmNetAgentprovidesawiderangeofeffectivefirewallsolutionsforuseinthemodernenterprise.PaloAltoNetworks–PaloAltoNetworksofferssolutionsforapplication-awarefirewallandendpointsecurity.Sangfor–TheSangforteamoffersanextgenerationfirewallsolutionwitheffectivesupportforSSL/VPNapplications.SmoothWall–ThefreefirewallsolutionSmoothWallisavailablefordownloadanduseinprotectinganenterprisenetwork.Sophos–Sophosprovidesarangeofnetworksecuritysolutions,somebasedontheAstaroandCyberoamacquisitions.Tufin–Tufinprovidesasecuritypolicyorchestrationtohelpfirewalladministratorsensureanoptimalfirewallruleset.vArmour–vArmouroffersadistributed,virtualizedfirewallfordatacentersandenterprisewithorchestration.VenusTech–Chinesefirm,VenusTech,offersnetworksecuritysolutionsforenterpriseincludingfirewalls.WatchGuard–WatchGuardprovidesaunifiedthreatmanagement(UTM)platformwithfirewallcapability.Control4:NetworkAccessControlNetworkAccessControl(NAC)consistsofsecuritymechanismsdesignedtoprotectalocalareanetworkfrommalwareorotherinfectionsthatmightresultfromallowingconnectivitybyaninsecuredevice.NACsecuritymechanismsincludethefollowingthreecategoriesofprotectionfunctionality:
• Pre-ConnectivityProtections–Thisinvolvesanypre-testing,analysis,inventory,patching,scanning,orotherchecksthathelpdeterminesecuritysuitabilityofagivendeviceforconnectivitytothelocalareanetwork.
• QuarantineProcessing–Thisinvolvesanyintermediatetesting,analysis,mitigation,patching,orotherquarantine-basedprotectionsthataredesignedtoimprovedeviceintegritybeforeconnectivityisallowed.
• Post-ConnectivityProtections–Thisinvolvesanypost-connectivityupdates,mitigations,scans,patches,orotherenhancementsthataredesignedtoreducemalwareriskafteradevicehasbeenpermittedtoconnecttoalocalareanetwork.
NACdevelopedattheintersectionofflat,perimeterprotectedenterprisenetworkswithunmanaged,non-company-controlleddeviceaccess.Thevalidconcernwasthatbyallowinguntrustworthydevicestoconnecttoalocalareanetwork,theresultmightbeimmediateand
comprehensivelateralpropagationofmalwaretoallotherconnecteddevicesandsystems.Thisapproach,memorializedinstandardssuchasIEEE802.11,hadimmediatechallenges,includingthepracticalproblemofPCscanningtakingmuchlongertocompletethananyuserwouldbereasonablyexpectedtowaitfornetworkentry.Morerecently,withthedissolutionoftheperimeter,andtheadvanceofcloud-basedmobiledeviceusage,theNACchallengehasshiftedtothevirtualhybridcloudinfrastructure.Thatis,thedesireremainsthatdevicescannotintroducemalwaretothevirtualizedorganizationalnetwork.Forthisreason,basicentryandadmissionconditionscontinuetobeanimportantrequirement.GeneralOutlookThegeneraloutlookfornetworkaccesscontrolinvolvestransitionfrommoremanualdetectionandquarantinefunctionstohighlyautomatedcapabilitiesthatperformsimilarfunctionsmorerapidlyandefficiently.TraditionalLAN-basedNACforPCsusinghardware-basedcontrolswillshifttowardvirtualized,hybridcloudaccesswithsupportforPCs,tablets,mobiles,andotherdevices.FirstgenerationNACfrom1998to2007wascharacterizedbysimplePCpolicycontrolstodetectbasicpatchingandvulnerabilityconditionsbeforeentrywouldbepermitted.ManyfailedprojectsensuedbecausetheNACgoalwassoclear,butimplementationwassomuchmorecomplex.SomeorganizationseventriedtoprovideNACusinginventoriesofmediaaccesscontrol(MAC)addresses,butthisapproachnevercaughtonmoregenerally.SecondgenerationNACinvolvedimprovedpolicycontrolswithself-assistedremediationinquarantines.NACsolutionsbegantorecognizetheshifttocloudandincreaseduseofmobiledevicesintheenterprise.ThirdgenerationNAC,startingin2016andevolvingto2025,willexperienceatotaldissolutionfromtheenterprise,andanalmosttotalvirtualizationtocloud.Quarantineswillbenefitfromthevirtualization,andsimplercloudworkloadswillbeeasiertoanalyzefromanintegrityperspective.Theshifttocloudwillbringallhardware-basedNACsolutionsforphysicalLANstoaclose,butwillopenmanynewopportunitiesforvirtualizedNACcontrols,includingdynamicallycreatedquarantinesthatcanlearnthesituationandadjustprocessingtoitsuniquecharacteristics.
Figure4.2018NetworkAccessControlOutlook
TheTAGCyberdegreeofconfidenceinthispredictiveoutlookismoderatelyhigh,withtheonlyhesitationherebeingtheunpredictablenatureofthecloudmarketplace.NAC-likecapabilitiesmightbecomeembeddedintotheidentityandaccessmanagementforcloudservices,whichwouldresultinagreatlyreducedopportunitiesforpurevirtualNACsolutions.NACtechnologyhasbeentoughforanalyststocallinthepast,sothisoneremainsabituncertain.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsareadvisedtofollowtwopathsinthecomingyears:First,theymustnotneglecttheimportanceofNAC-basedpolicyenforcementforunmanageddevicesiftheycontinuetooperateaperimeter-basedlocalareanetwork.Itwouldbeeasytoforgetthatamidstallthetalkaboutcloudservices,day-to-dayenterprisenetworksecuritymustcontinuetooperate.Second,theymustalsobegintoplanfornewimplementationsofNACpolicyinthepresenceofvirtualizationanddistributedXaaSusage.DiscussionswithNACvendorsshouldalwaysincludediscussionofthisrapidlyapproachingreality.AdviceforSecurityTechnologyVendorsNACsecuritytechnologyvendorsshouldrecognizethattheirexistinglocalareanetwork-basedhardwaresolutionswillnotbeviableformorethanafewadditionalyears.Thisisnotbadnews,becausetheintensityofNACpolicywillnotonlyremainintheenterprise,butwithhybridcloud,NACobjectivesmightintensify.Thiswillrequirethatproductsolutionsadjusttothenewarchitecture,perhapswithcloserrelationshipsformedwithmobilesecurity,cloudsecurity,andremoteaccesssolutionproviders.ListofSupportVendorsArubaNetworks–ArubaNetworks,nowpartofHP,providestheClearPassPolicyManagerNACsolutionfortheenterprise.Auconet–SanFrancisco-basedAuconetincludesanetworkaccesscontrolsolutionforenterprisecustomers.Avaya–TelecommunicationsvendorAvayaprovidesarangeofnetworkaccesscontrolsolutionsfortheenterprise.BradfordNetworks–BradfordNetworksprovidesaNACsolutionfortheenterprisecalledNetworkSentry/NAC.Cisco–CiscoembedsNACfunctionalityintoitsLANsolutionsforenterpriseviatheCiscoNACAppliance.Endian–TheItalianfirewallandIPSvendorincludesNACsolutionsaspartofitsenterpriseoffering.ExtremeNetworks–ExtremeNetworksoffersNACaspartofitsnetworkingandsecurityproduct.ForeScout–California-basedForeScoutprovidesaNACsolutioncalledForeScoutCounterACTfortheenterprise.GreatBaySoftware–GreatBaySoftwareprovidesarangeofnetworkaccesscontrolsolutionsforenterprise.Impulse–ImpulseprovidestheSafeConnectnetworkaccesscontrolsolutionfortheenterprise.InfoExpress–InfoExpressprovidesauniquepeer-to-peernetworkaccesscontrolsolutionformobiledevicesandlaptops.Juniper–JuniperembedsNACintoitsEXSeriesEthernetSwitchproduct.Macmon–Thesmallcompany,headquarteredinBerlin,providesfullIEEE802.1xNACsolutions.PacketFence–PacketFenceprovidesanetworkaccesscontrolsolutionforitsenterprisecustomers.Portnox–TheIsraelicompanyprovidesitsPortnoxNACnetworkaccesscontrolsolutionfortheenterprise.PulseSecure–PulseSecureisaspin-ffofJuniperandprovidesamobilityandBYOD-supportingNACsolutionforenterprise.SnoopWall–SnoopWallacquiredtheNetBeatnetworkaccesscontrolsolutionfortheenterprisefromHexisin2014.StillSecure–StillSecureprovidestheSafeAccessnetworkaccesscontrolsolutionfortheenterprise.TrustWave–SecurityserviceproviderTrustWaveprovidesamanagednetworkaccesscontrolsolutionfortheenterprise.UnitedSecurityProviders–TheSwisscompanyoffersavarietyofnetworkaccesscontrolsolutions.ViaScope–LocatedinSouthKorea,ViaScopeoffersintegratedIPaddressmanagement,DHCP,andNACsolutions.Control5:UnifiedThreatManagement
UnifiedThreatManagement(UTM)integratescommonsecuritygatewaysfunctionssuchasfirewall,intrusiondetectionandprevention,dataleakageprevention,andantivirusfilteringintoacommonapplianceproduct.Smallandmid-sizedbusiness(SMB)organizationshavetendedtoprefertheuseofUTMsolutionsbecauseoftheirmanagementconvenienceandrelativelylowcost.SomeUTMsolutionsoffermorefine-graineduser-levelidentity-basedprotectionthanthelesseffectivesourceIPaddress-basedgranularityofatraditionalfive-tuplefirewall.AnadditionaladvantageofUTMsolutionsisthattheysupportawiderangeofcomprehensivevisibility,auditing,reportingrequirements,asregulatorycreepcontinuestodriveadditionalsecuritycomplianceobligationsdownintoSMBorganizations.GeneralOutlookThegeneraloutlookforunifiedthreatmanagementinvolvestransitionfromunevendeploymentandcoverageacrossSMBorganizationstomuchmorecomprehensivedeploymentandcoverage,althoughinamorevirtualizedmanner.Acorrespondingtrend,however,isthattheseSMBbuyerswillbemovingtheircentralizedenterpriseLANstomoredistributedhybridcloudset-ups,whichwillrequireconsiderableadjustmenttothepackaging,installation,design,andoperationofUTMsolutions.FirstgenerationUTMsfrom1998to2007involvedbasichardware-oriented,integratedgatewayfunctionalitythatsavedrackspaceandpower.SecondgenerationUTMsolutionsfrom2007to2016continuedtoaddintegratedoptionstothehardwareappliance,andcontinuedtobeanexcellentmaintenanceandlowcostoptionsformanygroups.ThirdgenerationUTM,from2016to2015,willexperiencedramaticchanges–perhapsasmuchasanycybersecuritysolutiononthemarketplace.SMBorganizationsareembracingcloudfasterthananyotherbuyingsegment–hence,theywillhavelessneedforUTMgatewayhardware,butmuchmoreneedforintegratedsecurityfunctionalitytosupportperimeter-less,software-basedhybridcloudarchitectures.
Figure5.2018UnifiedThreatManagementOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,sinceevidenceofSMBadoptionincloudisclearandsignificant.Sincesomanydifferentsecuritysolutionproviders
havetheireyeonthisspace,however,itisnotclearthatallUTMsolutionproviderswillproactivelyadjusttheirstrategytodealwiththenewSMBarrangement.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteams,especiallyinSMBmarkets,whoenjoytheirexistingUTMshouldworkwiththeirvendortoidentifyacloudstrategy.VirtualizinganexistingUTMisharderthanitsounds,simplybecauseUTMhardwareplatformsweredesignedtobringmanyfunctionstogetherintoasingle,physicalpoint.Distributedcloudvirtualization,incontrast,isdesignedtodojusttheopposite.UTMusersandbuyersshouldthusconsideroptionsinadjacentmarketssuchascloudaccesssecuritybroker(CASB).AdviceforSecurityTechnologyVendorsUnifiedthreatmanagementsecuritytechnologyvendorsshouldrecognizethattheSMBmarkethasalreadyshifteddramaticallytocloud.AnyUTMvendorthathasnotalreadyproactivelyadjusteditsstrategytodealwiththisshiftisprobablytoolatetomakesufficientchangesnow.Certainly,aphysicalappliance-basedenterprisegatewaymarketwillremainforsomeusers,andUTMvendorsmighthavetheoptionofchargingpremiums,asisoftenseenforstubbornusersoflegacytechnology.Buttherealgrowthwillcomeincloud–andthatisnotupformuchreasonabledebate.ListofSupportVendorsBarracudaNetworks–BarracudaNetworksprovidesitsX-seriesUTMsolutionaspartofitsfirewallproductportfolio.CalyptixSecurity–CalyptixSecurityoffersaunifiedthreatmanagementsolutionfocusedonsmallandmediumsizedbusiness.CheckPointSoftware–CheckPointincludesamatureandadvancedUTMproductoffering.Cisco–Ciscooffersall-in-oneUTMsecuritysolutionforSMBdesiringsimplemanagementwithaccuratethreatintelligence.Dell–DellincludesaunifiedthreatmanagementofferingforitscustomersundertheirSonicWallbrand.Endian–Endianoffersanopensource,unifiedthreatmanagementsolutionwithfirewallandIoTsecurity.Fortinet–FortinetincludesanextensiverangeoffirewallandgatewaysecuritysolutionsintheirUTMoffering.gateprotect–gateprotectisaGermancompanythatoffersunifiedthreatmanagementandnext-generationfirewallsolutions.GuardSite–GuardSiteprovidesUTM,SSL-VPN,andfirewallsolutionsundertheWatchGuardbrand.Juniper–Juniper’sSRXseriesisamongthehighestratedUTMsolutionsforcapacityandthroughput.Kerio–Thecompany,partoftheGFISoftwarefamily,offersitsKerioControlNGSeriesUTMsolutionforenterprise.NetPilot–NetPilotisaUK-basedcompanyofferingaUTMsolutionwithcontentfilteringandsecurecloudconnectivity.MyDigitalShield–MDSisasecurity-as-a-serviceproviderwithaunifiedthreatmanagementoffering.SecPoint–LocatedinDenmark,SecPointoffersacloudprotectorUTMsolutionforenterprise.Sophos–SophosmarketsaUTMsolutionforsmallandmediumsizedbusinessbasedonCyberoamacquisition.TopsecScience–TopsecScienceisaChinesecompanyofferingarangeofinformationsecuritysolutionsincludingUTM.TrustWave–TrustWaveincludesunifiedthreatmanagementinitscomprehensivesolutionofferings.VenusTech–Beijing-basedcompany,VenusTech,offersnetworksecuritysolutionsincludingUTM.WatchGuard–WatchGuardprovidesaUTMapplianceincludinganti-Spam,malwaredetection,andintrusionprevention.Control6:WebApplicationFirewallWebapplicationfirewall(WAF)solutionsprotectHTTPapplicationsfromcyberattacksincludingwell-knownmethodssuchasSQLinjectionandcross-sitescripting,aswellasnewzero-dayexploitsthatmightgeneratemoresubtleindicators.WAFtoolstypicallyprotectserversinafamiliarreverse-proxyarrangement.Asthesecurityindustryhasprogressedinrecentyears,WAFsoperateadjacenttosimilarfunctionsincludingintrusiondetectionandpreventiontools
andwebsecuritytools.WAFs,todate,havebeenprimarilypackagedashardwareappliancesorserverplugins,butthegoaltovirtualizeintocloudoperatingsystemsisincreasing.WAFsrequireanunderstandingoftheapplicationsbeingprotected,andthiscanresultintailoringforthespecificapplicationprotocolbeingused.GeneralOutlookThegeneraloutlookforwebapplicationfirewallsinvolvestransitionfromhardwareappliancestovirtualizedcloudcapabilities.SinceWAFsoperateattheapplicationlayer,theyaremoreintimatelyconnectedtotheassociatedsoftwaredevelopmentlifecycle.Correspondingly,WAFshavehadtoadjustfrommoretraditionalsoftwarelifecycleswithlessfrequentchangestomoremodernDev/Opslifecycleswhichinvolvefrequentapplicationchanges,sometimesonadailyorevenhourlybasis.FirstgenerationWAFsfrom1998to2007involvedhardwareappliancesthatweredesignedtohandlecommonattacksbasedonasmallsetofsignatures.SecondgenerationWAFsfrom2007to2016werecharacterizedbyanimprovedsetofattacksignatures,includingsomezero-dayexploitdetection.Duringthisperiod,WAFsexperiencedthefirsthybridcloudapplicationsrequiringprotection,whichchangedhowtheWAFreverseproxieshadtobedeployed.Third-generationWAFsfrom2016to2025shouldexpecttoseeamuchlargersetofsignaturesandbehavioralprocessingsolutions.ThetransitiontohybridcloudwillrequireWAFstovirtualizeintocloudorSDNinfrastructure.ThecompleteadoptionofDev/OpswillresultinWAFdevelopersandmaintainerstohavetodealwithhighratesofapplicationchanges.
Figure6.2018WebApplicationFirewallOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookismoderatelyhigh,basedonaclearmomentumview,butslightlycouchedbythelesspredictablenatureofsoftwareapplicationevolution.TheadjacencyofsomanycomparablesecuritysolutionswillalsoputpressureonWAFstodifferentiatetheirvalue,versussimilarfunctionsinrelatedproducts.AdviceforEnterpriseSecurityTeams
EnterprisesecurityteamsareadvisedtoworkwiththeirexistingorplannedWAFvendortodiscusshowapplication-specificprotectionsmightevolvewithinevitablechangesinhowapplicationswillbedeliveredtotheenterpriseinthenextfewyears.Supportfordatacentervirtualization,cloudhosting,andmobiledeviceaccessmustbecentraltotheplanningdiscussion.AchallengeforsecurityteamsisthatHTTPprotectioncapabilitywillbeavailableinsomanymoreproductsthanpreviously.CASB,micro-segmentedsecurity,distributedfirewalls,andothertoolswillincludewebsecurityprotocolsolutions.AdviceforSecurityTechnologyVendorsWAFsecuritytechnologyvendorsshouldrecognizethatthetraditionalarrangementofplacingaWAFapplianceinthereverse-proxystreamforenterpriseapplicationswillgivewaytocloud-hostedapplicationsaccessedviabring-your-own-device(BYOD)mobiles.Perhapsmoreimportantly,however,WAFsolutionswillrequiresupportforrapidDev/Opschangestoapplicationsatafrequencypreviouslyconsideredimpossible.ThiswillrequirethatvendorsintegratetheirtoolwithDev/Opslifecyclemanagementcapabilitiessuchasconfigurationandversioncontroltools.ListofSupportVendorsAdNovum–Switzerland-basedAdNovumprovidesnevisProxyreverseproxyandWAFsolutions.Akamai–AkamaioffersitscustomerstheKonawebapplicationfirewall,whichprovidesalwayson,scalableprotection.AlertLogic–AlertLogicofferscustomersamanagedSecurity-as-a-Servicewebapplicationfirewall.Applicure–ApplicureofferscustomersthedotDefenderenterprise-classwebapplicationfirewallsolution.A10Networks–SanJose-basedA10NetworksprovidesitsThunderTPDwebapplicationsecurityproductline.BAESystems–ThroughtheiracquisitionofSilverSky,BAEprovidesaWAFsolutionaspartofitscloudsecurityservices.BarracudaNetworks–BarracudaNetworksoffersWAFproductsolutionsforsmall,medium,andlarge-scaleapplications.BeeWare–BeeWaremakeswebapplicationsecuritysolutionsforcustomersonAmazonWebServices.BinarySEC–BinarySECofferstheEasyWAFwebapplicationfirewallsolutionforprotection,acceleration,andstatistics.Brocade–ThetechnologycompanyfromSanJoseoffersBrocadeVirtualwebapplicationfirewallsolution.Citrix–Thewell-knowncloudvirtualizationcompanyoffersitsCitrixNetScalerAppFirewallsolutionforcustomers.CloudFlare–CloudFlare’swWAFincludesfeaturessuchasastrongdefaultrulesetandcustomizedLayer7defense.ControlScan–ControlScanincludesaWAFsolutionaspartofitsMSSandDDOSsecurityservicesforSMBs.DBAPPSecurity–WebapplicationsecurityfirmDBAPPSecurityofferscustomerstheDAS-WAFsolution.Dell–DellprovidesitsextensivecustomerbaseanadvancedwebapplicationfirewallcalledSonicWall.DenyAll–DenyAllisaFrenchsecurityvendorofferingaWAFapplianceaspartofitsnext-generationwebsecuritysolutions.Ergon–Swisscompany,Ergon,providescustomerswithanenterprisewebsecuritysolutioncalledAirlockWAF.F5–F5providesitsBIG-IPfamilyofsolutionsincludingaWAFdesignedforwhiteandblacklisting.5nineSoftware–Thesmallcompanyoffersthe5nineWAFwithMicrosoftserverintegrationandsupportforHyper-V.Fortinet–Aspartofitsproductline,FortinetoffersenterprisecustomerstheFortiWebWAFsolution.ForumSystems–ForumSystemsprovidesanAPIgatewayacrosswebapplications,services,andinfrastructure.Imperva–ImpervaofferscustomersarangeofadvancedwebapplicationfirewallsolutionsincludingSecureSphere.KEMPTechnologies–KEMPintegrateswebapplicationfirewallfunctionswithloadbalancingoffers.NinjaFirewall–EmbeddedinWordPressandapplicabletoPHP,theNinjaFirewallisessentiallyawebapplicationfirewall.NSFOCUS–NSFOCUSoffersaWAFwithcoordinatedblacklistandwhitelistcapabilitiesaspartofitsDDOSsecurityoffering.PentaSecurity–Koreanfirm,PentaSecurity,offersawebapplicationfirewallproductcalledWAPPLES.Port80Software–Port80SoftwareincludestheServerDefenderVPhost-basedwebapplicationsecuritysolution.PositiveTechnologies–PositiveTechnologiesfocusesonretailPOSandincludessecurityandWAFcapabilitiesforitscustomers.PrivacyWare–PrivacyWareofferswebapplicationfirewallandintrusionpreventionsoftwareforMicrosoftIIS.QratorLabs–QratorLabsisaRussianfirmthatprovidestheWallarmWAFsolutionsovertheQrator.Qualys–Thewell-knowncybersecuritycompanyQualysincludesanext-generationcloud-basedWAFsolution.Radware–Techfirm,Radware,offersenterprisecustomerstheAppWallwebapplicationfirewall.Riverbed–RiverbedprovidestoolsforwebcachingandoptimizationoftrafficwithWAFcapabilityembedded.ShakaTechnologies–ShakaTechnologiesincludestheIshlanguwebapplicationfirewallproduct.SiteLock–Arizona-basedSiteLockoffersenterpriseitscustomerstheTrueShieldwebapplicationfirewall.
Sophos–SophosincludesenterpriseWAFsolutionsaspartoftheCyberoamandAstaroacquisitions.Sucuri–ThesmallcompanylocatedinDelawareprovidesitsCloudProxywebapplicationfirewallsolution.Sungard–Sungardincludesmanagedwebapplicationfirewallsolutionsaspartofitsavailabilityservicesforbusiness.Symantec–Symantecincludeswebapplicationfirewallcapabilityasanintegratedcomponentofitssuiteofofferings.TrustWave–TrustWaveprovidesawebapplicationfirewallapplianceforrealtimecontinuoussecurityprotection.UnitedSecurityProviders–UnitedSecurityProvidersincludestheUSPSecureEntryServerforwebsecurity.Wallarm–LocatedinRussia,Wallarmoffersawebapplicationsolutionfordefendingwebfront-endsandAPIs.Zscaler–Thewebsecurityfirmincludescloud-basednext-generationfirewallcapabilityincludingWAF.Zenedge–ZenedgemarketsaWAFcapabilityembeddedintheZenEdgeDDOSprotectionsolution.
Control7:WebFraudPreventionWebFraudPreventioninvolvessecuritytechniquesthatreducetheriskofonlineaccountexploitationoncetheusercredentialsforanaccounthavebeenstolen.Insuchcases,authenticationisnolongerrelevant,soadvancedbehavioralmethodsmustbeusedtodetermineifamaliciousfraudsterhascontrolofanaccountandisattemptingtocommittheft.Somewebfraudpreventionmethodstrytoproactivelyavoidmaliciousactivity,whereasotherstrytominimizelossesafterthefraudhasalreadycommenced.Mostproductsinthisarearelyonheuristicsashints,suchasunusualwebpagetraversal,thatfraudisunderway.Thisisapowerfultechnique,becauseitcombinesobservationaltechniqueswithexperience-basedheuristicsforhowwebsitesareusuallyattackedbyfraudsters.GeneralOutlookThegeneraloutlookforwebfraudpreventioninvolvestransitionfromreactivesignaturesforsimpleeCommercetomorepreventivesolutionsbasedondiverse,behavioralattributes.Webfraudpreventionplatformsarealsomovingfromcentralizedgatewaydeploymentstodistributedset-upsacrosshybridcloudarchitecture.Firstgenerationwebfraudpreventionsolutionsfrom1998to2007involvedfocusonsimpleaccounttakeoverforeCommercewebsites.Secondgenerationwebfraudpreventionfrom2007to2016involvedmoreend-to-endfocus,includingearlybehavioralanalysis,forawiderrangeofsitesincludingbanking.Thirdgenerationwebfraudpreventionfrom2016to2025shouldexpectmoresupportforvirtualizedaccountusage,withadvancedanalyticsandmoreproactivefocusonpreventingtakeoverfraudbeforeitcommences.
Figure7.2018WebFraudPreventionOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,giventheclearmomentumviewsofhowfraudhasprogressedforonlinewebsites.Thewildcardisthatfraudstershavealwaysbeenamongstthemostcleveranddifficulttopredictgroupofmaliciousactors,sothirdgenerationpredictionsmusttakethisintoaccount.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsareadvisedtoensurethatanyonlinesystemsthatmightbetargetedforaccounttakeoverhavesufficientwebfraudpreventioncoverage.ThisisanareathathasbeencommonlyneglectedbyenterprisesecurityteamswhohaveoftenbeenpoorlyintegratedwithcompanyeCommerceandrelateddigitalobjectives.ThisfunctionalityshouldbearequirementforXaaSapplicationsthatmightbesusceptibletofraud,socontractsforcloudapplicationhostingprovidersshouldbedesignedaccordingly.AdviceforSecurityTechnologyVendorsWebfraudpreventionsecuritytechnologyvendorsshouldrecognizethatenterprisesecurityteamshavenottypicallyconsideredthisfunctionalityasaprimarycomponentintheirsolutionspace.Thiscomplicatesthesalesprocesssinceyear-over-yearplanningbudgetmaynotbeavailableforwebfraudprevention.Vendorswouldbewisetotargettheapplicationvirtualizationprocesstocloudasavehiclefordefiningsecurityteambuyinghabitsinthisarea.ListofSupportVendorsAccertify–Accertifyisaprovideroffraudprevention,chargebackmanagement,andpaymentgatewayproductsandservices.Agari–Agari’sDMARCprotectionsareanimportantcomponentofreducingfraudacrossemailanddomainusage.Agilence–NewJersey-basedAgilenceprovidesexception-basedreportingforretailpaymentfraudprevention.Caveon–Caveonoffersdigitalforensicsandsecurityauditservicestopreventtestfraudinschools.CyberSource–CyberSourceoffersonlinepaymentfraudmanagementacrossmultiplechannelsanddevices.Cyxtera–ThroughitslegacyEasySolutions,Cyxteraoffersanend-to-endtotalsolutionfordealingwithwebfraud.Feedzai–ThemachinelearningplatformfromFeedzaifocusesonfraudandriskfromacloud-hostedoron-sitedeployment.F5–TheF5WebFraudProtectionsolutiondetectspotentialfraudulentactivityandsecurestransactions.Forter–NewYork-basedForterprovidesso-calledfrictionlessfraudpreventionforonlineretailsystems.41stParameter–Thecompany,nowpartofExperian,offersglobalfraudmanagementsolutionsforfinancialinstitutionsFirstCyberSecurity–Thecompanyoffersindependentverificationofwebsiteauthenticitytoreducefraudrisk.
FraudCracker–FraudCrackerprovidesaplatformforreducingfraudriskthroughanonymousemployeereporting.GuardianAnalytics–GuardianAnalyticsprovidesbehavior-basedfrauddetectionsoftwareandservices.IBM–IBMofferstheIBMSecurityTrusteerfraudpreventionsolutionforadvancedmalwareandon-linefrauddetection.iovation–Thecompanyoffersdevice-basedsolutionsforauthenticationandfraudprevention.Imperva–ThecompanyoffersthreatintelligenceandfraudpreventionaspartofitsWebapplicationsecuritysolution.Intellinx–Intellinxsupportsenterprisefraudmanagementthroughdatacollectionandanalysis.Kaspersky–KasperskyFraudPreventionforEndpoint(KES)isdesignedtopreventsecurityincidentsandfraudulentactivity.Kount–KountisanIdaho-basedfirmthatprovidesanti-fraudsolutionsfore-commercemerchants.MaxMind–MaxMindoffersIPintelligenceandonlinefraudpreventiontoolsthatleverageGeolocation.MicroFocus–MicroFocusoffersarangeofenterprisesecurityproductsincludingfraudandmisusemanagement.NetworkKinetix–NetworkKinetixoffersbusinessassuranceandanti-fraudsolutionsforcarrierstoimproverevenueassurance.NoFraud–NoFraudprovidese-commerceriskmanagementthroughtransactionanalysistodeterminepassandfaildecisions.NuData–CanadianfirmNuDataoffersabehavioralanalyticsplatformforreducingtheriskofon-linefraud.PindropSecurity–PindropSecurityprovidessolutionsfordetectingadpreventingphonescamsandfraudincallcenters.RSA–Thewellknowsecurityfirmofferswebfraudpreventionthroughanappliancesolution.Signifyd–Thecompanyfocusesone-commercefraudpreventionandchargeback.ThreatMetrix–ThreatMetrixreferstoitselfasaDigitalIdentityCompany,whichemphasizestheimportantroleofidentity.Trustev–Thecompany,partofTransUnion,offerson-linefraudpreventionbasedoncontextualpatternmatching.VUSecurity–VUSecurityfocusesonintelligenttransactionanalysisforbehavior-basedfrauddetection.Webroot–InternetsecurityfirmWebrootprovidesadvancedonlinefraudpreventionforPCsandmobiledevices.Whiteops–Whiteopsprovidesasolutionforpreventingbotnetfraudinon-lineadvertising.
Control8:WebSecurityGatewayWebSecurityGatewaysolutionsprotectanenterprisefrommalwarethatmightoriginateonaninfectedorcompromisedwebsite.Thisistypicallyaccomplishedusingforwardproxiesthatprotectendpoints,reverseproxiesthatprotectservers,andthreatfeedsthatprovideup-to-datelistsofURLsforfiltering.Increasingly,websecuritygatewaysfocusonapplication-specificcontrolstoreducesecuritythreats.Websecuritygatewaysarealsoinvolvedintheenforcementofacceptable-usepoliciesforenterpriseemployeebrowsing.Performanceissueshavetraditionallybeenaconcernwhenwebsecuritygatewaysaredeployed,whichhelpsexplainwhymanyofthemoresuccessfulvendorstracetheirinvolvementinthisareatowebaccelerationsolutions.Itisworthmentioningthatwebsecuritygatewaysrepresentoneofthefirstprotectionsolutionswherealivethreatfeedisusedbyenterpriseteamstoacceptsandallowremotereconfigurationofadevice.WhilethisisgenerallylowriskforURLfeeds,thisisneverthelessaprofoundshiftfromlocalizedcontrolofallreconfigurationstowardacceptanceofliveupdatesfromtrustedpartners.GeneralOutlookThegeneraloutlookforwebsecuritygatewaysinvolvestransitionfrommoresignature-basedURLlistsasthebasisforproxyfunctionalitytoanincreasingrelianceonbehavioralprofilestodetectpotentialmalwaredownloadsfrominfectedsites.Websecuritygatewaysaremovingfromcentralizedhardwareappliancedeploymentstomoredistributed,hybridcloudproxysoftware.Firstgenerationwebsecuritygatewaysfrom1998to2007involvedsimpleURLproxiesimplementedashardwarewithfeedupdatesfromthevendor.Secondgenerationwebsecuritygatewaysfrom2007to2016includeimprovedcloud-basedthreatintelligencefromvendorswithearlyattentiontoexpandedanti-malwarecapabilityusingadvancedalgorithms.Thirdgenerationwebsecuritygatewaysfrom2016to2025willbefullyvirtualizedwith
advancedanalyticsandsupportfordistributedgatewaysacrosscloudinfrastructure.Oneshouldexpecttheirassociatedthreatfeedstoimproveinthecominggenerationaswell.
Figure8.2018WebSecurityGatewayOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,giventhefactthatvirtualizationhasalreadybeenamajorfactorinwebsecuritygatewaydesign.Collisionwithothersecuritysolutionsincloudwillproducechallengesforvendorsinthisarea.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsareadvisedtoworkwiththeirexistingproxyvendoronaplantocovertheinevitableprogressiontohybridandfullcloudarchitectures.ThechallengewillbedetermininghowtodealwiththecollisionthatoccurswithrelatedcloudsecurityfunctionssuchasCASBwhichareofferedseparatelyorasanintegratedprotectionfromthecloudapplicationvendor.TraditionalwebsecuritygatewaysolutionprovidershavetheadvantageofthebestavailableURLfeedswithmatureinfrastructurefordeliveryandupdate.Enterpriseteamsshouldnotdelayanalysishere,ascloudprotectionswillfundamentallyshifttherequiredproxyarrangementfromgatewayappliancestosoftwarerunningoncloudoperatingsystems.AdviceforSecurityTechnologyVendorsWebsecuritygatewaytechnologyvendorsshouldrecognizethatanyhardwareaccelerationorapplianceperformanceadvantageswilldissolvequicklywiththedissolutionoftheperimeter.Themostsuccessfulwebsecuritygatewayvendorswillfullyembracedistributedvirtualization,evenusingthatarrangementtoimprovethevantagepointfordetectingwebinfectionsandmalware.ThemostsuccessfulwebsecuritygatewayproviderswillalsocontinuetoimprovetheirURLlistsintocomprehensive,world-classthreatfeedsforenterprisecustomers.Forsomebuyers,thethreatfeedsmightbeasvaluableastheplatform.ListofSupportVendorsAcunetix–VulnerabilitymanagementcompanyAcunetixincludesadvancedsolutionsforwebsitesecurity.BanffCyber–Singapore-basedBanffCyberfocusesonpreventionofwebdefacementintheirproducts.BarracudaNetworks–ThecompanyofferstheBarracudaWebFilter,whichisacomprehensivewebsecuritygateway.BeyondTrust–BeyondTrustincludestheRetinaWebSecurityScannerforprotectionofwebapplications.
BinarySEC–TheFrenchcompanyprovidesamanagedsecuritysolutionforreducingtheriskofwebsiteattacks.Bloxx–TheBloxxSecureWebGateway,nowpartofAkamai,focusesonso-calledzero-secondprotectionforusers.CATechnologies–CAofferstheWebServicesSecurityplatform(formerlyCASiteMinderWebServicesSecurity).Celestix–TheCelestixEdgeplatformincludesarangeofadvancedwebapplicationproxycapabilities.CheckPointSoftware–Thecompanyincludeswebsecurityinitsportfolioofcybersecurityproductsandservices.Cisco–Cisco’sWebSecurityAppliance,CloudWebSecurity,andCloudAccessSecuritysupportwebsecurityprotection.Clearswift–NowpartofRUAG,theUK-basedClearswiftSECUREWebGatewayfocusesonInternetcommunications.CloudFlare–CloudFlare,basedinSanFrancisco,providesacceleration,domain,andsecurityservicesforwebsites.ContentKeeper–ContentKeeper,headquarteredinAustralia,provideswebthreatprotectionandwebfiltering.CronLab–UnitedKingdom-basedCronLabprovidesanIntegratedWebFiltersolutionforbusinesscustomers.DeepNines–TheDallas-basedcompanyprovidesaunifiedsecuritygatewaysolutionforenterprise.Distil–LocatedinArlington,thecompanyprotectswebsitesfrombotnetattacksanddatamining.EdgeWave–EdgeWaveprovidescloud-basedremotewebfilteringservicesviaanappliancesolution.FireEye–FireEyeoffersanindustry-leadingwebandnetworksecuritysolutionfordetectingandpreventingAPTattacks.Fireglass–NowpartofSymantec,thecompanyoffersbrowserisolationtechnologytostopadvancedmalware.FirstCyberSecurity–TheUKfirmincludeswebsecurityinitsportfolioofanti-fraudandcybersecuritysolutions.Forcepoint–Forcepointoffersanintegratedportfolioofwebsecuritysolutions.Fortinet–Fortinetincludeswebsecuritygatewayfunctionalityinitsextensivesecurityproductline.GFISoftware–LocatedinLuxembourg,GFI’sWebMonitorproducthelpscontrolwebactivityandavoidweb-basedthreats.iboss–TheibossCloudSecureWebGatewayPlatformoffersarangeofwebsecuritycapabilities.Imperium–NowpartofGoogle,thegroupprovidesautomatedtoolsforremovingmalwarefromwebsites.Imperva–ImpervaincludesarangeofwebsecurityprotectionsinitsWAFandDDOSofferingsforenterprisecustomers.Ingenico–IngenicooffersanXML-basedcryptographichardwaresecuritymoduleforWebapplications.Litous–LocatedinIceland,LitousprovidesarangeofwebsecurityproductsincludingtheMalwareSpider.McAfee–Industry-leadingMcAfeeofferscustomerstheMcAfeeWebGatewaysolutionforanalyzingwebtraffic.MenloSecurity–Thestart-upledbyAmirBen-Efraimincludeswebsecurityinitsuniqueisolationtechnology.Netsparker–Netsparker,locatedintheUK,offersaWebapplicationandvulnerabilityscanningsolution.Optenet–Optenet,nowpartofAllotCommunications,providescustomerswithitsmulti-tenantSecureWebGatewayproduct.PandaSecurity–HeadquarteredinSpain,PandaSecurityofferstheGateDefendersolutionforwebbrowsingsecurity.PentaSecurity–LocatedinSeoul,Pentaoffersitscustomerswebsecuritycapabilitiesinitsofferings.Port80Software–TheSanDiego-basedcompanyprovideswebsecurityinitsrangeofWAFandapplicationsecuritysolutions.PortSwigger–PortSwiggermarketsarangeoftestingtoolsandsolutionsforwebapplicationsecurity.Sangfor–SangforprovidesitsadvancedInternetAccessManagementgatewayforsecuringwebtraffic.ShakaTechnologies–TheUKfirmincludeswebsecurityinitsloadbalancing,acceleration,andrelatedfunctions.ShapeSecurity–ShapeSecurityprovidesprotectionofwebcontentfromautomatedattackssuchasbotnets.SiteLock–LocatedinFlorida,SiteLockprovidesWAFandwebsecuritycapabilitiesforcustomers.Smoothwall–OriginatingintheUK,Smoothwallprovidescontent-awarewebsecurityfilteringandgatewayfunctions.Sophos–TheSophosCloudWebGatewayofferssecurewebgatewayfunctionalityforenterprise.SpikesSecurity–LosGatos-basedSpikesSecurity,nowpartofAurionproincludeswebsecurityinitsisolationtechnology.Sucuri–SucurioffersarangeofwebsecuritycapabilitiestocomplementitsWAFandDDOSprotections.Symantec–TheSymantecWebGatewayofferscontentfilteringandrelateddatalossprotections.TinfoilSecurity–TinfoilSecurityprovidesbothwebsecurityandvulnerabilitymanagementsolutions.TotalDefense–ThecompanymergedwithUntangletoprovidesecurityforInternetbrowsingandapplicationprotection.TrendMicro–TheTrendMicroInterScanWebSecurityVirtualApplianceprovideswebsecurityfunctionality.TrustedKnight–TrustedKnight,throughitsacquisitionofSentrix,offerswebsecuritythroughitsInfinitesolution.TrustWave–TrustWaveincludeswebsecuritygatewayfunctionalitytracingbacktoitsM86Securityacquisitionin2012.Webroot–TheCalifornia-basedcompanyincludeswebsecurityinitsportfolioofendpointandInternetsecuritysolutions.WebTitan–ThecompanyofferstheWebTitanGateway,whichincludescontentfilteringandrelatedsecuritycontrols.WhiteHatSecurity–TheSantaClara-basedfirmprovidesWhiteHatSentinelforcontinuoussecurityassessmentofwebsites.Zscaler–Well-knownsecurityfirmZscalerofferscloud-basedwebsecuritygatewaysacrossitsglobalinfrastructure.
Control9:CA/PKISolutionsCertificationAuthority/PublicKeyInfrastructure(CA/PKI)Solutionsconsistofinfrastructure-levelcontrolsbasedonpublickeycryptographythatsupportstrongauthentication,encryption,
andintegrityrequirementsusingdatastructuresknownaspublickeycertificates.Publickeytechnologyhasbeeninexistenceformanydecades,andhasneverrealizeditsoriginalpromiseasadirectrevenueproducer.Instead,publickeytechnologyhasassumedabackgroundrolehelpingtosecurevariouselementsofpersonal,enterprise,website,network,andInternetinfrastructure.Thecoveragehasbeenspottytodate,with,forexample,strongsupportforwebsitesecurityviathesecuresocketslayer(SSL)protocol,butweaksupportacrossorganizationaldomainsforemail.Themostsubstantivecategories(notacompletelist)ofpresentandfutureCA/PKIbusinesssolutionsareasfollows:
• CA/PKISupportforWebsites–RunninghttpsonyourwebsiterequiresthatyouobtainanduseacertificatefromaCA,andthisisoftenyourwebhostingprovider,especiallyifyourunasmall,modestsiterequiringlowassurance.
• CA/PKISupportforNetworks–Operatingmostnetworkequipmentsuchasroutersattheinfrastructurelevelrequirestheuseofcertificatesforsecureusage,andtheattendanttaskssuchaskeymanagementareoftendonedirectlyusingtoolsfromtheequipmentvendor.
• CA/PKISupportforAuthentication–Certificatescanbeissuedandusedtoidentifydevices,suchasmobiles,oftenasasecondorthirdfactor,withhandlingsupportedbyITsystemssuchasmobiledevicemanagement(MDM).
• ProtectionofKeysandCertificates–SomeselectcybersecuritycompaniesoffercustomersadvancedprotectionsolutionsformanagingandsecuringthekeysandcertificatesthatunderlieCA/PKIofferings.
• FutureCA/PKISupportforIoT–AscomputingmovestomoreautomatedinteractionsintheIoT,industrialcontrol,machine-to-machine(M2M),andoperationstechnology(OT)realms,CA/PKIsolutionsshouldplayavital,growingrole.
AsfutureapplicationsmovetoIoT,M2M,andOT/ITorientation,thesecuritysupportofCA/PKIsolutionswillbeagoodmatch.Thismayrepresentthedirectrevenueopportunitythatcompaniesinthisareahavebeensearchingforduringthepastdecades–butthejuryisstillout.GeneralOutlookThegeneraloutlookforCA/PKIsolutionsinvolvestransitionfromadhocoperationsandassurance(rangingfromlowtohigh)tomuchmoresystematicandimprovedoperationsandassurance,wheremoreuserspayattentiontotheassurancemodeldrivingCAoperations.ThiswillbetruebecausemoreengineerswilldriveCAdecisionsforIoTandM2MversusbrowseruserscheckingassurancelevelsbeforevisitinganeCommercesite.First-generationCA/PKIfrom1998to2007involvedthesimplestsupportforSSLrunningonbrowsersandwebsiteswithpoorattentiontoassurancemodelsforbindingpublickeystocertificates.SecondgenerationCA/PKIfrom2007to2016includedmoreapplicationsforCA/PKIincludinguseinmobileauthenticationwithMDM.AnexplosionofCAsemergedduringthisperiodwithusersoftenconfusedaboutwhichonesareacceptable(mostsmallersiteownersoptedtojustworkwiththeirserviceprovider).Third-generationCA/PKIsolutionsfrom2016to2025shouldexpecttoseedramaticexpansiontomobileandIoT,withmoreemphasisonassuranceandprotection
ofkeysandcertificates.Duringthisgeneration,thegradualincreaseinapplicationoptionsforCA/PKIwillbecomeclearer,asCA/PKIsupportsatrulyvariedmixofuserandinfrastructureapplicationsacrosstheInternet,criticalinfrastructure,enterprise,andpersonal/homeuseenvironment.
Figure9.2018CA/PKISolutionsOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookismoderate,onlybecausepredictingCA/PKItechnologyandusagetrendshasbeensohazardous(andmostlywrong)inthepast.Ourpredictionsarethusofferedwiththefullrecognitionthatvirtuallynopundit,observer,oranalysthasbeenreliablycorrectaboutPKIfordecades.Wehopetobethefirsthere.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsareadvisedtoreassesstheirrelationshipwithcertificationauthoritiesandPKIsolutionsproviderstodeterminereadinessfortheshifttocloudservices,virtualization,andSDNinfrastructure.TeamareadvisedtoconsolidatetheirCA/PKIrelationshipstoahigh-qualityvendorwithsupportforhighassurancepublickeybindingprocedures.Manycompaniesmightbeastoundedtofindthattheyarebuyingcertificatesfrommultiple(perhapsevendozens)ofdifferentCAs.ThisisabadapproachgiventhefundamentalroleCA/PKIwillplayinIoTandotherM2Mapplications.Nowisthetimetoselectgoodpartners–andtonotforgetthatprotectionofkeysandcertificatesinanimportantandhighlyneglectedfunction.AdviceforSecurityTechnologyVendorsWebsecuritygatewaytechnologyvendorsshouldrecognizethatsloppyoperationalproceduresandquestionableassurancepracticeswillnotbeacceptableasfewerbuyers(serviceproviders)dealwithCAandPKIsolutionprovidersformorecustomersmovingtosharedITandcloudservices.WebelievethatexcellentprospectslayaheadforthebestCA/PKIsolutionproviders,simplybecausethistechnologyissowell-suitedtothetechnologyfuturethatliesontheimmediatehorizon.Vendorswouldbewell-servedtooptimizetheirsolutionsnow,andtorevisitcustomerswhomightnothavepurchasedsolutionsinthepast.Architecturesarechanging,soPKIisbecomingmorehighlyrelevanttotheresultingdistributed,virtualized
systems.BuyerswillthusbelikelytoselectafreshsetofCAandPKIsolutionpartnersinthecomingyears.ListofSupportVendorsACCV–AgenciadeTecnologiayCertificacionElectronicaisaSpanishpublicentityprovidingCA/PKIservices.Buypass–BuypassisaEuropeanfirmthatofferscertificatestosecureelectroniccommunicationsandotherapplications.Camerfirma–CamerfirmaprovideselectronicsecurityservicesincludingPKIandauthenticationacrossSpain.Certicom–NowpartofBlackberry,CerticomisaCanadiangroupthatownsEllipticCurvecryptography.CertifiedSecuritySolutions–TheprofessionalservicesfirminOhiosupportsprojectsinvolvingidentity,access,andPKI.CertiPath–Virginia-basedCertiPathoffersaPKI-basedtrustframeworkandsetofidentityservices.certSIGN–certSIGNisaUTIcompanyprovidingarangeofPKIandcertificationservicesinRomania.ChunghwaTelecom–TheTaiwanesecompanyprovidespubliccertificationauthorityservicesforSSLandotherapplications.CNNIC–CNNICisaChineseCAthathadsomebumpyinteractionswithGoogleandotherbrowservendorsin2015.Comodo–ComodoprovidesafullrangeofSSLcertificationsolutionsforsmall,medium,andlargecustomers.Cryptomathic–TheFrenchfirmspecializesindataencryptionandCA/PKItechnologiesandservices.CVCryptovision–CVCryptovisionisaGermancompanyfocusingondataencryptionandCA/PKIsolutions.DeutscheTelekom–TheGermantelecommunicationscompanyofferscertificationauthorityandPKIservices.DigiCert–DigiCertprovideshighassurance,low-pricedSSLcertificatesalongwithcodesigningandotherPKIservices.E-Güven–Turkey-basedE-GüvenprovidesarangeofcertificationauthorityandPKI-basedservices.EntrustDatacard–EntrustprovidesCAandPKIservicessupportingtenmillionidentityandpaymentcredentialsissuesdaily.E-Tugra–Turkey-basedE-TugraiscertificationauthorityandPKIsolutionprovidersupportingSSLandrelatedservices.Gemalto–GemaltohasexpandeditscybersecurityofferingstoincludeauthenticationinareascloselyconnectedtoPKI.GeoTrust–GeoTrustprovidesforonlinecustomersecuritywithSSLandcodesigningcertificates.GlobalSign–GlobalSignoffersitscustomersafullrangeofpersonal,SSL,andcodesigningcertificates.GoDaddyGroup–Themajordomainservicesandhostingproviderissuescertificatesaspartofitsservice.HongkongPost–HongkongPostissuese-CertcertificateswithdigitalsignaturesupportfromtheHongkongPostCA.IdenTrustSSL–IdenTrustSSL,nowpartofHIDGlobal,providesarangeofstandardandmulti-domainSSLcertificates.Izenpe–IzenpeisaSpanishX.509certificateauthorityandPKIservicesorganizationownedbytheBasquegovernment.JapaneseGPKI–ThisJapaneseGovernmentPKIgroupprovidesvariouscertificationauthorityandPKIservices.Logius–LogiusisagovernmentserviceinNetherlandsofferingCA/PKIsupport.Microsec–MicrosecisthelargestHungariancertificationauthorityandPKIsupplierofelectronicsignatures.NetLock–NetLockisaHungariansolutionsproviderofferingdigitalsignature,SSL,andrelatedPKIservices.NetworkSolutions–NetworkSolutionsisaWebhostingproviderofferscertificatesaspartofitsservices.OpenTrust–OpenTrustsupportsenterpriseandcitizentrustedidentitieswithCA/PKI-basedsolutions.PrimeKey–PrimeKeyisaSwedishcompanythatoffersopensourcePKI-basedproductsandservices.QualitySSL–QualitySSLofferscustomersafullrangeofhighassurance256-bitencryptedSSLcertificates.SecomTrust–SecomTrustisaJapanesesecuritycompanyofferingvariouscertificationauthorityandPKIservices.Qualys–QualysprovidesanSSLservertestfunctionforpublicWebserverstoincreaseassurance.QuoVadis–QuoVadisprovidesmanagedPKIservicestoassistwithdeploymentofdigitalcertificates.SafeCipher–SafeCipheroffersarangeofsecurityconsultingservicesincludingPKIsolutions,PCIservices,andencryption.SKIDSolutionsAS–TheEstonianPKI/CAservicescompanyprovidesCertificationCentreservices.StartCom–StartComisanIsraelifirmsupportingarangeofSSLandrelatedPKIservicesfortheenterprise.SwissSign–SwissSignisaSwisscompanyprovidingcustomerswithcertificatesandrelatedPKIservices.Symantec–Thelargecybersecurityprovideroffersindustry-leadingcertificatesandCA/PKIservicesincludingmanagedPKI.Thalese-Security–TheThalesGroupisaFrenchmultinationalofferingsecuritysolutionsincludingCA/PKI.TrustWave–TrustWaveofferscertificatelifecyclemanagementsolutionsforenterprisecustomers.Turktrust–TurktrustisaTurkishfirminMozilla’srootprogramsupportinge-signature,PKI-relatedR&D,andSSLapplications.TWCA–TWCAisaTaiwanesefirmofferingcertificateservices,SSL,PKIsoftware,andcertificatehardware.UnizetoTechnologies–UnizetotechnologiesisaPolishfirmprovidingcertificationauthorityandPKIsolutions.Venafi–Venafiprovidesauniquesetofenterprisecryptographickeyandcertificatesecuritysolutions.WISeKey–WISeKeysupportscommunicationsanddatasecuritywithpersonal,corporate,andserverSSLdigitalcertificates.WolfSSL–LocatedinWashingtonState,WolfSSLoffersanembeddedSSLlibraryfordevicesandIoT.Control10:CloudSecurity
CloudSecurityconsistofthemyriadofemergingsecurityfunctional,procedural,andpolicy-basedcontrolsrequiredtominimizetherisksassociatedwithcloudservicesusedbyindividualsandenterprise.Businessesrequirecloudsecurityriskreductionsastheytransitionfromperimeter-basednetworkstohybriduseofas-a-servicecapabilitiesinsharedcloudinfrastructure.Vendorofferingsincloudsecurityplayanimportantroleintheoverallprotectionsolutionforbothindividualsandenterprise.Specificallydesignatingtheprecisecategoriesofcloudsecurityischallenging,becausevirtuallyallcybersecurityproductsandservicesarebeingadjustedtothisnewapproach.Threatintelligenceandisolatedendpointsecurity,forexample,havebecomeintimatelyconnectedtocloudfortheiroperation.Nevertheless,wecanofferasimplethree-elementtaxonomytohelpenterprisesecurityteamsdifferentiatebetweennewlyemergingapproachesthataredesignedtoprotectcloud-residentassets:
• VirtualCloudWorkloadProtections–Virtualcloudworkloadprotectionsresideincloselogicalproximitytothecloudassetsbeingprotected.Suchanapproachincludesthefamiliarmicrosegmentsolutionsthatbindsecurityfunctionsintothecloudoperatingsystemorcontainerthatsupportsrun-timeexecutionofthecloudapplicationsbeingprotected.Cloudworkloadprotectionscanincludecompliance,scanning,firewall,attackdetection,andotherfunctionsthatmightbearrangedintoarun-timegauntletforcloudapplicationsembeddedinaserviceprovidercloud,cloudoperatingsystem,orotherrun-timeconstruct.
• CloudAccessSecurityBrokers–CASBsolutionsresideinthenetworkpathbetweenusersandcloudworkloadstofunctionallymediatesecuritypolicyrulesputinplacebyworkloadowners.CASBshavetheflexibilitytohousecompliance,identity,access,firewall,attackdetection,andmanyothersolutionsgiventheirvantagepointinthenetworkpath.Mostproductshavefocusedtheirinitialefforts,however,onofferingnetworkandsecurityvisibilitytosecurityteamsaboutusagepatternsofpubliccloudfromtheenterpriseperimeter.
• Software-DefinedNetworkSecurity–Thetransitionfromphysicalnetworkservicesindatacenters,LANs,andWANstotheirvirtualized,software-basedequivalenthastheeffectofessentiallyturningourlandlineandmobilenetworkinfrastructureintoanenormouscloud,withalltheattendantadvantagesandchallenges.SecuritysolutionstoprotectingSDNandassociatednetworkfunctionvirtualization(NFV)arestillintheirinfancy,butenterprisesecurityteamsshouldbeawareofthisnewprotectionmethod.Architecturally,SDNincludesacontrol-levelfunctionwithanapplicationprogramminginterfaceforadd-oncapabilitiessuchassecurityanalyticsandidentitymanagementtobeincludednativelyintheusagepathsfortechnologysuchas4G/LTEandemerging5Gmobilenetworks.
• CloudIsolatedSecurityTasking–Theuseofcloudasameansforisolatingsecuritytasksfromusersincludesnewcapabilitiessuchasvirtualdetonationtestingofpotentialmalwareinthecloud,orvirtualisolationofend-userbrowsingtopreventdangerousscriptsandbackgroundsiteexecutionfromreachingendpoints.Thesesolutionsarecharacterizedbytheirdeliberateuseofcloudasafunctionalmeanstoisolateandseparatepotentiallydangerousfunctionalityfromprotecteduserassets.
Theuseofcloudwillsoonbecomesufficientlyembeddedineveryindividualandenterpriseapproachtocomputingthatthiscategoryofsecuritycontrolwillbecomefullysubsumedbyothercontrolareas.Referencetocloudsecuritywilllikelyshiftintothesamecategoryasreferencestosystemsecurityornetworksecurity.Fornow,however,wechoosetoincludethisasaseparatecategorytohighlighttheongoingtransition.GeneralOutlookThegeneraloutlookforcloudsecurityinvolvestransitionfromzerouseofcloudsecuritysolutionstohighusageacrossallenterprisehybridcloudarchitectures.Thisfollowsthegrowingshiftinbeliefthatcloudisnolongeraproblem,butisratheranimportantpartofthesolutiontoreducingtheriskofadvancedcyberthreats.Firstgenerationcloudsecurityfrom1998to2007(andthetermwasbarelyusedintheearlypartofthatperiod)includedsomefocusoncomplianceanddataencryptionforsharedITservices.Secondgenerationcloudsecurityfrom2007to2016sawtheemergenceofearlyCASBandmicrosegmentsolutionswithgreatlyimprovedencryptionsupportandevensomeservice-levelagreements(SLAs)fromcloudprovidersinsecurity.WhileSDNandNFVemergedduringthisperiod,associatedsecurityapplicationsbarelyregisteredforusers.Thirdgenerationcloudsecurityfrom2016to2025shouldexpecttoexperiencemassivegrowthinCASBsolutions,microsegmentsolutionsadjacenttotheworkload,andcontainerizedsecurityforvirtualapplications.Inaddition,isolatedtasking,especiallyforbrowserswillbemorecommon,aswellascontinuedimprovementinthepracticaluseofencryptionforcloud-storeddata.TheemergenceofSDNandNFV-basedsecuritysolutionsasapplicationsboundtotheAPIofdatacenterandISP-hostedSDNcontrollerswillbecomeapowerfulnewoptionforenterprisesecurityteamswhodesireflexiblesecuritysolutionsintheirmobilenetworks.EnterprisebuyerswillbecomesavvieraboutthespecificsofcloudsecuritySLAs,especiallyinregulatedenvironmentswheresuchduediligencewillbecomeastricterrequirement.Expectcloudsecurityproviders,aswellasISPsofferingSDN,tomakeiteasierforbuyerstopoint-and-clickonsecuritytoolsinavirtualizedmarketplace,thustransformingthesecurityprovisioningexperienceforusersandenterprisecustomers.
Figure10.2018CloudSecurityOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,giventhegrowththathasalreadyoccurredinthisarea,combinedwiththeobviousadvantagescloud,SDN,andNFVusageofferCIOsandIToperationsteams.Evenifyouremovedallthesecurityadvantagesofthesetechnologies,thetransitiontovirtualizedsharedITandnetworkserviceswouldproceedonapurelycostreductivebasis.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsareadvisedtoensurethattheyhavesufficientteamstrengthfocusedinthisarea.Whileitmightbetemptingtojustassumethatallaspectsofcybersecurityaremovingtocloudandthateveryonemustbecomeanexperthere,thereareclearlyspecificcapabilitiessuchasCASB,microsegments,andSDNthatrequirefocusedstudy,learning,testing,andexpertise.Enterprisesecurityteamsshouldalsobelayingthegroundworkwithexecutivesandboardmemberstohelpthemovercomepreviously-heldbeliefsthatcompliancewouldbearoadblockintheprogressiontocloud.Thisisespeciallyintenseforregulatedenvironments,suchasbanking,wherethesenegativeviewsarestillstrong.Itwillbetimein2018forlargercompanieswhohavebeentestingcloudsecurityintheirinnovationcenterstomovethistechnologytothemainstreamwithlivedeploymentsforproductioninfrastructure.AdviceforSecurityTechnologyVendorsCloudsecurityvendorsshouldrecognizethatthecompetitionwillbefierceasthepreviouslyseparatecategoryof“cloudsecurity”beginstocollapseintotheentirecategoryof“cybersecurity.”Everycybersecurityvendorinthebusinesshasalreadybegunreferringtoitselfasacloudsecurityprovider,sodifferentiatingyoursolutionwillonlybecomemorechallenging.Thegoodnews,however,isthatasthemarchtovirtualizedcloudservicesaccelerates,theoverallpiebecomessomuchlargerthatslicingitupamongstmorevendorparticipantsshouldstillresultinsubstantivegrowthforeveryoneofferingareasonablesolution.Focusonsimplicity,eleganceofdesign,minimizationofcode,andstreamlineddeploymentviaSDN.Itwillbethesimplertoolsthatareeasiertouseandunderstandthatshouldmovethefrontofthepack.ListofSupportVendorsAlertLogic–TheHouston-basedfirmofferssecurityservicessuchasIPSandlogmanagementfromthecloudviaSaaSdelivery.AmazonWebServices–AWSintegratesvirtualizedcloudcapabilitywithembeddedoroverlayvirtualsecurityservices.Armor–RebrandedfromitsoriginalnameasFireHost,thecompanyofferssecurecloudhosting.Avanon–AvanonprovidescloudaccesssecuritywithDLP,scanning,sanitization,andotherfeatures.BigSwitchNetworks–BigSwitchisanSDNsolutionproviderwithsupportforin-linesecurityservices.Bitglass–Bitglassprovidescloudaccesssecuritybrokerservicestosupportmobileaccesstocloudapplications.BlueData–Thesmallstealthstart-upprovidesarangeofsecure,bigdatacloudsolutionsforenterprise.Boxcryptor–Boxcryptor,locatedinGermany,offersencryptionsoftwareproductstosecurefilesstoredinpublicclouds.BracketComputing–Bracketfocusesonsecureinformationformultiplecloudswithembeddedsecurity.BuddhaLabs–BuddhaLabsisaconsultingfirmthatmakesavailableapre-hardenedsecureAmazonMachineImage.Cyxtera–Cyxtera’sCatbirdgroupfocusesoncloudsecuritymicrosegmentcapabilitieswithVMwareandOpenStack.CatoNetworks–TheIsraelifirmprovidescloud-basedsecurenetworkingsolutionsforenterprise.CipherCloud–CipherCloud,supportsenterprisecloudsecuritysolutionsformonitoringandencryption.CipherGraph–CipherGraph,locatedinCalifornia,providesarangeofsecure,cloud-basedVPNaccess.Citrix–Citrixisapioneerinvirtualcomputing,andoffersarangeplatformservicesincludingsecuritysupportforitscustomers.Cisco–ThecompanyacquiredNeohapsis,whichoffersarangeofcloudsecurityandcomplianceprofessionalservices.
CloudLink–PreviouslyAforeSolutions,theCanadiancompanyoffersencryptionforcloudapplicationsandsystems.CloudLock–CloudLockisaMassachusetts-basedcompanyofferingcloudaccesssecuritybrokerandcybersecurity-as-aservice.CloudPassage–CloudPassageHaloprovidesinnovativecloudcompliance,securityvisibility,andvulnerabilitymanagement.DigitalGuardian–ThecompanyprovidesarangeofcloudsecuritysolutionsviaitsacquisitionofArmor5.Dome9–LocatedinIsrael,Dome9offersasecurityandcompliancesolutionforpublicandprivatecloudservices.Evident.io–Evident.ioprovidesacontinuouscybersecurityplatformforAmazonWebServicescustomers.F5–F5includescloudsecuritysolutionsinitsextensiverangeofnetworkandsecurityproductsandservices.ForumSystems–ForumSystemsprovidesAPIsecuritymanagementinsupportofcloudandenterprisesystems.FireLayers–FireLayers,nowpartofProofpoint,extendstheperimetertoallowaccesstocloud-residentapps.5nineSoftware–TheIllinois-basedcompanyprovidescloudandvirtualizationmanagementsolutionsandsecurityapplications.FlawCheck–NowpartofTenableNetworkSecurity,FlawCheckoffersmalwareprotectionforvirtualLinuxcontainers.Fortinet–Thecompanyhasanextensiverangeofsecurityproductsandservicesincludingsolutionsforcloudsecurity.ForumSystems–ForumSystemsprovidesproxysolutionsforcloudstorageinitssuiteofAPIandcloudgatewayproducts.GajShield–TheIndianfirmincludesarangeofcloudsecuritysupportwithitsfirewallandDLPofferings.GuardiCore–Israelistart-upGuardiCoreoffersrealtimethreatdetectionandmitigationviaSDN.HyTrust–HyTrustoffersarangeofcloudandvirtualsecuritymanagementsolutionsfortheenterprise.IBM–IBMsupportscloudsecurityrequirementsthroughintelligence,accessmanagement,andotherproductfeatures.Illumio–Illumio,locatedinSunnyvale,offersarangeofdynamicvirtualandcloudworkloadsecurityprotections.Imperva–Impervaofferscloudbrokersolutions,andmakesSecureSphereavailableforAWScustomers.IronSDN–ThesmallcompanyoffersauniquesecurityfunctionalprotectionsolutionforintegrationwithSDNinfrastructure.Juniper–ThecompanyhasaportfolioofnetworkandsecurityproductssupportingSDN,cloud,andvirtualnetworking.ManagedMethods–TheBoulder-basedcompanyoffersarangeofcloudmonitoringandcloudaccesssecuritysolutions.Microsoft–MicrosoftintegratescloudaccesssecuritybrokersservicesthroughitsAdallomacquisition.nCryptedCloud–LocatedinMassachusetts,nCryptedCloudsupportssecurecloudcollaborationandsecurefilesharing.NakinaSystems–NowpartofNokia,NakinaSytemsprovidesasuiteofnetworkintegrityandsecuritysolutionsforSDN.Netskope–NetskopeprovidescloudaccesssecuritybrokerservicesviatheNetskopeActivePlatform.Netwrix–LocatedinIrvine,Netwrixoffersarangeofsolutionsforauditinghybridcloudenvironments.Palerra–Palerraenablescloudsecurityautomationwiththreatdetectionandincidentresponsesupport.PerfectCloud–PerfectCloudisaCanadianfirmsupportingarangeofsecurityprotectionsforcloud.Porticor–Thesmallcompany,nowpartofIntuit,providescloudsecurityanddataencryption.PrivateCore–PrivateCore,acquiredbyFacebook,offersvirtualsolutionsfortrustedexecutionofsoftwareinthecloud.Protectwise–TheDenverfirmofferscloudsecuritythroughnetworkcapture,forensics,andanalysis.Protegrity–ProtegrityprovidesarangeofBigDataandcloudsecuritysolutionsincludingencryption.Rackspace–Rackspaceintegratessecurityprotectionsintoitssuiteofcloudcomputingsolutions.SAP–TheGermanfirmincludessecurityanddataprotectionsolutionsforcustomersusingitsproductsinthecloud.Seculert–LocatedinMenloPark,Seculertprovidesavirtual,cloud-basedplatformaccessibletoenterprise.SilverSky–NowpartofBAESystems,SilverSkyoffersarangeofadvancedcloudsecuritycapabilities.SkyhighNetworks–TheCupertino-basedfirmoffersasolutionforsecuritymanagementofcloudaccessbytheenterprise.Symantec–Thesecurityfirmincludescloudsecuritysolutionsinitsextensiverangeofproductsandservicesfortheenterprise.ThreatStack–TheBoston-basedcompanyprovidescontinuoussecuritymonitoringforelasticinfrastructure.TrendMicro–TrendMicrooffersSecureCloudtoprotectdatainvirtualizedcloudenvironments.Twistlock–LocatedinSanFrancisco,Twistlockoffersvulnerabilitydetectionandrelatedprotectionsforvirtualcontainers.vArmour–vArmour’sdistributedperimetersolutionprovidesaneffectivemeansforvirtualizingtheenterpriseedge.Vaultive–VaultiveprovidescloudandSaaSapplicationdataencryptionsolutionsvianetwork-levelproxy.Vidder–Vidderprovidessoftwaredefinedperimetersecurity,whichcanbeintegratedwithcloudarchitectures.VMware–VMwareoffersacloudplatformonwhichtointegratesecuritysolutions.Zscaler–Zscaler’sWebsecuritysolutionsarewellpositionedtosupportsecurityprotectionsofcloud-basedcomputing.Zentera–TheSanJose-basedfirmoffersanoverlayvirtualnetworktoconnecttheenterprisetocloudservicessecurely.Control11:DDOSSecurityDistributedDenialofService(DDOS)Securityconsistsofthefunctionalandproceduralmeasuresrequiredtopreventmaliciousattacksthatutilizevoluminoustraffic,requests,ordatafromdistributedsourcestooverwhelmatarget’sabilitytofunction.MostDDOSattacksinvolveusingmalwaretotransformunwittingcomputersintoso-calledbotsthatareparticipantsina
botnetcontrolledbyothercomputers(commandandcontrolnodes)thatarealsounwittinglyinfectedwithmalware.Humanbotnetoperatorscontroltheissuanceofcommandsfromthecommandandcontrolnodestothebotsthatresultinfloodsofattacktrafficbeingaimedatavictim.SinceDDOSattacksofteninvolveamplificationandreflection,protocolsandservicesontheInternetthatsupportbothcapabilitiesareoftenimplicatedasparticipantsinanattack.ExistingprotectiontechniquesforsecuringinfrastructurefromDDOSattacksfallintothefollowingcategories:
• NetworkAttackMonitoring–Thisinvolvesnetwork-residentplatformsthatcollectdataanddeterminewhetherattackspikeswarrantattentionbasedondeterminedthresholdsestablishedfromprofilesofnormalbehavior.
• Layer3PacketScrubbing–Thisisthetraditionalhuman-controlled(withautomatedassistance)diversionofmalicious,voluminoustraffictospecialscrubbingsystemsthattrytofilteroutbadpacketswhilemaintainingsessionintegrity.
• Layer7ApplicationFiltering–ThisistheextensionofDDOSattackfrompacketfloodstomoreintenseoverwhelmingofapplicationsvialogicalusageoftheapplicationfromwhatmightappeartobeanormaluser.
Inadditiontothesefamiliartechniques,DDOSsecurityhasalsoincludedspecialgrouptakedownsofbotnets,administrativeagreementtoremoveeasilyamplifiedservices,andotheradhocmeasuresbyvolunteersandwillingcorporateparticipants.SinceDDOSattackersdonotfollowconventionalrules,weshouldneverclaimcertaintyinanypredictionsaboutthreat,butitseemslikelythatDDOSattackswillgravitatetowardmobility,IoT,virtualization,andcloud.Withattacksizesnowinthemultiple100Gbpsrange,manyobserversexpecttoseeanattackreach1Tbps,mostlikelyfromanIoT-infectedbotnet.ISPpeeringcapacity,whichhoversinthe1Tbpsrange,willprovideanaturalceilingonattacksizes.GeneralOutlookThegeneraloutlookforDDOSsecurityinvolvestransitionfromlowdeploymentratesacrossbusinesstohighdeployment,asbusinessesofallsizesgearuptopreventincomingDDOSattacks.WiththisincreaseddeploymentwillcometheincreasingobligationtomovefromsimpleattackdetectionandpreventionbasedonobviousindicatorstothemitigationofDDOSattackswithsubtleearlyindicators.FirstgenerationDDOSsecurityfrom1998to2007involvedsimpleflooddefensesusingbasicguardtechnologyinthesingleMbpsrange.SecondgenerationDDOSsecurityfrom2007to2016involvedhighervolumeattackdetection,includingearlylayer7attacksinthetenstonowhundredsofGbpsrange.ThirdgenerationDDOSsecuritywillhavetodealwithattacksintheTbpsrangeusingadvancedmobileandIoTbotnets.Securitysolutionswillhavetorelyontheuseofvirtualizationtoexpandabsorptioncapabilitydynamicallyasapplication-levelattacksprogress.
Figure11.2018DDOSSecurityOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookismoderate,becausecyberattackvolumesaresohardtopredictreliably.Wecansaywithconfidence,however,thatDDOSattacksareunlikelytogoawaysoon,andthattheywillgetsmarter,bigger,andmoredangerousinthecomingyears.Defensivemeasureswillhaveahardtimekeepingup.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsareadvisedtotakeanaccurateinventoryoftheirexistingDDOSsecuritycoverageatbothLayer3and7withtheirexistingserviceproviderorvendor.MostorganizationsshouldnotbebuildingtheirownDDOSdefenses,butshouldratherbeobtainingadvancedservicesfromaprovidersuchastheirISPorMSP.Animportantquestiontoaskyourproviderishowtheywoulddealwithcatastrophicconditionsinwhichmultiplemajor,concurrentattackstomultiplecustomerswouldbehandled.Therearenoregulationsinanycountryaboutmaintainingminimumlevelsofsufficientprocessingcapabilityincaseofdisasters.Nowisthetimetobegindiscussionswithyourprovideraboutextendingprotectionsintocloud,IoT,andmobileinfrastructures.EnterpriseteamsshouldalsobedevelopingresiliencyplanstoensureproperoperationalmissionsupportinthepresenceofsuccessfulDDOSattacks.AdviceforSecurityTechnologyVendorsDDOSsecurityvendorsshouldberethinkingtheirfuturesolutionsinthecontextofdistributed,virtualizedenterprisecustomersusingcloudservices.ThisbegssignificantlydifferentDDOSprotectionsthantheperimeter-protectedgatewaysofthepasttwodecades.VendorsshouldalsorecognizethattheprogressionofattacksizefrombotnetsfromMbpstoGbpstoTbpswillnotcontinueindefinitely(thereisnoMoore’sLawforDDOSattacksizefrombotnets).Instead,vendorsshouldexpecttoseetargetedattacksthatfocusapplication-levelenergyonavictim,ratherthanacontinuanceoflargeDDOSattacksthatusevolumetooverwhelminfrastructure.Inaddition,IoT-generatedDDOStrafficwillbeoneofthelargestattacktrendsincybersecurityinthecomingyears.VendorswiththeabilitytoreduceIoTattackriskwillseeconsiderable
success.ThismightrequiresomedomainknowledgeforcertaintypesofIoTdevices,particularlyintheindustrialcontrolOTecosystem.ListofSupportVendorsAkamai–ThroughitsProlexicacquisitionAkamaiprovidesacarrier-independentDDOSfilteringserviceforenterprise.ArborNetworks–ArborNetworks,acquiredbyNetScout,providesanadvancedDDOSdetectionandmitigationplatform.A10Networks–SanJose-basedA10Networksisanapplicationdeliverynetworkprovider,whichincludesDDOSservices.AT&T–AT&Tprovidesworld-classDDOSmitigationservicesformanagedInternetenterprisecustomers.BellCanada–BellCanadaprovidesDDOSmitigationservicesformanagedInternetenterprisecustomers.BT–BTprovidesarangeofDDOSmitigationservicesformanagedInternetenterprisecustomers.BlackLotus–NewlyacquiredbyLevel3,BlackLotusoffersenterprisecustomersDDOSsecuritycapabilities.CloudFlare–CloudFlareisanapplicationandcontentdeliverynetworkproviderincludingDDOSservices.Corero–Corero,locatedintheUK,isanetworksecurityservicescompanythatincludesalineofDDOSdefensesolutions.CrypteiaNetworks–CrypteiaisathreatintelligenceandMSSproviderinGreecethatincludesDDOSpreventionservices.DOSarrest–TheCanadianfirmoffersarangeofcloud-basedWebsitedefensesolutionsforDDOSattacks.F5–F5offerstheSilverlineDDOSdefensiveproductforenterprisebasedonitsacquisitionofdefense.net.Fortinet–FortinetprovidesaDDOStechnologysolutionforcarriersandlargeenterprise.Huawei–HuaweiprovidesaDDOSplatformforcarriersandlargeenterprise.Imperva–TheWebsecurity,cybersecurity,anddatabasesecuritycompanyincludesDDOSsolutions.Link11–GermanCDNandhostingfirm,Link11,offersarangeofDDOSprotectionservicesforcustomers.Neustar–TheVirginia-basedcompanyoffersinfrastructuresecuritysolutionsincludingDDOSprotection.NexusGuard–SanFrancisco-basedNexusGuardprovidesarangeofDDOSdetectionandmitigationservicesforenterprise.NSFOCUS–Chinesecompany,NSFOCUS,offersDDOSmitigationsolutionsinconjunctionwithitsWAFandIPSsolutions.QratorLabs–TheRussianfirmprovidesnetwork-basedsolutionsforDDOSattackstotheenterprise.Radware–RadwareprovidesanadvancedDDOSplatformforcarriersandlargeenterpriseincludinglayersevencapabilities.RioRey–RioReyprovidesahighperformanceDDOSplatformforcarriersandlargeenterprise.SecurityDAM–SecurityDAM,headquarteredinTelAviv,focusesonDDOSforusebyMSSPs.Sentrix–NowpartofTrustedKnight,Sentrixofferscloud-basedWebapplicationsecurityandDDOSprotection.ShapeSecurity–ShapeSecurityoffersdetectionofautomatedattackssuchasbotnetsaimedaWebsites.Sharktech–LasVegas-basedSharktechoffersagatewaysolutionforprotectingenterprisenetworksfromDDOS.Staminus–NowpartofStackPath,StaminusoffershybridDDOSprotectionandmitigationservices.Sucuri–SucuriprovidesvariousWebsiteprotectionsagainstmalwareanddenialofserviceattacks.Verisign–VerisignprovidesDDOSfilteringserviceforenterprise.Verizon–VerizonprovidesadvancedDDOSdetectionandmitigationservicesforitsmanagedInternetenterprisecustomers.Zenedge–ZenedgeoffersarangeofDDOSprotectioncapabilitiesembeddedinitsWebapplicationfirewall.Control12:EmailSecurityEmailSecurityconsistsofthefunctionalmechanismsrequiredtopreventemailcontentorpayloadsfrominfectingrecipientswithmalware,andtosupportpropertiessuchasconfidentiality,digitalsignatures,senderauthentication,andintegritycontrolusingcryptographiccontrols.Surprisingly,emailsecurityhasexperiencedrelativelyfewerinnovationsinthepastdecade,particularlyincross-domainencryptionsupport.Thatis,twoindividualsfromdifferentcompaniesarejustasunlikelytohavethefacilitytomutuallyencryptorauthenticateemailastheyweretenyearsago.Recentfilteringadvancesforemailcontentandattachmentshavetakenadvantageofvirtualizedcomputingandadvancedalgorithms.Forenterpriseusers,emailsecurityincludescontrolsinthefollowingareas:
• EmailEncryption–Thisincludesthealgorithmicandkeymanagementfunctionsnecessarytoencryptemailfromthird-partypryingeyeswhomightbeeavesdroppingontheInternet.
• DigitallySignedEmail–Thisincludesthecryptographicandkeymanagementsupportrequiredforsenderstodigitallysignemailandforrecipientstovalidatesuchreportedidentities.
• EmailFraudPrevention–Thisincludestheinfrastructure-levelcontrolsrequiredtologicallyconnectreportedsenderidentitiestoreportedaddressesforassociatedmailservers.
• EmailContentandAttachmentFiltering–Thisistheadvancedsecurityfunctionalityrequiredatgatewaysandelsewheretodetectandfiltermaliciouscontentorattachmentsinemail.
Thesefunctionsaretypicallyprovidedbydifferentvendors,whichcomplicatesthecreationofarobustend-to-endsecurityarchitectureforemail.Amajorriskforanyproviderofemailsecurityistherelativelyblaséapproachmostmillennialstaketotheuseofemailforcommunication–withmostoptingformoreimmediateformsofcommunicationincludingtextingandsocialposts.GeneralOutlookThegeneraloutlookforemailsecurityinvolvestransitionfromthepriorfocusondealingwithminorthreatswithlowintensityattackssuchasbasicphishingtothegreaterchallengeofdealingwithmuchhigherintensitythreatssuchas(ahem)not-so-basicphishing.Thetransitionalsoinvolvesashiftfromlightlydeployedsecurityfilters,withlightattentiontostandardssuchasDMARC,tomuchmoreextensiveuseofthesemalwaretoolsandsecuritystandards.Firstgenerationemailsecurityfrom1998to2007involvedthemostbasicemailanti-virussoftwarerunningoncorporategateways.Thesetoolswerelargelyineffectiveindetectingmosttypesofmalware.Almostnoonewasusingdataencryptiontoolsforemailduringthatperiod,exceptforenterprisesolutionsrunningwithinlargecompaniesforinter-employeeemailsecurity.Secondgenerationemailsecurityextendedtomoreadvancedfiltersatincreasinglydistributedgateways.Dataencryptionanddigitalsignatureuseinbusinessandpersonalemailremainedlightduringthisperiod.Thirdgenerationemailsecurityfrom2016to2025shouldexpecttoseemoreintensephishingchallengesbeingdealtwitheffectivelybybetteremailcontrolsthatusemachinelearningandthatsupportvirtualizedemailinthecloud.Duringthisperiod,businessuseofemailwillalsoexperienceasignificantshiftdownward,beingreplacedbyotherformsofmoreimmediatecommunicationpreferredbycurrentMillennialsincludingtexting,collaborationtools,andsocialposting.Theresultofimprovedsecuritywithreducedemphasisonemailinpersonalandbusinessusewillbeanastoundingreductionintheemailthreat.Phishingwillbecomelessintense,sinceuserswillbemuchmoreastuteaboutwhattheyclickon,andvirtualcomputingandisolatedbrowsingwillcontributetoalesseningofoverallcyberrisk.
Figure12.2018EmailSecurityOutlookTheTAGCyberdegreeofconfidenceinthisoutlookismoderate,sincethethreatintensityisbeing(boldly)predictedheretolessen,whichisalwaysatenuousstatementinanyaspectofcybersecurity.Nevertheless,weseerealimprovementsinsecurityinthisarea,andthatwillbegoodnewsforanyoneinbusinessorusingemailontheInternet.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsareadvisedtocontinuealongthepathofperformingsecurityawarenesstoreducetheriskofusersclickingonattachments,runningAIandmachinelearningtechnologyinemailfilteringsolutions,anddeployingstandards-basedsolutionssuchasDMARCtoreduceriskaswell.IfyouarenotusingaDMARC-basedsolutiontoprotectyouremailtoday,thenit’stimetodaytorectifythatgap.TheuseofencryptionanddigitalsignaturesinemailwilllikelyneverreachthelevelofSSLusewithwebservices,butenterpriseteamsshouldneverthelessconsidersecuremeansforfiletransfer,probablyusingcloud,tosupplantinsecurefiletransferusingunencryptedemail.Securityteamsshouldexpectandwelcomethetransitionfromheavyemailusetotexting,socialmedia,andcollaborationplatformusage.AdviceforSecurityTechnologyVendorsEmailsecuritytechnologyvendorsshouldrecognizethattheuseofemailwillshrinkinbusinessandpersonaluseinthecomingyears.Thisisafactthatisdisputedwithperil.Vendorsshouldoptimizetheirpositioningwithenterprisefortheforeseeablefuture,perhapswithlongertermcontractstolockinbusiness.Betteralgorithmsandtechnologytodetectmalwareinpayloadswillcontinuetobeanimportantdifferentiator.Secureemailsolutionswillbesupplantedbyincreaseduseofsecurecloudservices,collaborationtools,andprivatetexting.Keepinmindthatbusinesscommunicationswillnevercease–theywillsimplyshiftinhowthetaskisaccomplished.ListofSupportVendorsAgari–AgariprovidesemailsecurityinfrastructuremonitoringincludingDKIMandSPF-basedmisuseandfraudanalysis.AppRiver–AppRiverisacloud-basedsecureemailhostingwithSpamandvirusprotectioncapability.AT&T–AT&Toffersnetwork-basedemailsecurityfilteringandpolicyenforcementthroughtechnologypartnership.BarracudaNetworks–BarracudaprovidesarangeofproductsandservicesforemailSpamandvirusfiltering.
Cisco–Ciscoprovidesastandardemailsecurityplatformandservicefeatures.Clearswift–NowpartofRUAG,theClearswiftSecureEmailGatewayincludessecurityprotectionsforemail.Comodo–ComodoincludesafreeEmailsecuritysolution,ananti-Spamgateway,andencryption/authenticationsupport.Dell–TheDellSonicWALLsolutionincludesadvancedanti-Spamandadditionalfeaturestosecureemail.EdgeWave–EdgeWaveofferscloud-basedsecureemailhostingwithSpamandvirusprotectioncapability.FireEye–FireEyeprovidesanAPT-detectionplatformforaddressingemailSpamandfilteringmalware.Forcepoint–TheTRITONAP-EMAILprovidessecureemailgatewayfeaturesforthisRaytheonWebsensecombination.Fortinet–FortinetprovidesanintegratedplatformsolutionforaddressingemailSpamandfilteringmalware.GFISoftware–GFIoffersarangeofcloud-basedsecureemailhostingwithSpamandvirusprotectioncapability.Google–ThepopularGmailproviderincludesarangeofsecurityfeaturesincludingOpenPGPforencryption.HPE–TheVoltagesolutionfromHPEoffersarangeofemailencryptioncapabilitiesforenterprise.Microsoft–MicrosoftsupportsarangeofsecurityoptionsforemailwithOutlookandExchangeoffering.Mimecast–Mimecastofferscloud-basedsecureemailhostingwithSpamandvirusprotectioncapability.OPSWAT–OPSWATincludesemailsecuritywiththeMetascanmailagent,whichdetectsmalwareandemail-bornethreats.Proofpoint–Proofpoint’semailsecurityproductplatformprovidesmalwaredetectionandremovalforemailwithquarantine.ReturnPath–ReturnPathemailsecurityinfrastructureservicesincludingDKIMandSPF-basedmisuseandfraudmonitoring.SilverSky(BAE)–SilverSkyoffersaportfolioofsecureemailcommunication,collaboration,andinfrastructureservices.Sophos–RecentlyacquiringCyberoam,SophosofferssecureemailgatewaywithDLP,threatdetection,andanti-Spam.Symantec–Symantecincludesrangeofsecureemailfeaturesincludingend-to-endencryption.TargetProof–TheTargetProofsolutionfocusesonfraudpreventionforemail,Web,anduserauthentication.ThreatTrackSecurity–ThreatTrackincludesadvancedthreatdetectionforemailinitsanti-malwaresolution.TrendMicro–TrendMicroofferspolicy-basedencryptioncapabilityforenterpriseandconsumeremail.TrustWave–TheTrustWaveSecureEmailGatewayincludesthestandardsetofsecureemailfeaturesfortheenterprise.Verizon–Verizonoffersanetwork-basedemailsecurityfilteringandpolicyenforcementservice.WatchGuardTechnologies–WatchGuardprovidesasecureemailandWebgatewayaspartofitsUTMandfirewallofferings.ZixCorp–ZixCorpofferssecureemailsolutionsincludingencryptionforcompaniesandindividuals.Control13:InfrastructureSecurityInfrastructuresecurityincludesthefunctionalandproceduralcontrolsthatareusedprimarilybygovernmentsandserviceproviderstoreducecybersecurityriskinlarge-scalesharedinfrastructureincludingthepublicInternet.CISOteamsrarelyhavemuchcontroloverthesetypesofprotections,butaredeeplyaffectedbythedegreetowhichtheyareproperlyattended.Theprimarytraditionalfocusareasforinfrastructuresecurityhavebeendomainnamesystem(DNS)andbordergatewayprotocol(BGP)protectionsandsecuritysystemoverlays.Technicalsolutionshavetendedtoutilizepublickeyinfrastructure(PKI)tohardensystemsandprotocolsagainstknownattacks.Morerecentattentiontoglobalcybernormsacrossgovernmentsandlargeprovidershascomplementedthesefunctionalmeasurestodealwiththeincreasingriskoflarge-scaleattacksthatcascadeacrosstheInternet.Serviceprovidershavebeenbuildingprivateinfrastructureprotectionsbasedonsecurepeer-to-peergatewaysbetweenvirtualprivatenetworks(VPNs)andcloudinfrastructure.ThisreducesdependencyonpublicnetworkssuchastheInternet.SDN-basedvirtualizednetworksofferincreasedsecurityflexibilityattheinfrastructurelevelbyminimizingthehardwarebasetoasmalltrustedcoreandbysupportingtheabilitytodynamicallyservice-chainvirtualsecurityfunctionalityviaapplicationinterfacesonSDNcontrollers.Futureinfrastructuresecurityriskishighlyuncertainandcouldeasilyfollowpathsofroughlyequalprobabilitytowardincreased,continued,orreducedrisk(obviously,atautology).Whileitisneverfashionableforanalyststoflipacoininmakinganassessment,thefutureofinfrastructuresecurityforsystemssuchasDNSandBGPisimpossibletopredict.Ifamassive,large-scaleattackshouldoccur,forexample,thenregulatory
controlsintheseareascouldcomplicatemattersconsiderably.Thisisanareaofgreatriskforenterprisesecurityteams.GeneralOutlookThegeneraloutlookforinfrastructuresecurityinvolvestransitionfromlowerintensityinfrastructuresecurityincidentssuchasminorroutingproblemsorDNSamplificationforDDOStopotentiallymoreintenseattacksattheinfrastructurelevel,potentiallyresultinginlife-criticalorcatastrophicconsequences.Thisincreaseinintensitywillresultinanincreaseinemphasisacrossthecommunity–albeitwithfewpracticalstrategiesthatcanbetakenbythetypicalenterpriseteam.Firstgenerationinfrastructuresecurityfrom1998to2007wascharacterizedbyearlyrecognitionoftherisksassociatedwithDNSandBGP.EffortstousePKItosecurebothprotocolswereessentiallyfailuresduringthisperiodduetolackadaisicaladoptionbygovernmentsandserviceproviders.Secondgenerationinfrastructuresecurityfrom2007to2016sawmoreofthesame–withDNSandBGPriskgrowing,andtheassociatedriskmitigationsshowingnegligibleimprovementoradoptionrates.Thirdgenerationinfrastructuresecurityfrom2016to2025isimpossibletopredict,excepttoacknowledgethattwoofthethreescenariosdonotincludegreaterrisk.Thatis,ISPinitiativesinpeeringsecurity,SDNandNFVunderlyingbasedesign,increasedshifttomobility,anddeeperuseofvirtualizationcouldresultinlowerrisk,oratleastcontinuedlevelsofrisk.Thepossibilitydoesexist,however,thatsomemaliciousgroupmightfinallyuseinfrastructureweaknessestocauseatrulycatastrophicevent.
Figure13.2018InfrastructureSecurityOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookislowtomoderate.Certainly,itisatautologytosaythatthingswillgetbetterunlesstheydonot.Thatsaid,ourconfidenceislowregardingpredictionofwhichofthethreepossiblefutureswillbeachievedforinfrastructuresecurity.Mostcybersecurityexpertswouldlikelysharethispessimisticviewofinfrastructuresecuritymovingintothenextgeneration.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsareadvisedtoputpressureontheirserviceprovidersandgovernmentleaderstomaintainfocusinthisarea.Weshouldencourageserviceproviders,for
example,tofollowemergingcybernormsthatminimizethedeploymentofservicesandprotocolsthatcanbeamplifiedforDDOSpurposes.Weshouldalsoencouragegovernmentstobethoughtfulinresponsetothegrowingintensityofinfrastructureattacks.Poorlyconceivedorrushedlegislationislikelytooccuriflarge-scalerouting,naming,orotherinfrastructureattacksshouldoccur.ExpectDNSandBGPweaknessestoremainlargelyunsolvedsecurityrisksacrosstheglobe.AdviceforSecurityTechnologyVendorsInfrastructuresecurityvendors–andthisisadifficultcategorytodefine–shouldrecognizethattheyplayadualroleinthecomingdecadeformodernsociety:Certainly,theyhavetheirbaselineobjectiveasvendorstoprovidefinancialreturnsfortheirshareholdersandinvestors.Theyalso,however,carrytheburdentohelpserviceprovidersandgovernmentsavoidcatastrophicinfrastructureattacksthatcouldhaveseriousconsequencesforglobalsociety.Educatingcustomersabouttherisksofinfrastructureattacksisthebestvendorstrategyonemightconceive,becauseawarenessofthepossiblethreatsinthisareawillnotonlybegoodforbusiness,butwillhelpdecisionmakersselectthemostsecureandreasonablepathsforward.ListofSupportVendorsAgari–AgarisupportsemailsecurityattheinfrastructurelevelthroughDKIMandSFPmonitoringandcontrols.Akamai–AkamaioffersCDN-basedcontrolsandDDOSprotectionattheinfrastructureandglobalnetworklevel.AlphaGuardian–AlphaGuardiansupportsdatacenterinfrastructureprotectionsforserversandtelecommunications.AmazonWebServices–AWSensuresproperinfrastructurecontrolsintoandoutoftheirvirtualservices.AT&T–GlobalTier1ISPslikeAT&Tplayakeyroleinprotectinginfrastructureforenterprisenetworks.Box–Boxincludesservicestoensureinfrastructurecontrolsintoandoutoftheirservicesaswellasforvirtualservices.BT–GlobalTier1ISPssuchasBTplayakeyroleinprotectinginfrastructureforenterprisenetworks.CloudFlare–CloudFlareoffersCDN,optimization,DDOS,andDNSinfrastructuresecuritysolutions.DeutscheTelekom–GlobalTier1ISPssuchasDeutscheTelekomplayaroleinprotectingenterprisenetworks.DomainTools–DomainToolsprovidesdomain,network,andmonitoringtoolsforlook-up,research,andinvestigation.Dropbox–Dropboxincludesinfrastructuresecuritycontrolsintoandoutoftheircloud-basedstorageservices.FarsightSecurity–FarsightSecurityprovidesthreatintelligencefeedsfromrealtimepassiveDNSsolutions.Google–GoogleensuresinfrastructurecontrolsintoandoutoftheGooglecloud.IBM–IBMfocusesonensuringproperinfrastructurecontrolsintoandoutoftheIBMcloudaswellasforvirtualservices.Infoblox–InfobloxoffersarangeofsecureDNS,networkservices,andnetworkautomationservices.Microsoft–MicrosoftprovidesinfrastructurecontrolsintoandoutoftheAzurecloudaswellasforvirtualservices.Neustar–TelephonyproviderNeustaroffersarangeofinfrastructuresecuritysolutionsincludingfocusonDDOSandDNS.NCCGroup–NCCincludesdomainsupportthroughthehighassurance“.trust”solutionforreducednetworkrisk.Nominum–NominumsupportsarangeofDNSnetworkinfrastructureandcybersecurityanalytics.Norse–NorseprovidesactivemonitoringofnetworkandBGP-relatedtelemetryandsecuritymetrics.NTT–GlobalTier1ISPssuchasNTTplayakeyroleinprotectinginfrastructureforenterprisenetworks.OpenDNS–TheSanFrancisco-basedfirmoffersclouddeliverednetworksecuritythroughenhancedDNSprotection.ReturnPath–ReturnPathoffersarangeofinfrastructure-levelemailandrelatedsecurityservices.SchneiderElectric–Thecompany(APC)providessolutionsfordatacenterandinfrastructuremanagement.ThousandEyes–ThousandEyesmonitorsBGProuting,paths,andVOIPforimprovedtrouble-shootingandprotection.Tufin–TheIsraelicompanyoffersfirewallpolicyorchestrationforenterpriseinfrastructure.Verisign–Verisignprovidesinfrastructureservicesincludingdomainservices,DDOS,andrelatedcontrols.Verizon–GlobalTier1ISPssuchasVerizonplayakeyroleinprotectinginfrastructureforenterprisenetworks.Control14:NetworkMonitoring
Networkmonitoringforcybersecurityconsistsoftheadvancedtoolsandassociatedprocessesrequiredtocapturenetworkdata,usuallyathighcapacity,forthepurposesofretention,aggregation,correlation,analysis,andultimatelyaction.Motivationsfornetworkmonitoringrangefromadvancedpersistentthreat(APT)avoidancetolawfulinterceptbyserviceproviders.Networkmonitoringtoolshavedifferentiatedinthepastpurelyontheirabilitytoexpandtogrowingbandwidth.Morerecently,thedifferentiationpointshaveevolvedtoincludetheabilitytoperformadvancedanalysisatlinespeed,aswellastoreliablyconnectdatafeedsgatheredfromalargegroupofdistributednodes.Smallandmid-sizedbusinesses(SMB)havetendedtonotutilizenetworkmonitoringtoolsdirectly,butwiththeprogressiontosharedITservicesincloud,amuchwiderswathofusersislikelytoemerge.Virtualizationclearlychangesthenatureofmanynetworkmonitoringsolutions,shiftingfromIPconnectionsbetweencomputerstoapplicationprogramminginterfaces(APIs)betweenprocesses.ThislowerstherequirementsforanetworkmonitoringtooltohandleindividualcapacityfromtheexpectedTbpsrangeforISPstosomethingconsiderablylowerforcloudworkloadcollectionandprocessing.GeneralOutlookThegeneraloutlookfornetworkmonitoringinvolvestransitionfromlowcollectionandprocessingcapabilitiestomuchhigherfunctionalityinbothareas.Inaddition,networkmonitoringforcybersecurityismovingfrommorestand-alonecentralizedmonitoringtomoredistributedaggregatemonitoringofhybridinfrastructure.Firstgenerationnetworkmonitoringfrom1998to2007involvedhardwareappliancesperformingbasiccaptureatlogicalchokepointgateways.Secondgenerationnetworkmonitoringfrom2007to2016involvedincreasedcapacitywithadvancedanalyticsatlinespeed.Thissecondgenerationalsoincludedearlysupportforhybridcloudarchitecture.Thirdgenerationnetworkmonitoringforcybersecurityfrom2016to2025shouldexpecttoseetwobranchesofoperationalsupportemerge.ISPswillcontinuetoneedmassivecapacitysupportreachingintotheTbpsrangewithfulllinespeedanalytics.Mostenterprises,however,willfollowadifferentpathwithmoredistributedworkloadsrequiringmonitoring,aswellasembeddedmonitoringinmicrosegmentsthatmustbeaggregatedintoacommonview.
Figure14.2018NetworkMonitoringOutlook
TheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,giventheobvioustrendsinISPandenterprisenetworking.Advancesinanalyticshavetrackedgrowthincapacityclosely,andthisislikelytocontinueforthenextdecade.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsareadvisedtoconsidernetworkmonitoringsolutionsiftheyhavenotalready.Integratingadvancednetworkcaptureandanalyticsintotheenterprisesecurityarchitectureisapowerfulenhancement,andmoreteamsshouldconsiderthisoptioninthecomingyears.ISPsshouldcontinuetoworkwithnetworkmonitoringvendors,andshoulddemandnotonlylinespeedanalyticsformassivepipes,butalsosupportforSDNandNFVinitiativesthatwillrequireanalyticsasSDNapplicationsbetweenvirtualworkloads.AdviceforSecurityTechnologyVendorsNetworkmonitoringvendorsshouldrecognizethatthepreviouscapacitysupportracewillbereplacedbyISPsandenterpriselookingmorefornetworkmonitoringpartnersthatcanflexiblysupportvirtualandhybridarchitectures.Therewillremainanichemarketthatdemandsthemorepowerfulhardwaresupport,butamuchlargermarketwillemerge,especiallyintheenterprise,thatwillprefervirtualizedappliancesincloudoperatingsystemsorSDNs.ListofSupportVendorsAllotCommunications–AllotCommunicationsprovidesnetworkmonitoringoptimization,monetization,andsecuritysolutions.APCON–Oregon-basedAPCONoffersnetworkmonitoringandoptimizationsolutionsfordatacenters.ArborNetworks–ArboroffersaplatformformonitoringnetworktrafficvolumeandconditionsrelatedtoDDOS.AT&T–AsAT&Tvirtualizesitsnetwork,uniqueopportunitiesariseforSDN-basednetworkmonitoringsolutionsforsecurity.AttivoNetworks–AttivoNetworksprovidesdeception-basedattackdetectionandpreventionfornetworkmonitoring.Symantec–ThroughacquisitionofBlueCoat,Symantecsupportsproxy,networkanalysis,andrelatednetworkmonitoring.BluVector–TheMcLean-basedfirmoffersanadvancedthreatdetectionandnetworkmonitoringplatform.BradfordNetworks–BradfordNetworksintegratesNACwithlivenetworkconnectionsviews.Cisco–TheacquisitionofLancopeintroducestheStealthWatchnetworksecurityanalyticstoolintotheCiscosuite.Sophos–ViaacquisitionofCyberFlowAnalytics,Sophosobtainedsecurityanalyticsfornetworksecurityanomalydetection.Fidelis–TheFidelisXPSsystemanalyzesnetworktraffictodetecttoolsandtacticsofadvancedattackers.FireEye–FireEyeprovidessolutionsfordetectionofadvancedattacksusingthesignature-lessMVXengine.Flowmon–LocatedintheCzechRepublic,Flowmonoffersnetworkmonitoringandsecuritysolutions.FlowTraq–FlowTraqprovidesnetworkflowanalysis,monitoring,andanomalydetectiontosupportnetworkforensics.Gigamon–TheGigamonplatformsupportsforensics,visibilityintoencryption,andthreatdetection.GreeNetInformationService–HeadquarteredinChina,GreeNetofferstrafficinspectionfornetworkmonitoringandsecurity.IntelSecurity(McAfee)–TheMcAfeeAdvancedThreatDefensesolutiondetectsstealthyattacksandgeneratesintelligence.IronNetCybersecurity–IronNetoffersadvancednetworkanalytictoolsthatmonitorpacketsatveryhighlinespeeds.Juniper–TheJuniperSecurityIntelligenceCenterisintegratedintotheSRXSeriesGatewaystosupportnetworksecurity.ManageEngine–ManageEnginesupportsnetworkbehavioranomalydetectionthroughnetworksecuritymanagement.Napatech–Napatech,locatedinDenmark,supportscapturing,processing,andmonitoringoftrafficforrealtimevisibility.NIKSUN–NIKSUNincludescapabilityintheirproducttomanagecaptureandanalysisatveryhighnetworkcapacityrates.NovettaSolutions–Novettaprovidesanadvancednetworksecurityanalyticsplatformthatdeliversactionableinsights.PacketSled–PacketSledoffersanext-generationnetworksecuritytoolforprovidingcontinuousmonitoring.Plixer–LocatedinMaine,PlixerprovidessolutionsforNetFlowcapture,deeppacketinspection,andlogdatareplication.Qosmos–TheFrenchfirm,Qosmos,offersaplatformforcollectingnetworktrafficformanagementandsecurity.RISCNetworks–TheCloudscapesolutionfromRISCNetworksoffersITandnetworksecurityanalytics.RSA–RSASecurityAnalyticssupportsenterpriseandnetworksecuritymonitoringandattackdetection.Savvius–California-basedSavviusoffersarangeofnetworkmonitoringandsecuritysolutionsoftware.SolarWinds–Inadditiontoperformance,application,anddatabasemonitoring,SolarWindsoffersITsecuritysolutions.TrisulNetworks–Trisuloffersarangeofmulti-layerstreamingnetworkanalyticstoolsforcustomers.Verizon–Verizon’snetworkinfrastructurevirtualizationsupportsSDN-basednetworkmonitoringforsecurity.
Zscaler–ZscalerprovidesWebsecuritybasedonanextensivenetworkofgatewayproxysolutions.Control15:SecureFileSharingSecurefilesharinginvolvestheplatformsandtoolsrequiredfordifferententitiestosend,receive,andusefileswithoutintroducingthreatssuchasunauthorizeddisclosureormodification.Mostsecurefilesharingmechanismstodatehavebeenencryption-based,oftenintegratedwithemail,andthisremainsanimportantunderlyingtechnology.Somesecurefilesharingispurelyend-to-endandover-the-topwithrespecttotheunderlyingnetwork.Othermeansinvolveintermediariesthatutilizesecurenetworkprotocolssuchassecuresocketslayer(SSL)toensuremutualsecrecy.Themajortrendinsecurefilesharingispubliccloudusagewithmobiledeviceaccess.Thisisatidalwavehittingthisaspectofcybersecurity,andanyvendorsupportingsecurefilesharingmustincludeaclearstrategyforco-existencewithcloud.Anothermajortrendinvolvessecuremachine-to-machinesharinginIoTenvironments,perhapsthemodernequivalentoftraditionalelectronicdatainterchange(EDI)systems.GeneralOutlookThegeneraloutlookforsecurefilesharinginvolvestransitionfromlight,exception-baseduseofsecurefilesharingtoolstoheavier,perhapsevenroutineuseofsecuresharingmethods.Thisincreasetrackstheincreaseddistributionofworkerswhichchangescollaborationandsharingfromlocalareanetwork-basedtrusttoremotesharing.Securefilesharingtoolsarealsoundergoingadramatictransitionfrommorestand-aloneproductsintheenterprisetosolutionsthatwillbeembeddedinpubliccloudandXaaSofferings.Firstgenerationsecurefilesharingfrom1998to2007involvedencryptionandsomeuseofunderlyingsecureprotocolstopatchtogethersolutionsforpeopletosharefilessecurely,butusuallyonlyasexceptionstothenorm.Secondgenerationsecurefilesharingfrom2007to2016increasecapability,includingeasiercryptotools,andintroducedearlysupportforhybridcloud.Third-generationsecurefilesharing,from2016to2025,shouldexpecttoexperienceaclouddominantarchitecturewithembeddedsharingcapabilities.Thegoodnewsisthatexception-basedsecuresharingwillbereplacedwithdefaultsecureoptions.
Figure15.2018SecureFileSharingOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,asthetransitiontocloudisalreadywellunderway–evenforcurrentbuyersofsecurefilesharingtechnology.Nevertheless,thereisstillmuchtodoacrosscloudinfrastructureformostInternetuserstoproperlyaddressthreats.Consider,forexample,howyoumightsharesensitiveinformationwithabusinesspartnertoday.Youmightattachthefiletoanemail,andperhapspasswordprotectit.Similarly,youmightdropthefileintoacloudservicesuchasBoxandmaybetextoverapassword.Theseareweakmethodsthatwillundoubtedlyimprove,andthecollisionwiththeexistingsecurefilesharingsolutionmarketplacewilloccurquickly.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsareadvisedtotakeacompleteandaccurateinventoryofcurrentfilesharingmethodsacrossthebusiness.Mostwillfindavarying,perhapsadhocrangeofdifferentapproaches,withpoorcorrelationtoactualbusinessrisk.Nowisthetimetofixthis,sincethesecurefilesharingsolutionsavailableincloud-based,XaaSwillbeexcellent.Existingsecurefilesharingvendorswillalsostepuptheirgameandimprovetheirmethodsconsiderablytohopefullywardoffthethreatofcloudsharing.ThisisanexcellenttimeforCISOteamstoinvestigateandplanbetterapproachesinthisarea.AdviceforSecurityTechnologyVendorsSecurefilesharingvendorsshouldrecognizethatthecloudrepresentsanexistentialthreattotheirbusinessiftheydonotcurrentlyincludeaclearroadmaptomobility-enabled,cloudaccessiblesharingservices.Thegoodnewsisthattheentireecosystemaroundsecurefilesharingwillgrowdramatically,soitisagreattimetobeacapablevendorinthisarea.StubbornvendorswhoexpectbuyerstouseproprietaryOTTsolutions,however,mightfindthattheirgrowthbecomesstymiedinthiscomingdecade,soheedourwarningnow:Begintovirtualizeyoursecurefilesharingsolutionsintothecloudtoday,ifyouhavenotalready.ListofSupportVendorsAccellion–Accellionprovidesrangeofsecurefilesharingcapabilitiesforitsenterprisecustomers.AmazonWebServices(AWS)–AWSofferssupportforenterpriseandindividualfilesharingandcollaborationcapabilities.ANX–Southfield-basedANX,recentlyacquiredbyOpenText,offersmanagedcomplianceandcollaborationsolutions.Apple(iTunes)–AppledeviceandcontentservicesoniTunesincludessupportforfilesharingandcollaboration.AuthenticaSolutions–Authenticasupportsdatamanagementsolutionsforacommondatastoreacrosseducationaldistricts.Autotask–ThroughacquisitionofSoonr,Autotaskprovidesacloud-basedsecurefilesharingsolutionforenterprise.AvePoint–AvePointspecializesinsecurityandcomplianceofMicrosoftenterprisesolutionsincludingSharePoint.Axway–AxwayprovidesrangeofsecurefilesharingcapabilitiesforenterprisecustomersincludingsupportforcloudAPIs.Biscom–Biscomprovidesarangeofsupportforsecurefiletransferoflargeandconfidentialfiles.Blackberry–TheacquisitionofWatchdoxprovidesBlackberrywithanexcellentsecurefilesharingsolution.BoldonJames–BoldonJamesoffersdataencryptionandclassificationinsupportoffileprotectionviasharing.Box–Boxcloudstorageservicesincludearangeofworld-classsupportforfilesharingandcollaboration.Brainloop–Brainloop,locatedinGermany,providessecurecollaborationandcontrolwithexternalpartners.Cisco–ThroughacquisitionofPawaa,Ciscoofferssecureon-premise,encryptedfilesharingcapabilities.Citrix–ThevirtualizationcompanylocatedinFloridaandCaliforniaofferssharingviaitsworkspace-as-a-servicesolutions.CloakLabs–CloakLabsprovidesend-to-endencryptionofapplicationdatafromtheenterprisetopartners.Comilion–IntegratedintoDell-EMC,Comilionprovidesarangeofdecentralizedsolutionsforsecurecollaborationandsharing.ContentRaven–ContentRavenprovidescloud-basedsolutionsforprotectingthedistributionoffiles.Covata–AustralianfirmCovataofferscustomerswithencryption-basedsecurefilesharingsolutions.
Covertix–Covertixprovidesarangeofencryptionrightsmanagedfilesecurityprotectionsolutions.Deep-Secure–Deep-Secureprovidesacybersecurityguardsolutionfororganizationstosecurelyshareinformation.Dell-EMC–ThroughSyncplicity,EMCprovidesvariousmeansforsecurelysharingandsyncingfilesforbusiness.EgressSoftwareTechnologies–Egressoffersmanagedfiletransferwithencryptionandothersecurityfeatures.Exostar–Herndon-basedExostarincludessecurecollaborationalongwithidentityandsecurechainmanagementproducts.FinalCode–SanJose-basedFinalCodeoffersarangeofsolutionsforsecurefilesharingintheenterprise.GFISoftware–ThroughacquisitionofKerio,GFISoftwareoffersUTMandsecurecollaborationsolutionsfortheenterprise.Globalscape–SanAntonio-basedGlobalscapeoffersarangeofsecurefiletransferandsecureinformationexchangesolutions.Google–CloudandcomputingservicesfromGoogleincludesupportforenterpriseandindividualfilesharingandcollaboration.Hightail–FormerlyYouSendIt,Hightailprovidessecurefilesharingservicesforsmallbusinessandconsumerapplications.HoGo–NewHampshire-basedHoGooffersDRM-basedprotectionforsharingenterprisedocuments.HPE/Voltage–TheacquisitionofVoltagebyHPEobtainedencryptioncapabilitywithadvancedsecurefilesharingsupport.Huddle–Huddleprovidesanofferingthatsupportssecureteamcollaborationservicesinthecloud.IBM–CloudservicesfromIBMincludesupportforenterpriseandindividualfilesharingandcollaboration.Ipswitch–Massachusetts-basedIpswitchincludessecure,automated,managedfiletransferandsecureFTPsolutions.IRMSecure–IRMSecureprovidessecurityfordatausagecontrol,informationrightsmanagement,andsecureoutsourcing.JIRANSOFT–TheLosAltos-basedfirmprovidesanadvancedSaaSplatformforsecurestorageandcontrol.JSCAPE–JSCAPEprovidesanadvancedWeb-basedsolutionformonitoringsecurefiletransferapplications.LeapFILE–LeapFILEoffersbusinesssecurefiletransferservicesviaWebapplicationordesktopclient.LinomaSoftware–Linomaoffersarangeofcybersecuritysolutionsincludingsecurefiletransfer.Microsoft–MicrosoftsupportsenterprisehostedfilecollaborationwithSharePointandAzurecollaborationofferings.Mimecast–Mimecast,locatedintheUK,providesemailcloudservicessupportsecurity,archiving,andcollaboration.MobileIron–ThroughacquisitionofAverailin2014,MobileIronsecurescontentonmobiledevices.NC4–ThroughacquisitionofSoltra,NC4supportsopen,automatedintelligencewithSoltraEdge.nCryptedCloud–nCryptedCloudoffersencryption-baseddatasecuritysolutionsforsharingfilesinthecloud.NEXOR–UK-basedNEXORofferssecuritysolutionsforinformationexchangeandinformationassurance.Nexsan–NexsanoffersasolutioncalledTransporterthatenablesbusinessandgovernmenttoownandcontrolinformationOwlComputingTechnologies–Owloffersanadvanceddatadiodeforcross-domainsecuredatatransfer.Safe-T–IsraelifirmSafe-Tofferssolutionsformanagingsecuredataexchangebetweenbusiness,people,andapplications.Seclore–SecloreisanIndianfirmthatprovidescustomerswitharangeofsecurefilesharingservices.SecSign–SecSignTechnologiesprovidestwo-factorauthentication,encryption,andrelatedfilesharingcapabilities.Securitinet–Thesmallfirmprovidesarangeofcloud-basedcybersecuritysolutionsforbusinesseswithcriticaldata.Senditonthenet–SenditonthenetisafreeandsecurefiletransferandsharingserviceavailableontheInternet.SendSafely–NewYorkfirm,SendSafely,offerssecurefiletransferacrossazero-knowledgeplatformwithencryption.SendThisFile–SendThisFile,locatedinKansas,offersproductsforsecurefiletransfer.ShareVault–ShareVaultprovidesrangeofsecurefilesharingcapabilitieswithemphasisonMicrosoftSharePoint.SmartFile–SmartFileoffersarangeofsecurefilesharingservicesandFTPhostingforbusinesscustomers.SmartVault–SmartVaultisanon-linedocumentstorageandsecurefilesharingcapabilityforbusiness.Softlock–SoftlockoffersaSecureDataExchangesolutionforsecuredocumentandfileexchange.STEALTHSoftware–LocatedinLuxembourg,STEALTHSoftwareofferssecurityprotectionsforSharePointand.NETapplications.Surevine–TheUK-basedSurevineprovidesasecurecollaborationsolutionfortheenterprise.TeraDact–TheMinnesota-basedcompanyofferssecureinformationmanagementandsharingsolutions.TerbiumLabs–Thesmallcompanyoffersfingerprintingsolutionthatcandetectstolenintellectualproperty.ThruInc.–ThruInc.offersanenterprisefilesyncandsharingservicewithcloudstorageandsecuremanagedtransfer.TITUS–TITUS,locatedinCanada,offersarangeofsecurefilesharingandleakageprotectionsolutions.Tresys–TheTresyssecuretransferproductoffersdeepcontentinspectionandrelatedsecurityfeatures.TruSTAR–TruSTARprovidesananonymousmeansforsharingofthreatandvulnerabilityinformationwithacommunity.Varonis–TheNewYork-basedVaronisofferssolutionsfordatagovernanceviafilesyncandshare.Vaultize–VaultizesupportsenterprisesecurefilesharingthrougharangeofDRMsupportcapabilities.Vera–Vera,locatedinPaloAlto,offersasolutionforsecuringdataandfileswithenterpriseprotections.Votiro–TheIsrael-basedcompanyoffersvariousdatasecuritysolutionsincludingsanitizationtools.Workshare–TheUK-basedWorkshareofferssecurefilesharinganddocumentcollaborationtools.Control16:VPN/SecureAccess
Virtualprivatenetwork(VPN)/secureaccesssolutionsallowremoteentitiestosecurelyshareandcommunicateacrossaninsecurenetworksuchastheInternet,publicorhomeWiFi,orbroadbandmobile.MostVPN/secureaccesstoolsaredesignedforremoteteleworkerstoaccessanenterprisesecurelythroughagatewayestablishedattheperimeterDMZ.Thiscapabilityevolvedfromanexceptionaluse-case(e.g.,workclosureduetoweather)tothenormaleverydaycase(e.g.,peopleworking24/7includingfromhome,airports,andStarbucks).Everyoneknowsthattheenterpriseperimeterisdissolvinginlieuofmobility-enabled,publiccloudservices,sothecorrespondingconceptofaVPNforsecureremoteaccesswillshiftdramatically.Thisisnotnecessarilybadnewsforvendors,becausetheneedsecurecommunicationsoverinsecuremediawillremain,andperhapsgrow.Infact,thephysicalperimetergatewaywillgivewaytoadistributed,virtualsecureaccesscapabilitythatwilldefinethevirtualedgeofthenewenterprise.VPN/secureaccesssolutionprovidersarewell-positionedtotakeadvantageofthisevolutiontogrowtheirbusiness.Theyshouldusethispositioningtohelpmoveorganizationstostrongerformsoftwoorthree-factorauthenticationintheprocess.GeneralOutlookThegeneraloutlookforVPN/secureaccessinvolvestransitionfromweakauthenticationtostrongerauthenticationforservicesthatshiftfromenterprise-focusedremoteaccesstomobilityandcloud-focusedvirtualaccess.FirstgenerationVPN/secureaccesssolutionsfrom1998to2007supportedearlyteleworkbyemployeesandthird-partiesusingpasswordsandsometimestokensfor2FA.SecondgenerationVPN/secureaccesssolutionsfrom2007to2016sawgreatlyincreasedteleworkwithmassivegrowthinthird-partyaccessrequirements.Authenticationimprovedduringthisperiodwithmostenterprisesecurityteamsdemanding2FA.ThirdgenerationVPN/secureaccesssolutionsfrom2016to2025shouldexpecttoseetotalperimeterdissolutioninlieuofmobileaccesstovirtualizedservicesinhybridcloudarrangements.Strongerformsof3FAwillemerge,perhapsusinghardware-basedcredentialsexportedfromtrustedexecutionenvironments.
Figure16.2018VPN/SecureAccessOutlook
TheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,giventhecleardirectionofperimeterandcloudnetworking.ReadersareadvisedthatVPNsolutionsfromISPsforsite-to-sitecommunicationsovernetworkssuchasmulti-protocollabelswitching(MPLS)aredifferentfromremoteaccessVPNsolutions.MPLSisnotasecurityprotocolsincelabelsarenotrobust.ThisdoesnotprecludeMPLSservicesfrombeingsecure,ofcourse,butabusinessVPNisoptimizedtoflexibleoperationsratherthancybersecurityfromlabelseparation.Readersshouldalsonotethatweincludemanylighter,freeoptionsforVPN/remoteaccessinouranalysis,simplybecausethesesolutions–oftennotviewedasenterprise-grade–canbeenhancedtomeetbusinessrequirements.Buyersandvendorsareadvisedtokeepaneyeonthesesolutionproviders,becausethesavviersolutionofferingswillfindamarketinsomecloud-positionedenterprisebuyersinthecomingyears.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsareadvisedtobeginplanningforsupportofmoreflexible,hybridcloudfocusedsecureremoteaccessforemployeesandthird-parties.Wherepreviously,forexample,remoteaccessintotheVPNgatewaywasamandateforanyoutsourcedcontract,thenewapproachwillinvolvesharedworkloadsinmutuallyaccessiblecloudservicesthatnolongerenjoytrustedadjacencytootherenterpriseresources.ThisisbadnewsforAPTactors,butexcellentnewsforsecurityteams.Theshiftto3FAisadvisedaspartofthistransition,withbiometricsonthemobiledevice(e.g.,thumb),underlyingcertificateexchangeusingmobiledevicemanagement,andauser-managedpasswordprocessasgoodoptions.Adaptiveplatformswillhelptofine-tunethistotheremoteaccessrisksituationforagivenaccessrequest.Thisisabigshiftfromexistingapproaches,soenterpriseteamsshouldbegintheirstudy,testing,andvendorinterviewsnow.AdviceforSecurityTechnologyVendorsVPN/secureaccessvendorsshouldrecognizethattheyhavethebadnews/goodnewsscenarioofadramaticallymeltingexistingperimeter-basebeingreplacedwithamassivenewopportunitytosupportvirtualremoteaccesstocloud-basedworkloadsoverinsecurenetworks.Vendorswhorecognizethisincredibleopportunitytobecomeanewprimarycontrolforvirtualenterprisewillthrive.StubbornvendorswhocontinuetopushVPNgatewayhardwareappliancesforDMZusagewillseefreefallinrevenueinthecomingyears.Vendorsmustalsoacceptthatthenextgenerationemployeeandpartnerwilluseamobiledeviceformostapplications.PCswillnotgoaway,butsecuritysolutionsshouldbedesignedmobile-first,andPC-second.ListofSupportVendorsAirVPN–AirVPNprovidesaVPNbasedonOpenVPNandoperatedthroughcommunityinvolvement.AnchorFree–MountainView-basedAnchorFreeprovidesVPNsolutionsforsecureWebbrowsing.Anonymizer–SanDiego-basedAnonymizerprovidesapersonalVPNserviceforprivateInternetaccess.AT&T–Thecarriercandesignremoteaccesssolutionsforbusinesscustomerswithsupportfortwo-factorauthentication.BarracudaNetworks–BarracudaoffersanSSLVPNclient-lesssolutionforsecureaccessviaaWebbrowser.Bomgar–BomgarofferssecureremoteaccessthroughfirewallswithouttheneedforaseparateVPN.Celestix–Fremont-basedCelestixprovidessecureremoteaccessconnectivitytocloudanddistributedoffices.CipherGraph–ThePleasantonfirmoffersarangeofsecurecloud-basedVPNsolutionsforitscustomers.Cisco–CiscoprovidesitsAnyConnectSecureMobilityClientfor“perapp”VPNsupportandsecureendpoint.
Clavister–HeadquarteredinSweden,ClavisterprovidesarangeofnetworksecuritysolutionsincludingVPN.CyberGhost–CyberGhostprovidesdownloadablesoftwareinsupportofon-linesecurebrowsingtoavoidbehaviortracking.Cyxtera–Cryptzone,partofCyxtera,offersagatewaysolutionforsecureaccesstotheenterprise.F-Secure–F-SecureofferstheFreedomeVPNsolutionforWindows,OSX,iOS,andenterprisebusiness.Hideman–HidemanallowsunblockingofWebsites,hidingIPaddresses,andremovalofsurfinglimits.Huawei–ThelargeChinesenetworkingfirmoffersarangeofnetworksecurityproductsincludingsupportforremoteaccess.IBM–IBMoffersitscustomerstheIBMMobileConnect,afullyfeaturedwirelessvirtualprivatenetwork.IPVanish–IPVanishoffersasolutionthathidesIPaddressesduringsurfingandotheronlineresources.Juniper–Thelargenetworkingfirmoffersarangeofnetworksecurityproductsincludingsupportforremoteaccess.NordVPN–NordVPNoffersanapplicationforanonymoussurfingwithnocustomerusageloggingpolicy.PrivateInternetAccess–PrivateInternetAccessoffershigh-speedanonymousVPNservicesforInternetaccess.PureVPN–PureVPNdeliversafastVPNservicewithflexiblesupportforonlineprivacyandsecurity.OpenVPNTechnologies–OpenVPNTechnologiesprovidesanopenVPNsolutiondeployableassoftwareorappliance.PulseSecure–PulseSecureoffersaccesscontrol,SSLVPN,andmobiledevicesecuritysolutionsfortheenterprise.SecureLink–TheAustin-basedcompanyoffersitsSecureLinkremotesupportnetworkforsecureremoteaccessbythirdparties.SohaSystems–NowapartofAkamai,SohaSystemsprovidesasecureaccesssolutionforthirdpartiesandemployees.Spotflux–Spotfluxoffersasecure,managedconnectiontotheInternetformobiledevicesanddesktops.SSH–TheFinland-basedfirmoffersSSHkeymanagement,privilegedaccesscontrol,andidentitysolutions.TorGuard–TheTorGuardproductincludesarangeofanonymousVPNservicesinsupportofendusersecurityandprivacy.Tunnelbear–TunnelbearoffersamobileVPNsolutionthatisdesignedtounblockandsecurewebsites.Uniken–LocatedinFlorida,Unikenoffersarangeofsecurevirtualprivatenetworkingsolutions.Verizon–Verizonoffersremoteaccessservicesolutionsforbusinesscustomerswithsupportforstrongauthentication.VyprVPN–VyprVPNoffersasecureVPNthatexecutesonWindows,Mac,andothercomputeplatforms.ZenMate–TheGermancompanyoffersaprivacyandsecurity-enhancedbrowserforvirtualnetworking.Control17:Anti-MalwareToolsAnti-malwaretoolsaredesignedtoprevent,detect,andmitigatemalwareoncomputers.Earlyanti-virussoftwareemergedovertwodecadesagotoaddressthegrowingproblemofTrojanhorsesoftwareinearlyPCs.Thisevolvedgraduallyintotoday’scomplexprotectionsystemsthatusethebestavailablestaticanddynamiccomputinganalyticstoreducetheriskofpotentiallymalicioussoftwareoncomputers.Thepureuseofsignaturestodetectmalwarehasbeenlargelydiscredited,butthebestvendorshavebeencarefulnottotossthebabywiththebathwater.Signature-basedsolutionsremainuseful,albeitinthecontextofpowerfulbehavioralanalyticsthatdetectandpreventthepresenceofmalwarethroughobservationalheuristicsinrealorvirtualcomputingenvironments.Theexpansionofanti-malwaretomobilityhasalreadyoccurred,butthenextbigfrontieristhemyriadofIoTandICSdevicesthatpossessunique,oftenproprietaryrun-timesystemsintowhichmalwarecouldbeintroduced.Whilesuchsystemsoftendonotscalesufficientlytosupportgeneralizedcommercialanti-malwaredevelopment,theirfrequentlycriticalmissioncouldeasilyjustifytheworktodevelopaspecificattack.GeneralOutlookThegeneraloutlookforanti-malwaretoolsinvolvestransitionfromsignature-basedanti-virussoftwaretoadvanceduseofbehavioralanalyticstoaddressmalware.ThistransitionalsoinvolvesgradualshiftfromsoftwareforPCsandserverstocapabilitiesfocusedonmitigatingmalwarefromenteringvirtualizedworkloads.Firstgenerationanti-malwaretoolsfrom1998to2007involvessignificantgrowthofdeploymentforpuresignature-basedsoftwareonPCstochase(unsuccessfully)thegrowthofnastyvariants.Secondgenerationanti-malwaretoolsfrom
2007to2016sawadepressedmarketwithbuyersdissatisfiedwiththeresults,whichallowedoffensiveactorstoeasilyevadedefenses.Someearlybehavioralanalytictoolsemergedinthisarea,butnotenoughtoslowdownamassivedepressioninthisareaofcybersecurityforbothhomeandbusinessuse.AnyPCorserveradministratorduringthisperiodwouldlikelyexplainthattheirantivirussoftwaredoesnotwork,andthishaddirebusinessconsequencesforsomeofthelargerplayersinthisarea.McAfee,forexample,experiencedbumpytimesduringthissecond-generationperiodaspartof(andthennolongerpartof)Intelandaspartof(andthensometimesnolongerpartof)theenterprisearchitecture.(ThegoodnewsisthatMcAfeeremainscapableandwell-managed,andwillexperiencesuccessahead.)Thirdgenerationanti-malwaretoolsfrom2016to2025shouldexpecttoseeaconsiderableresurgenceinuseduetogreatlyimprovedanalyticsandevensignatures.Techniquesthatwillcontributetothegrowthrenaissanceofanti-malwareinthecomingperiodwillincludecloud-basedthreatintelligenceanddramaticallyincreaseduseofautomationintheformofmachinelearning.Thisshouldhelpdriveanti-malwaretoolsbackintothegrowthcolumninthecomingdecade,andthisisgoodnewsfortheindustry.
Figure17.2018Anti-MalwareToolOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,sincetheresurgenceofanti-malwarehasalreadybeguntooccur.ThedrivetonewtypesofprotectiontargetsisalsoquitelikelysinceIoT,industrialcontrolsystems,andcloudworkloadswillallneedsomeformofmalwareprotections.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsareadvisedtoperformathoroughreassessmentofcapabilitiesinthismarket,andshouldbecertaintoincludethetraditionalanti-virusvendorsintheirwork.Theoldvendorsyouthrewoutacoupleofyearsago,mightbedoingworkthatissimilartothenewonesyoubroughtin.Thisdoesnotimplyshortcomingsinthenewervendors–quitethecontrary.Instead,thisentirefieldisgettingbetter,andbuyersshouldmakecertaintotakefulladvantage.Abigchallengeisthattheendpointsecurityandanti-malwaremarketshavelargelymerged,whichisahugemistakeforvendors.Detecting,preventing,andmitigatingmalwareis
moregeneralthanendpoints,andwillbeneededsoonforcloudworkloadprotection.Thiscouldturnouttobethebiggestanti-malwaremarketever.AdviceforSecurityTechnologyVendorsAnti-malwarevendorsshouldimmediatelyseparatetheirendpointsecurityandanti-malwarebusinessfocus.Botharevalid,buttheconcernsaredifferent.Excellentanti-malwarecapabilityshouldgeneralizetocloudworkloads,containers,industrialdevices,servers,virtualmachines,andevenlargerentitiessuchascloudsandnetworks.TheintroductionofSDNandNFVwillofferahugenewopportunitytoextendanti-malwaresolutionstodatacentercontrollers,WANcomponents,andnetworkdevices,allofwhicharebeingredefinedassoftware.Vendorsarealsoadvisedtointegratethebestavailabletechniquesincludingbothstaticanddynamic,localandcloud,andcompile-timeandreal-timeprotections.ListofSupportVendorsAdvancedSystemCare–AdvancedSystemCareoffersPCtoolsforprotection,optimization,andotherfunctions.Agnitum–AgnitumoffersitsOutpostSecuritySuitewithPCanti-virusandInternetsecuritytools.AhnLab–AhnLabisaSouthKoreanfirmthatoffersV3Internetsecuritytoolsforbusinessendpointprotection.AntiyLabs–TheChinesecompanyoffersanadvancedanti-virusSDKengineandanti-virusservice.AppGuard–BlueRidgeNetworksoffersitsAppGuardanti-malwareandassociatedInternetsecuritytools.Ashampoo–AshampooofferscustomersastandardsetofPCanti-virusandInternetsecuritytools.Avast–CzechRepublic-basedAvastoffersstandardfreeandupgradedPCandmobileanti-virusandInternetsecuritytools.AV-Europe–TheNetherlands-basedfirmdistributesvarioussecurityproductsincludinganti-virusandInternetsecurity.AVG–Netherlands-basedfirm,AVG,offersfreeandupgradedPCanti-virusandInternetsecuritytools.Avira–GermanfirmAviraoffersarangeoffreeandupgradedPCanti-virusandInternetsecuritytools.Bitdefender–Bitdefender,headquarteredinRomania,offersarangeofstandardPCanti-virusandInternetsecurityproducts.BullGuard–TheUK-basedfirmoffersthestandardsetofPCanti-virusandInternetsecuritytools.ClamXav–ClamXavoffersApplecustomerswithasuiteofMac-basedanti-virusandInternetsecuritytools.Comodo–Comodooffersthestandardsetoffree,downloadablePCanti-virusandInternetsecuritytools.CrowdStrike–CrowdStrikeincludesanti-malwaresolutionsinitsextensiverangeofcybersecurityandresponsesolutions.Cylance–CylanceusesadvancedmachinelearningandAItodetectmalwareincomputingendpoints.Dr.WebLtd.–Dr.WebLtd.isawell-knownRussiananti-virusandInternetsecurityfirmofferingawiderangeofsolutions.Emsisoft–Emsisoft,headquarteredinAustria,offersitscustomerasuiteofanti-malwareandInternetsecuritytools.eScan–eScanoffersitscustomersastandardsetofPCanti-virusandassociatedInternetsecuritytools.ESET–ESETisawell-knownglobalcybersecuritycompanythatoffersrangeofPCanti-virusandInternetsecuritytools.FireEye–FireEyehelpedinventtherun-timevirtualdetectionofmalwarethroughsafedetonation.FixMeStick–FixMeStickisavirusremovaldevicetocleaninfectionsfromuserpersonalcomputers.Fortinet–FortinetincludesfreePCanti-virusandInternetsecuritytoolsinitsFortiClientoffering.F-Secure–F-Secure,locatedinFinland,offersonlinePCscanningandsecuritytoolsforhomeandbusinessuse.GData–GermancompanyGDataofferscustomerastandardsetofPCanti-virusandInternetsecuritytools.GFISoftware–TheLuxembourg-basedfirmprovidesarangeofITsecurityproductsandservices.Google–TheVirusTotalfreeresourcefromGoogleallowsresearcherstohelpidentifyandunderstandtheirmalware.HitmanPro–HitmanProfromSurfRightintheNetherlandsoffersstandardsetofPCanti-virusandInternetsecuritytools.HummingHeads–LocatedinJapan,HummingHeadsprovidesanti-virusandInternetsecurityproducts.IkarusSecuritySoftware–TheAustrianfirmoffersarangeofviruspreventiontoolsformobilityandcloud.INCAInternet–TheSouthKoreanfirmprovidesarangeofPCsecuritysolutionsincludinganti-virus.Intego–IntegooffersarangeofPCanti-virusandassociatedInternetsecuritytoolsforAppleMacusers.IObit–IObitoffersarangeofAppleMacperformanceandsecuritytoolsincludinganti-virussoftware.Kaspersky–ThefirmoffersstandardsetofPCanti-virusandInternetsecuritytoolsforhomeandbusiness.Kromtech–KromtechoffersstandardsetofMacanti-virusandInternetsecuritytoolsforApplecustomers.Lavasoft–LavasoftoffersafreeAd-AwareproductthatincludesthestandardsetofPCanti-virusandInternetsecuritytools.Malwarebytes–Malwarebytesprovidesadvancedanti-malwaredetectionalgorithmsinitssecurityoffering.McAfee–McAfeecontinuestoprovideworld-classcapabilityforenterpriseanti-malwarecontrolledbyitsePolicyOrchestrator.Microsoft–MicrosoftSecurityEssentialsincludesthestandardsetofPCanti-virusandInternetsecuritytools.NetworkIntercept–TheLosAngeles-basedfirmoffersanti-malwareandkeystrokeencryptionforPCsandMacs
NormanSecurity–TheNormanSecuritySuiteincludesthestandardsetofPCanti-virusandInternetsecuritytools.Panda–SpanishfirmPandaofferscustomersastandardsetofPCanti-virusandInternetsecuritytools.Qihoo360Technology–TheChinesecompany’sproductQihoo360includesPCanti-virusandInternetsecuritytools.QuickHeal–QuickHealoffersthestandardsetofPC,Mac,andMobileanti-virusandInternetsecuritytools.SecureIT–SecurityCoverageoffersthestandardsetofPCanti-virusandInternetsecuritytoolstocustomers.Sophos–SophosoffersPCanti-virusandInternetsecuritytoolsforbusinesscustomers,includingitsSurfRIghtsolution.SUPERAntiSpyware–ThecompanyoffersRoboscan,Spybot,andSUPERAntiSpywareanti-virusandInternetsecuritytools.Symantec–Symantecprovidesendpointanti-malwaredetectionsolutionsbasedonthefamousNortonanti-virussuite.ThirtySeven4–ThirtySeven4offersPCanti-virusandInternetsecuritytoolsforschools,universities,business,andhome.ThreatTrackSecurity–ThreatTrackofferscustomersthestandardsetofPCanti-virusandInternetsecuritytools.TopsecScience–TheChinesecompanyoffersanti-malwaretoolsaspartofitssuiteofsecurityproducts.TotalDefense–LocatedinNewYorkState,TotalDefenseoffersanti-malwaresolutionsforPCsandmobiles.TrendMicro–TrendMicrooffersafullrangeofadvancedPCanti-virusandInternetsecuritytools.TrustGo–TrustGo,partofBaidu,offerscustomersafullsetofmobileanti-virusandInternetsecuritytools.Trustlook–HeadquarteredinSanJose,Trustlookoffersarangeofanti-virusandanti-spywaresolutions.TrustPort–TrustPortfromtheCzechRepublicoffersarangeofanti-malwaresecuritytoolsforhomeandenterprise.Valt.X–Valt.Xoffersitscustomersarangeofadvanced,non-signature-basedanti-malwaretools.VoodooShield–ThecompanyofferstheVoodooShieldsuiteofanti-virusandInternetsecuritytools.Webroot–Webroot,headquarteredinColorado,offersstandardsetofPCandMacanti-virusandInternetsecuritytools.ZoneAlarm–ZoneAlarmincludesPCanti-virusandInternetsecuritytoolsinitsrangeofsolutionofferings.Control18:EndpointSecurityEndpointsecurityisacrowdedplaceinourcybersecuritymarket,andperhapsforgoodreason.SinceallpersonalandbusinesscomputingusagebeginswithaPC,tablet,ormobile,theendpointprovidesanintimateenvironmentforvendorstooffervisiblecybersecuritysupport.Humanbeingscanseeanddirectlyexperienceendpointsecuritycontrols,andthiscreatesanirresistibleurgeforvendorstodevelopsolutionsinthatarea.Therangeofendpointsecuritysolutionsspanswidelyfromremaininganti-virussolutionstoadvancedmoderncontainerprotections.Thespacealsoincludesawiderangeofalgorithmicprotectionsfromsimplesignaturestoadvancedartificialintelligence,soitisoftendifficulttoplacethesesolutionsinthesamecategory.EventheenterprisemanagementofendpointsecuritysolutionsrangesfromproprietarytoolswiththeirownconsoletoadvancedproductsuiteswithAPIsthatallowforcomprehensiveintegrationintoanexistingenterpriseenvironment.Thecommonthemeforallendpointsecurity,however,willbenear-termconsolidation–andthisincludesformoreadvancedendpointssuchasIoTdevices,ICScomponents,andvirtualmachines.Themarketistooscatteredandbuyersremainconfusedaboutwhattobuy,whattoignore,whattoreplace,whatworks,whatdoesn’t,andonandon.Sharingyourfavoriteendpointsecuritysolutionwithfriendsoverabeerin2017and2018hasbecomebizarrelylikesharingyourfavoriteWallStreetstock.Thiswilldissolveinthecomingyearsasendpointsecuritysolutionsconsolidateintocleaner,simplertoolsthatlightlyembedintoarangeofphysicalandvirtualendpointswithlittleregardfortheergonomicsoftheendpointusage.GeneralOutlookThegeneraloutlookforendpointsecurityinvolvestransitionfromsimplesecuritysoftwaretocomprehensive,integratedsecuritysolutions.ThefocuswillalsoshiftfromPCstoawiderangeofPCs,servers,mobile,IoTdevices,industrialcontrolsystems,virtualmachines,andonandon.Firstgenerationendpointsecurityfrom1998to2007involvedmostlyanti-virussoftware,
simpleencryptiontools,andearlydataleakageprevention(DLP)toolstoaddressthelightsecuritythreatofsimpleviruses.Secondgenerationendpointsecurityfrom2007to2016sawtheintroductionofmorebehavioralsecuritysolutionstoaddressamoreintensethreat.Containerizedendpointprotectionbecameanewtypeofsecuritysolutionduringthisera,andtechniquessuchascloud-basedendpointsecuritysupportemerged.Thirdgenerationendpointsecurityfrom2016to2025willseemoretypesofprotectionsolutions,includingisolatedbrowsing,whilealsoexperiencingmassiveconsolidationoftechniquesintocommonsuitesforendpoints.Thesenew,combinedsolutionswillbefullyintegratedintocloudsupportandwilltakefulladvantageofvirtualizationtechniques.
Figure18.2018EndpointSecurityOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookismoderate,becausetherearesomanymovingpartsinvolvedinthisaspectofcybersecurity.Endpointdevicescontinuetoexperienceinnovation,forexample,withsometypessuchashomegamingsystemsandset-top-boxes,havinghighlyunpredictablefutures.Onewouldexpecttosee,however,generichardwarewiththeabilitytovirtualizeoperationtowhateverisdesired.Thisimpliesthatinthefuture,yourrouter,gamingsystem,andirrigationcontrolwillprobablyallrunvirtuallyinacommoncloudoperatingsysteminstalledonthesamehardware.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsshouldfollowtwotracksintheirendpointsecurityprograms.Thefirsttrackshouldbefocusedonoptimizingnear-termsecuritysolutionsfortheirPCsandmobiles.Emphasishereshouldbeontheaccuracyandeffectivenessofthesecurityalgorithms(probablymachinelearningandartificialintelligence-based),aswellastheeaseofITmanagementforthesecuritysolution.Thesecondtrack,however,shouldcarefullyconsiderlonger-termissuessuchasconsolidatingseeminglydisparateendpointsolutionssuchasbehavioralanalytics,endpointdataleakageprevention(DLP),andcloudisolationofbrowsing.ThissecondtrackshouldbeapproachedasanR&Dactivity,andthebestCISOteamswillcreatesmalltestbedstoevaluateintegratedsolutionsforearlyadoption.Endpointsecurityisamatureenoughmarketthatearlyadoptersofintegratedprotectionsuitewillnothavetodealwithhighlevelsofrisk.The
integrationshouldberelativelysmooth,whichimpliesthatinthenextdecade,mostenterpriseuserswillseeshiftsandchangesintheirendpointsecurityprotection.Staytuned.AdviceforSecurityTechnologyVendorsEndpointsecuritysolutionvendorsmustlearnimmediatelytointegratetheirproductsandservicesintotheevolvingenterprise.Thisimpliesastrictfocusonopeninterfaces,platforms,andtools.ProprietaryanythinginthecomingyearsforendpointsecuritywillcreatebarriersforCISOteamstopurchaseandusetheproduct.Openwillbethebestapproach.Vendorsarealsoadvisedtoformallianceswithcomplementarysolutionprovidersinthesameendpointsecuritycategory.AI-basedsecuritytoolprovidersmight,forexample,formallianceswithcloudisolationvendors;similarly,containerizedsecurityprovidersmightformbusinessallianceswithDLPproviders;secureencryption-basedendpointsolutionprovidersmightformallianceswithhardware-assistedendpointprotectionproviders;andsoon.Thiswillprovidemomentumforarchitecturalconsolidationandwillhelpendpointsecurityvendorslearntointegratewithdiversecomputingecosystems.ListofSupportVendorsAbsoluteSoftware–CanadianfirmAbsoluteSoftwareprovidesendpointsecurityandmanagementsolutions.Arkoon–ArkoonmergedwithNetasqresultingintheStormshieldnetworkandendpointsecurityprotectionsolutions.Atomicorp–TheVirginiafirmoffersadvancedsecurityprotectionsforLinuxandWindowsservers.AT&T–ServiceproviderssuchasAT&Tmanagemobileendpointswithadvancedsupportforenhancedsecurity.Authentic8–Authentic8providessecure,authenticatedaccesstoWebappsthroughanisolatedsecurelycontainedbrowser.AutonomicSoftware–Autonomicprovidesendpointmanagementandsecurityplug-insintegratedwithMcAfee’sePO.Avecto–Avectocombinesprivilegemanagement,applicationcontrol,andsandboxingtoprovideendpointsecurity.Avira–Germananti-virusandInternetsecurityproviderincludesrangeofendpointsecurityprotections.Barkly–Boston-basedBarklyoffersendpointsecuritythatcollectsrealtimedatatopreventmalwareattacks.Beachhead–BeachheadprovidessubscriptionservicestosecureandmanagemobileandPCdevices.BlackDuckSoftware–TheBurlington-basedcompanyoffersarangeofapplianceandcontainersecurity.BlueRISC–LocatedinMassachusetts,BlueRISCprovideshardware-assistedendpointprotection.Bromium–Bromiumprovidesendpointsecurityprotectionproductsthatmakeuseofahardwareassistedsecuritycontainer.BUFFERZONE–IsraelifirmBUFFERZONEprovidesanendpointcontainersecuritysolutionforenterprise.Capsule8–Thestart-upcompanyoffersadvancedcybersecurityprotectionsforLinuxsystems.CarbonBlack–ThecorporatemergerofBit9withCarbonBlackcombinedthreatstrengthwithendpointcapability.CenterTools–TheDriveLocksolutionfromGermanfirmCenterToolsincludesDLPandencryption.CheckPointSoftware–CheckPointincludesendpointsecuritysolutionssuchasdiskencryptionforPCs.Code42–Minneapolis-basedCode42providesarangeofsecuredataprotectionsolutionsforendpointbackup.Confer–TheWaltham-basedcompanyoffersanendpointsenorthatprovidesearlywarningsofmalware.CoSoSys–CoSoSysprovidesDLP,devicecontrol,andmobiledevicemanagementwithemphasisonendpointsecurity.CounterTack–TheWaltham-basedcompanyprovidesanendpointprotectionsolutionforactiveretaliation.CrowdStrike–CrowdStrikeoffersitsadvancedthreatintelligence-basedendpointprotectionsolutionviaitsFalconplatform.CyberArk–TheacquisitionofCybertinelintroducedsignature-lessendpointsecuritytotheCyberArkofferset.Cybereason–Cybereasoncombinesendpointsecuritywithenhancedanalysistoolstoreducetheriskofattacks.Cylance–Cylanceoffersanadvancedendpointthreatdetectionproductusinginnovativemalwaredetectionalgorithms.Cynet–Cynetcollectsindicatorsandsupportsenterpriseanalysisfordetectionandmitigationofthreat.DeepInstinct–TheSanFrancisco-basedfirmprovidesintrusiondetectionsolutionsforendpoints.Dell–TechcompanyDelloffersendpointencryption,endpointmanagement,andcompliancesolutions.DeviceLock–LocatedinSanRamon,DeviceLockoffersarangeofendpointdeviceandportcontrols.DigitalGuardian–DigitalGuardianprovidesanendpointsecurityproductfordataleakageandadvancedthreatprevention.Druva–Sunnyvale-basedcompany,Druva,offersendpointsecuritysolutionstosupportdatagovernance.DtexSystems–DtexSystemsfocusesoninsiderthreatprotectionusingsecurityanalyticswithbehavioralpatterndetection.ESET–Traditionalanti-virusandInternetsecurityproviderESETincludesrangeofendpointsecurityprotections.FireEye–Thefirmoffersendpointsecurityprotectionstocomplementitsvirtualmalwaredetectionandresponsecapability.Fireglass–Thecompany,nowpartofSymantec,offersbrowserisolationtechnologyforendpoints.
Fortinet–FortinetincludestheadvancedFortiClientendpointsecuritysolutionforitsbusinesscustomers.GreatBaySoftware–TheMinnesota-basedfirmoffersendpointsecuritysolutionsfordiscoveryandmanagementofthreats.GuidanceSoftware–TheEncaseAnalyticsproductfromGuidanceSoftwareincludesEnCaseEndpointSecurityHeatSoftware–HeatSoftwareprovidesarangeofunifiedendpointmanagementtoolsincludingsecurity.ImpulsePoint–ImpulsePointfocusesonnetworkaccesspolicyenforcementandendpointsecurity.McAfee–McAfeecombinestraditionalendpointsecuritywithpopularePOdistributionsystemforenterprise.IntelligentID–TheOhio-basedfirmprovidesanadvancedendpointmonitoringandprotectionsolution.InterGuard–LocatedinWestport,InterGuardoffersemployee-monitoringUBAsolutionsfortheendpoint.iScanOnline–ThePlanofirmoffersarangeofendpointscanningandvulnerabilitydetectionproducts.itWatch–TheGermanfirmprovidesasuiteofITsecurityproductsincludingendpointprotection.Kaspersky–Russiananti-virusandInternetsecurityproviderKasperskyincludesarangeofendpointsecurityprotections.LightPointSecurity–LightPointoffersavirtualmachine-basedbrowsingsolutiontocontainmalware.Lumension–EndpointsoftwareandmanagementcompanyLumensionoffersarangeofdataprotectionsolutions.Malwarebytes–Malwarebytesoffersanti-malwareandcomplementaryendpointsecurityprotectionsintheiroffering.MenloSecurity–MenloSecurityprovidesagentlessendpointWebprotectionsthroughon-premiseorcloudbasedisolation.NPCore–LocatedinSeoul,NPCoreofferscustomersasuiteofnetworkandendpointsecurityproducts.nTrepid–TheHerndon-basedcompanyoffersafully-managedvirtualmachine-basedVDIsolutionforenterprise.OutlierSecurity–TheNevadafirmprovidesagentlesscybersecuritysolutionsforendpointanalytics.PaloAltoNetworks–PaloAltoNetworksprovidesanadvancedendpointprotectionsolutioncalledTraps.Panda–SpanishsecurityproviderPandaincludesarangeofendpointsecurityprotectionsforWindows,Mac,andAndroid.PFPCybersecurity–PFPprovidesembeddedintegrityverificationtechnologyforindustrialcontrolandotherendpointdevices.Promisec–Thecompanyprovidesanagentlesscloud-basedoron-premisesolutionforsecuringendpoints.QuarriTechnologies–Quarriincludesarangeofdataprotectionandarmoredbrowsingsolutionsforendpointcontrol.RedCanary–TheDenver-basedfirmoffersmanagedendpointsecurityprotectionstodetectadvancedthreats.Safetica–CzechfirmSafeticaoffersitscustomerswitharangeofendpointsecuritywithDLPcapabilities.SentinelOne–SentinelOneisastart-upthatprovidesnext-generationendpointprotectionproductsusingpredictiveinspection.SertintyONE–TheNashville-basedcompanyprovidesSmartDATA,whichcomplementsendpointsecuritysolutionsdirectly.SirrixAGSecurityTechnologies–LocatedinGermany,thecompanyoffersendpointsecurityandtrustedVPNsolutions.SkyRecon–SkyRecon’sendpointprotectionplatformcalledStormShieldofferingsuiteofsecurityfeatures.Sophos–ThroughacquisitionofInvincea,Sophosobtainedanadvancedendpointsecuritycontainersolution.Spirion–NewYork-basedIdentityFindersearchescomputersincludingendpointsforsensitiveinformation.Symantec–SymantecincludesendpointsecuritythatwillbecomeintegratedwiththeBlueCoatportfolio.Tanium–Taniumprovidesultra-fastendpointscanning,analysis,anddiscoverythroughefficientqueries.ThreatTrack–GFIspin-offThreatTrackincludesarangeofAPTdetectionandpreventionsolutionsfornetworksandendpoints.TrendMicro–TraditionalAVproviderTrendMicroincludesarangeofendpointsecurityprotections.TrustedKnight–Thecompanyprovidesbrowsersecurityprotectionsincludingkeystrokeloggingprevention.Trustpipe–Trustpipeofferscustomerswithanadvancedendpointsecurityanalyticsandprotectionsolution.Wave–WaveprovidestheSafendProtectorforendpoints,whichusesencryptiontosafeguarddata.Webroot–Webrootoffersendpointanti-malwaresolutionswithrelatedInternetsecuritycontrols.Ziften–Austin-basedZiftenoffersadvancedendpointsecuritysolutionswithenterprisesecurityanalyticssupport.Control19:Hardware/EmbeddedSecurityTheuseofhardwareandembeddedsecurityforcyberprotectioninvolvesrelianceonphysicalcomponentrytoreducerisk,increasetrust,andpreventmaliciousattackstocomputingandnetworkingsystems.Relianceonhardwareandembeddedsecurityhasexperiencedclearreductioninemphasisduringthepasttwodecadesassoftwareandvirtualizedcontrolshavetakenovermuchoftheresponsibilityforcyberprotection.Thishascausedconsiderabledebate,especiallywithrespecttotheuseofhardwareandembeddedsecuritytomaintainprotectioninrapid,real-timecontextsthatrequirehighperformance.Networkmonitoringtoolsforlargenetworks,forexample,continuetorelyongoodhardwaretokeepupwithcapacityrequirements.Nevertheless,thetrendhasbeenclear,especiallyaslargernetworkgatewaysandsystemsarebeingdistributedandvirtualized.Thatsaid,arenaissancein
hardwareandembeddedsecurityisoccurring,albeitfromdifferentareasofcyberthantheconstructionofhardwareappliancesforperformance.Instead,arenewedemphasisonhardwareandembeddedsecurityisoccurringinIoTandICSprotection,aswellasintheunderlyingtrustedbaserequiredtosupporthighassurancecomputing.Thesetrendswillintroduceafreshnewemphasisonhardwareandembeddedsecuritywithrecognitioninthecommunitythatnoteverythingcanbetotallyvirtualized.Atsomepoint,moretangible,physicalcontrolsplayanimportantroleinthecascadingoftrustfromunderlyingplatformsallthewayuptoapplicationrequirementssuchasauthenticationandaccesscontrol.GeneralOutlookThegeneraloutlookforhardware/embeddedsecurityinvolvestransitionfromhighemphasis,downtomuchloweremphasis,butthenturningbackuptowardhigheremphasis,albeitindifferentareasthanthenoriginalfocus.Specifically,thechangewilloccurfromusinghardwaretodealwithincreasingcapacityneedstousinghardwareforincreasedassuranceandtrust,especiallyinIoTandICSsecurity.Firstgenerationhardware/embeddedsecurityfrom1998to2007involvedhardwareappliancesastheplatformbaseformostsecuritytools,especiallyinenvironmentswherenetworkandcomputingcapacitygrowthwasanissue.Secondgenerationhardware/embeddedsecurityfrom2007to2016involvedaclearshifttovirtualapplianceasnetworksegmentationandvirtualizationbegantoaccelerateindistributedenvironments.Suchdistributiontendedtosplitthecapacityrequirements,asinmicro-segmentation.Thirdgenerationhardware/embeddedsecurityfrom2016to2025shouldexpecttoseeamajorresurgenceinemphasisastheneedforunderlyingtrustedhardwarebasecomputingwillgrow.Arenewedfocusonunderlyingassuranceforapplicationssuchastrustedidentityfederationfromhardwaretoapplicationwillalsooccur.Clearly,embeddedsecurityforIoTandICSdevicesandsystemswillgrowsubstantiallyduringthisperiod.
Figure19.2018Hardware/EmbeddedSecurityOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookismoderatetohigh,giventheclearincreaseinemphasisonIoTandICSsecurityacrosstheentirecommunity.Usingtrustedexecutionenvironments(TEE)asthebasisforhighassuranceidentitycascadeandfederationisanawesomeidea,butitsadoptionremainssomewhattobedetermined.
AdviceforEnterpriseSecurityTeamsEnterpriseteamsareadvisedtocontinuetopushsecurityvendorstosoftware-defineandvirtualizetheirunderlyingplatforms,especiallyinthedatacenterandWAN.Concurrently,however,theyshouldbegintodemandhardware-based,underlyingtrustedexecutionsupportfortheirapplicationsbothintheenterpriseandacrosshybridcloudenvironments.ThisisnotaneasyrequesttomeetformostpubliccloudservicessuchasinAWSorAzure.Nevertheless,theneedtoplanthighassuranceandtrustintheunderlyinghardware,regardlessofthecomputingenvironment,willgrow.Theapproachformobilesisslightlysimpler,sinceTEEfunctionalityexistsinvirtuallyallmobiles.Thetrickinthenextdecadeisforenterprisesecurityteamstobeginusingthishighassurancecomputing.Obviously,ifanenterpriseteamworksinanIoTandICS-richenvironment,thentheemphasisonhardwareandembeddedsecuritywillcontinuetoincrease,solittleadditionaladviceisrequiredheretodrivehomethatpoint.AdviceforSecurityTechnologyVendorsAdviceforvendorsregardinghardwareandembeddedsecurityreallydependsontheirsituation.Formostvendors,thecontinuedpushtovirtualizeandsoftware-definetheirplatformsremainsanimportantconcern.Thiswillneithershiftnorslowdown.Yourcustomerdemandvirtualizedcapabilityandyouwillneedtodeliverinthismannerorriskgoingoutofbusiness.Thatsaid,anyopportunitytoembedacascadingtrustfederationpathfromtheunderlyinghardwareuptotheapplicationwillbewell-received,especiallyformobile.VendorsshouldtakethetimetoreviewanyopportunitiestointegratewithunderlyingTEEfunctionality,perhapstosupporthighassuranceidentitymanagement.ForvendorsinIoTandICSsecurity,theemphasisonembeddedsecuritywillgrow,aswillallotheraspectsofprotectionintheseareas.Futuredirectionsmightsortthemselvesout,butfornow,theideaofembeddingsecurityintoIoTorICSdevicesandsystemsatthehardwarelevelwillbeavalidandgrowingtechnique.ListofSupportVendorsAllegroSoftware–AllegromakessoftwareformanufacturerstoenablemachinestoembedontotheInternet.BlueRISC–Massachusetts-basedBlueRISCoffershardware-assistedendpointsecuritywithanti-tamperfeatures.DeviceAuthority–D-FactorisanauthenticationenginethatsupportstrustforIoTapplications.Gemalto–GemaltoprovidesarangeofdigitalsecuritysolutionsincludingSIMcard,NFC,andotherembeddedapplications.HIDGlobal–Thecompanyprovidesdevicesthatmanufacturesmartcardsandotherhardwareidentifiersandtags.IconLabs–IconLabsprovidesembeddedprotectionforIoTdevicesthatconnectviaModbusprotocol.Ingenico–TheFrenchfirmprovidesretailsecurepaymentandprotectionsolutionsformerchants.InsideSecure–InsideSecurityprovidesembeddedsecuritysolutionsformobile,contentprotection,secureaccess,andIoT.Intel–PlatformproviderIntelembedssecurityintoitsunderlyingtrustedexecutionprocessingandarchitecture.LynxSoftware–Lynxfocusesonprotectingrealtimeembeddedoperatingsystemsfrommalware.NagraID–LocatedinSwitzerland,NagraIDmakeshigh-endsmartcardsforidentityapplications.OberthurTechnologies–Thefirmincludesembeddeddigitalsecurityfortransactionsandotherfinancialapplications.PFPCybersecurity–PFPdevelopsphysics-basedendpointsecuritywithprocessorpowerconsumptionprotectionsforIoT.Rivetz–StevenSprague’scompanyRivetzprovidesandsupportunderlyingtrustedexecutionformobiles.Secure-IC–Secure-ICoffersarangeofsustainableembeddedtechnologiesthatsupportthreatprotection.SequiturLabs–Sequiturfocusesonhardwareandembeddedsecurityforarangeofadvanceddevicemanagementfunctions.SkyportSystems–FoundedbyWillEatherton,RobRodgers,andMichaelBeesley,Skyportprovidessolutionsforhardwareandembeddedsecurityinservers.Sypris–TheLouisville-basedfirmofferstrustedhardwaremanufacturingwithfocusoncybersecurity.TacticalNetworkSolutions–Thecompanyprovidesdigitalforensicsandanalysisofmemoryandfirmware.Trustonic–Trustonicdevelopsasecureenvironmentthatexecuteswithinsmartconnectedproductsanddevices.
UltraElectronicsAEPNetworks–Ultraprovideshardwaresecuritymodulesandcryptographichardwaresupport.Watchdata–LocatedinIndia,WatchdataoffersSIMcardsformobilewithcapabilitytosupportmobilepayment.Control20:ICS/IoTSecurityCybersecuritysolutionsforIndustrialControlSystem(ICS)andInternetofThings(IoT)infrastructureandapplicationsinvolvesthefunctional,procedural,andpolicy-basedprotectionsrequiredtoavoidmaliciousthreatstothesecriticallyimportantcapabilities.BothICSandIoTinfrastructureinvolvesthehardware,electronics,controlsystems,software,andnetworksthatmanage,monitor,orcontroltangible,physicalprocessesanddevices.ThesetangibleelementsthatcompriseICSandIoTrangefromcomponentsinmajoroperationssuchasbusinessfactoriesandnuclearpowerplantstomorewhimsicaldevicessuchaskitchenappliancesandhomevideorecorders.ThecommonelementisthattheassociatedcontrolsrangefromanalogordigitalsignalingatthehardwarelevelallthewayuptoadvancedsoftwarecontrolsoverIPnetworks.Thecybersecurityimplicationsofallthisinfrastructureareenormousandhavebeenneglected,whichmakesthisaspectofourindustryappearmuchliketheentireindustrylookedintheearly1990’s.Thatis,ICSandIoTsecurityarestillbeingexploredbybothoffenseanddefense.SomeframeworkshaveemergedsuchasthePurdueModelthathelpexplaintherangeofSCADAoptions,butthisisstillagreenfieldformostcybersecurityvendors.Expectthisareatotakemoreshapein2018andtobegintoblossomintooneofthemostvitalaspectsofcybersecurityinthecomingdecade.Virtuallyeveryaspectofthebestavailableprotections–rangingfromriskanalysis,toGRCtools,to2FA,toadvancedmachinelearning–willhavetoberecastinthecontextofICSandIoT.Thiswillcreatemassivegrowthopportunitiesforvendors,butalsobigredesigneffortsforpurveyorsofindustrialandIoTsystems.GeneralOutlookThegeneraloutlookforICSandIoTsecurityinvolvestransitionfromearlystand-alone,hardware-basedICSandIoTsystemstomorevirtual,cloud-basedprotectionsforICSandIoTsystems.Thiswillbecomplementedbytransitionfromthemyriadofspecial,proprietary,non-standardprotocolsandsystemsbeingusedtooperateandsecurityICSandIoTinfrastructure,tomoreopen,standards-basedICSandIoTprotections.Newsolutionssuchasunidirectionalgatewayswillbecomemorecommoninindustrialenvironments.Thesetrendstrackon-goingshiftsinthelargerindustry,sothisshouldcomeasnosurprisetoanyobserver.Theunderlyingtrendduringthisshiftfromfirsttothird-generationICSandIoTsecurityinvolvesgrowthfromtensofmillionsofdeployeddevicestotensofbillionsofdeployeddevices.
Figure20.2018ICSandIoTSecurityOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,sincethetransitionhasalreadybegunforthismassiveincreaseinsize,scope,andrelevanceofICSandIoT.Theshifttoopen,standard-basedtechnologyisslightlylesscertainsinceeffectivestandardsforsecuringindustrialandIoTdevicesandinfrastructurehavenotemergedtodate.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsworkinginICSandIoTenvironmentsmustdealwiththegrowingnumberofsecurityvendorsofferingsolutionsinthisarea.2018islikelyanexcellenttimetospendconsiderabletimeabsorbingandlearningthebestavailableapproachesfromthemostcapablevendors.Manyenterprisesecurityteamswillhavetocreatesub-groupsoridentifyindividualstospecializeinthiscomplexarea.Thiswillbemoreintense,obviously,fororganizationsthatdealspecificallywithindustrialorIoTdevices–andthisincludescarcompanies,telecommunicationscompanies,powerplants,defenseindustryparticipants,andanyassociatedgovernmentagencies.AdviceforSecurityTechnologyVendorsICSandIoTvendorsareadvisedtocarefullyexaminetrendsintheITsecurityspaceformajorhintsastothetypesofcontrolsthatwillbeneededinthecorrespondingOTsecurityspace.ThiswillleadtoanICS/IoTglobalofferingroadmapthatshouldmirror–albeitperhapssomewhattime-lagged–thedeploymentofnewtechnologiessuchasmachinelearning,adaptiveauthentication,andautomatedSOCcontrols.ThevendorspaceinICS/IoTwillnodoubtbecomequitecrowdedinthecomingyears,andrealvendorsofferingrealsolutionswillhavetoworkextrahardtodifferentiatethemselvesfrommoreconventionalcybersecurityvendorswhodecidetoadd“ICSandIoTsecurity”totheirmarketingmaterials.ListofSupportVendorsAllegroSoftware–TheMassachusetts-basedfirmoffersICS/IoTsecuritysolutionsforembeddeddevices.AT&T–AT&TintegratesICS/IoTproducttechnologyintoitsemergingSDNinfrastructure.BayshoreNetworks–BayshoreNetworksprovidesanapplianceforsecuringICSandIndustrialInternet.BerkanaResources–BerkanaisaSCADAintegratorofferingSCADAsecurity,compliance,andauditservices.Covisint–CovisinthasexpandedtosecureIoT,supplychain,andidentityandaccessmanagement.
CyberX–CyberXprovidessecuritysolutionsforprotectingindustrialInternetfrommaliciousattacks.DigitalBond–DigitalBondprovidesprofessionalserviceswithemphasisonSCADAandICSsecurity.Enet1Group–Enet1GroupprovidessecurityservicesinSCADA,criticalinfrastructure,andmobility.FireEye–FireEyeincludesarangeofICSsecuritysupportaspartofitsextensiveAPTprotectionportfolio.Fortinet–FortinetincludesICSsecuritysupportaspartofitslargerfirewallandgatewaysecurityportfolio.IBM–IBMincludesarangeofsecurityproductsolutionsforcompaniesintheICSandIoTspace.IconLabs–TheIowa-basedfirmprovidessecuritysolutionsforIoTviaportablesoftwareforembeddeddevices.Indegy–IndegyprovidessecuritysolutionsforprotectingindustrialInternetfrommaliciousattacks.InductiveAutomation–InductiveAutomationprovidesaWeb-basedandcrossplatformsolutionforSCADA.Innominate–GermanfirmInnominateprovidesindustrial,machinery,andrelatedICSsecuritysolutions.IOActive–IOActiveisaconsultingfirmwithexpertiseinhardwareandICSsystemsincludingsecurityprotection.Mocana–MocanaprovidesamobileapplicationsecurityplatformwithsupportforembeddedIoTdevices.MSI–ICSsecuritysolutionsfromMSIincludeprotectionsembeddedintheloweranaloganddigitallayers.NexDefense–NexDefenseisanexpertresourceoncybersecurityprotectionsforautomationandICSsystems.PFPCybersecurity–TheVirginia-basedfirmoffersembeddedintegrityverificationtoolsforIoTandotherdevices.Radware–Radware’srangeofcybersecurityproductsincludeindustrialcontrolsecurityprotections.RedTigerSecurity–RedTigerisaHouston-basedconsultingcompanywithexpertiseinindustrialsecurity.RubiconLabs–RubiconLabsprovidesasecurecommunicationsandkeymanagementsolutionforcloudandIoT.SCADAhacker–SCADAhackerprovidesarangeoftrainingandconsultingservicesforSCADAprotection.SecureRF–LocatedinConnecticut,SecureRFofferssecuritysolutionsforwirelesssystemsincludingNFCandIoT.Securicon–TheVirginia-basedfirmoffersarangeofsecuritysolutionsforSCADAandprocesscontrol.SecurityMatters–LocatedintheNetherlands,SecurityMattersoffersaplatformforsecurityprotectionofSCADA.Siemens–Thefirmofferssolutionsforenergy,automation,andothersectorswithICSsecuritychallenges.Sophos–SophosprovidestheCyberoamnetworksecurityapplianceswithsupportforICS/IoTsystems.Synopsis–WiththeacquisitionofCodenomicon,thecompanyfromFinlandcantestICS/IoTdevicesandapplications.Tenable–CybersecurityfirmTenablemarketsarangeofofferingsapplicabletoICS/IoTapplications.ThetaRay–ThetaRayprovidessolutionsfordetectingthreatsincriticalinfrastructureandindustrialsystems.TofinoSecurity–Tofino,adivisionofBelden,includesasecurityapplianceforindustrialnetworksecurity.Waterfall–TheIsrael-basedfirmprovidesadvancedunidirectionalgatewaynetworksecuritysolutionsforindustrialcontrol.WISeKey–WISeKeyprovidessecurity,authentication,andidentitymanagementsolutionsformobilityandIoT.Wurldtech–WurldtechisaGEcompanyfocusingoncybersecuritysolutionsforoperationaltechnology.Control21:MainframeSecurityMainframesecurityinvolvesthesystemadministrativeprotectionoftraditionalmainframecomputers,operatingsystems,applications,anddatasetsfromavarietyofcyberattacks.Thisisthesingle,mostmatureaspectofinformationsecurity,spanningfivedecades,buthasthedubiousdistinctionofbeingperhapstheleastwell-understoodaspectofmoderncyberprotectioninlargecompaniesandgovernmentagenciesthatstillincludemainframes.Itisbeyondthescopeofthisreporttoprovideatutorialonmainframesecurity,and99%ofreaderswouldskipthenarrativeanywayduetoboredom;butitisimportanttorecognizethattheskillsetrequiredtoprotectmainframesisdyingoff–literally.Ifyourunmainframes,thenthelikelihoodishighthatyourentireRACForACF2protectionteamislongpastretirementageandyouarebeggingthemnottoleave.Thisisagraverisktocompaniesinthissituationandmustnotbeignored.Sinceitisunlikelythatyournew-hirefromStanfordwillenjoyacceptingarolerunningz/OSaccesscontrols,youcaneitheracceleratemovingmainframeappstomoremodernvirtualinfrastructure,oryoucanselectagoodvendorpartnertohelpyouwithyourmature,mainframeinfrastructure.GeneralOutlook
Thegeneraloutlookformainframesecurityinvolvestransitionfrommoderatepercentagesofinfrastructuresecurityincludingmainframestoaverylowpercentageincludingthistypeofcomputing.Duringthesameperiod,thecostofmainframesecurityconsultingandserviceshasbeguntoincrease,simplybecausethecapabilityisbecomingscarce.Firstgenerationmainframesecurityfrom1998to2007involvedfinancialsystemswithheavylegacybackofficesystemsrunningonmainframeswithtraditionalprotectiontools.Secondgenerationmainframesecurityfrom2007to2016sawmostmainframesretired,leavinglegacysystemswiththerequirementthattheybeprotectedaspartofadyingart.Thirdgenerationmainframesecurityfrom2016to2025shouldexpecttoseerarelegacysystemsinstubbornenvironmentsremainwithfewertoolsandresourcessupportedbyaselectgroupofspecializedvendorsofferingprofessionalservices.
Figure21.2018MainframeSecurityOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,andthetransitiontohighercostprofessionalservicesisalreadywell-underway.AnyCISOteamthatincludesmainframesinitssuiteneedstofocusimmediatelyonthisrisk.AdviceforEnterpriseSecurityTeamsEnterpriseteamsthatincludemainframesneedtoestablishaplanforsupportthatatleastmatchesestimatesforhowlongthosesystemswillremaininoperation.Ifthemainframesecurityteamisbeyondretirementage,thenahumanresourcemanagementplanisrequiredtomaintainsupport.Ifavendorisinplaceordesired,thennowisagoodtimetolockinalong-termdeal.Regardingthreats,IamwillingtoadmitthatIcannotthinkofamajormaliciousmainframehackthathashadsignificantbusinessconsequencesforanyoneinthepastcoupleofdecades.(Maybeweshouldallbemovingeverythingbacktomainframes.)AdviceforSecurityTechnologyVendorsIfyouareinthemainframesecuritybusiness,thenyoualreadyknowthegoodnews/badnewssituation.Youcustomerbaseisdwindling,butthestubborncompaniesthatlovetheirmainframesandwanttocontinueusingthemwillremainexcellentcustomerspayingfairorevendearpricesforyoursuiteofsolutions.Trainingnewly-hiredyoungsterstobepartof
mainframesecurityprofessionalservicesofferscanbeachallenge,butwhenatwenty-two-year-oldseesthemoneythatcanbemadebylearningACF2indetail,thischallengecansometimesbeovercome.ListofSupportVendorsASPG–ASPGisaFlorida-basedmainframesoftwarecompanywithasuiteofproductsincludingsecurity.Atsec–Atsecisasecurityconsultingfirmthatprovidespenetrationtestingservicesformainframes.CATechnologies–CAprovidesmainframesecuritygovernance,accessmanagement,anddataprotection.Correlog–CorrelogprovideslogmanagementandSIEMfunctions,includingsupportformainframes.Enforcive–EnforcivesupportsmainframedeploymentsandcomplianceprogramsforIBMzSecurity.Ensono–FormerlyAcxiomIT,EnsonoprovideshybridITservicesincludingsupportformainframe.IBM–TheIBMcompanyhasbeensynonymouswiththeprotectionofmainframeproductsandservicesformanydecades.Imperva–ImpervaacquiredTomium,whichprovidesamainframesecuritysolutionforcontinuousauditing.InfosecInc.–InfosecInc.providesprofessionalservicesspecificallyinmainframe,includingsecurity.Interskill–InterskillprovidesmainframetrainingwithcatalogofIBMmainframeandsecuritycourses.PKWare–PKWareoffersarangeofsoftwaresolutionsformainframeincludingPKZIPandencryption.Raz-Lee–TheNewYorkState-basedfirmoffersaudit,monitoring,andrelatedcompliancesolutionsformainframe.Safestone–PartofHelpSystems,SafestoneprovidescustomerswitharangeofIBMserversecurityproducts.Sea–SoftwareEngineeringofAmericaprovidesdatacentersolutionsincludingformainframeandsecurity.SoftwareDiversifiedServices–SDSsupportsz/OSmainframesoftwarewithrangeofproductsandsolutions.TreehouseSoftware–TreehouseSoftwareoffersdataintegrationandrelatedsolutionsformainframe.Vanguard–VanguardprovidesarangeofIBMmainframesolutionsincludingsecurityprotections.Xbridge–XbridgeprovidesdatadiscoverysolutionswithcoverageforzSystemsmaintenanceandsecurity.Control22:MobileSecurityMobilesecurityinvolvescybersecuritycontrolsintheecosystemsupportingtheuseofmobiledevices,applications,andinfrastructure.Theevolutionofthisprotectiondisciplinelaggedthedevelopmentofearlymobileservices,simplybecausetheearliestdeviceswerenotperceivedtorequireanysecurityatall.(Everyoneseemstorememberwhattheyweredoingon9/11,sothinkbacktotheclunkymobiledeviceyoumighthavebeencarryingaroundonthatterribleday.Itprobablyhadspottycoverageandnodevicesecurity.)NotuntilBlackberrypioneeredtheconceptofasecureenterpriseserverdidthecommunitybegintoevenconsiderthepossibilitythatcyberriskwasanissue.Fastforwardtotoday,andthesecuritychallengenowwillbetoconsolidatethemyriadofdifferentprotectionsthatscatteracrossmobiledevice,mobileapp,enterprisemobilitymanagement,andmobilecarrierinfrastructure.Cloud-basedvirtualizationsupportwillbethecommondenominatorinmostofthisconsolidationsothatprotectionscanbeselectedlargelyindependentofyourphysicaldevicechoices.Nevertheless,device-focusedsecuritywillcontinuetobeanimportantaspectofthemobileindustryasthethreatprogresses.Expectalsotoseecarriersoffermuchhigherlevelsofsecurityoptionintheir5Gdeployments.Asasummaryofcomponents,belowisalistofthemajormobilesecuritysolutionareasthatwillconsolidateinthenextdecade:
• MobileCarrierSecurityControls–Theseprotectionswillbecomesoftware-definedin5Ginfrastructuredeployments.
• MobileEndpointSecuritySoftware–Thissoftwarewillbecome(surprisingly)lessdevicedependentandmorecloudcontrolled.
• MobileDeviceManagementTools–ThesetoolswillembedintohybridcloudenterpriseITorchestrationsystems.
• MobileAppRiskManagement–Thiscapabilitywillimproveandbecomeanaturally-embeddedaspectofallmobileappstoreandmobileapphostingsystems.
Suchconsolidationaroundcloudandsoftware-definedthemesisgoodnews,becauseitwillcounterthegrowingmobilethreatacrosstheglobe.Expecttoseesomemoreseriousmobilethreatcampaignsinthecomingyears.Hopefully,ourimprovedmobilitysecuritysystemsandtoolswillbesufficienttokeepusprotected.GeneralOutlookThegeneraloutlookformobilesecurityinvolvestransitionfromweakmobiledeviceinfrastructureandprotectiontomuchstrongersolutionsformobilitysecurity.ThiswilltracktransitionfromthemobileasacomplementtothetraditionalPC/LANenterpriseinfrastructuretothemobiledeviceastheessentialbasisforavirtualizedhybridcloudenterpriseinfrastructure.Firstgenerationmobilitysecurityfrom1998to2007involvedweakcarriercontrolssuchasone-waytowerauthentication(in2Gservices),weakencryptioncontrols,andvirtuallynon-existentlocalWiFicontrolsasitbecomemorepopularduringthisera.Secondgenerationmobilitysecurityfrom2007to2016sawaplethoraofnewsolutionareasfromvendorsincludingmobileendpointsecuritytools,mobiledevicemanagement(MDM)systemsforsecurity,andmobileappriskmanagementsuites.Thirdgenerationmobilitysecurityfrom2016to2025shouldexpecttoseeconsolidationofthesecapabilitieswithmoreadvancedtechniquessuchasmachinelearningembeddedinthealgorithms.Mobileappriskmanagementwillseeincreasedfocus,aswellSDN-enablementoftheunderlyingsecurityinfrastructure.Improvedmobiledevicepatchingandconfigurationmanagementwillfollowincreasedcompliancepressureforcompanies.
Figure22.2018MobileSecurityOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,sincemobiletrendshavebeenrelativelyeasytospotandtrack.SDNenablementwithcloudsupportistheeasiesttrendtospot,andtheflexibilityofnetworkfunctionvirtualizationwillallowdesignerstobemore
creativeinthismobilesecurityspace.Onewildcardthatisespeciallyintenseformobilesecurityisthatifamajormobileattackcascadesacrossalargeportionofglobalinfrastructure,thentheimpactonthemarket,regulatoryenvironment,andbuyersishardtopredict.Ifanything,thefocusonmobilesecuritywouldbecomemoreintense,withcomplianceprogramsrapidlyappendedtoincludemorestringentrequirements.AdviceforEnterpriseSecurityTeamsCurrententerprisesecurityteamemphasisonmobilesecurityvariesconsiderably–andthevariancedoesnotseemtotrackanyrationalboundaries.Forexample,itwouldbeeasytoconcludethatlargercompanieshavegreateremphasis,whereassmallerorganizationsdonot,butthiscorrelationisnotcrisp.Rather,whatweseetodayistheusualsortofscatteredemphasisonefindsinanewdiscipline.Consider,forexample,theuseofmobileappriskmanagement,anapproachthatiseasytodeployandsensibletoincorporate.Useofthismethodacrossenterpriseseemsarbitrarywithtoomanyteamsviewingthisasafutureconsideration.Myadviceforenterpriseteamsistostepuptotheplatenowonmobilesecuritywithstrongpolicyrequirements,mandatorycontrols,andathree-yearplanthattakesadvantageofemergingconsolidation(oratleastintegration)ofmobiledevicesecurity,infrastructurecontrols,MDM,andmobileapprisksolutions.Thisisnolongerthesecurityemphasisofthefuture:Itmustbeamajorsecurityemphasisofthepresent.Ifyouwaittoolong,thenyoumightbeexplainingtoyourboardthesecomingyearswhyyourteamwascaughtflat-footedbyaseriousmobileattackthatmighthavebeenprevented.AdviceforSecurityTechnologyVendorsAnalystshavebeenlargelyinagreementthatgrowthwillcontinueintheintensityofmobilethreats,aswellasourcollectivedependencyonmobileinallpersonalandbusinessaffairs.Thesetwoconditionsprovidetheperfectrecipefortrouble,becausecorrespondingemphasisonmobilesecuritysolutions–especiallyforpersonaluse–isnotincreasinginanycommensuratemanner.Vendorsmustthereforefocusonthreeagendaitems:First,theymustcontinuetoeducatethepublicandbusinessestothegrowingrisk.Thisshouldbedoneinacalm,matter-of-factmanner,becausethepotentialuse-casesspeakforthemselves.UnavailabilityofyourmobileduetoamassivemalwarewormhittingAndroiddeviceswouldbeacatastropheforanyoneaffected.Second,theymustcontinuetofocusondeploymentandusagesimplification.Theeasieritisforagivenmobilesecuritytooltobepurchasedandinstalled,thebetter.Third,allmobilesecurityvendorsmustfocusonconsolidationthroughpartnership,merger,orjustintegrationtesting.ThisisespeciallyrecommendedforlargemobileISPswithemergingAPI-basedSDNplatforms.Creatinganintegratedsuiteofmobilesecuritysolutionscenteredonthecarrier’sSDNcontrollernorthboundapplicationinterfaceisanapproachthatwillhelpeveryoneavoidmobilethreats.ListofSupportVendorsActiveMobileSecurity–ActiveMobileSecurityprovidesamobilesecuritysolutionfordataseparationandmalwareprotection.AdaptiveMobile–AdaptiveMobileprovidesmobilethreatintelligence,protection,andinfrastructureprotection.AirPatrol–AirPatrolsupportslocation-basedcontentdeliveryandsecuritymanagementforWiFiandmobiledevices.Apple–ThemobiledeviceproviderincludesnovelsecurityfeaturesiniTunes,iOS,andacrosstheApplemobileecosystem.Appthority–Appthorityoffersenterprisemobileappsecurityanalysistosupportdatalossandprivacyrisks.
Arxan–Arxanprotectsmobile,desktop,embedded,andserverapplicationsincludingamobileappassessment.AT&T–AT&Toffersadvancedoptions,increasinglybasedonSDN,fortheirenterprisecustomersinmobilesecurityandMDM.Avast–AcquisitionofRemotiumprovidesAvastwitharangeofsecuremobileenterprisesolutions.AVG–AVGoffersanti-virusandoptimizationforendpointsincludingAndroidmobilesandtablets.BETTER–BETTERsupportsdetectionandpreventionofmobileattackstoAndroidandiOS.Bitdefender–Bitdefenderprovidesarangeofendpointsecurityprotectionsincludesupportformobile.Blackberry–Blackberryoffersawiderangeofsecuremobilityandmobiledevicemanagementsolutions.Box–Boxprovidesmobilesecuritybysupportingextendingcontentsecurelyacrossallmobiledevices.BullGuard–Anti-virusprotectionsforendpointsfromBullGuardincludesupportforAndroidsecurity.CheckPointSoftware–AcquisitionofLacoonbringsCheckPointamobilethreatpreventionsolution.CyberadAPT–CyberadAPToffersauniqueintegrationofcyberattackpreventionwithmobilethreatavoidance.eAgency–eAgencyisaproviderofmobilesecurityproductsforconsumers,business,andcarriers.ESET–Anti-virusandsecurityprotectionforendpointsfromESETincludesadvancedprotectionsupportforAndroid.F-Secure–F-Secureanti-virusandsecuritysolutionsincludesupportforsmartphonesandtablets.Google–GoogleincludesmanyusefulcybersecurityfeaturesintheOSandsupportingecosystem.Huawei–ThelargeChinesetechnologycompanyoffersarangeofsecurityproductsincludingmobilesecurity.IBM–TheIBMMaaS360enterpriseMDMsolutionincludesmobilesecuritycapabilities.IconLabs–HeadquarteredinIowa,IconLabsprovidesembeddeddevicesecurity,includingsupportformobile.IntegriCell–Washington-basedIntegriCell,ledbyindustryexpertAaronTurner,providesarangeofmobilesecuritysolutions.ITADSecurity–ITADSecurityoffersarangeofsecurityriskintelligencesolutionsformobiledevices.KapricaSecurity–KapricaSecurityofferspenetrationtestingserviceswithemphasisonmobilesecurity.Kaspersky–Kasperskyoffersmobiledeviceprotectionincludingpasswordmanager,safebrowsing,andQRscanning.Lookout–Lookoutprovidesadvancedanti-malwaresoftwaretoolsforprotectionofmobiledevices,data,andapps.McAfee–McAfeeofferscustomersitsMobileSecuritysolutionforAndroidandiOSmobiledevices.MobileIron–MobileIronoffersMDMsecuritycapabilitiessuchascertificateexchangeformulti-factorauthentication.Mocana–Mocanaprovidesmobilesecuritythreatcontainmentthroughsoftwareapplicationwrapping.mSignia–Irvine-basedmSigniaofferstechnologytosupportstrongauthenticationandfraudpreventiononmobileapps.NowSecure–Illinois-basedNowSecureprovidesmobilesecurityandprivacyforAndroidsmartphonesandtablets.NQMobile–Anti-virusprotectionfromNQMobileisdesignedforAndroidandWindowsdevices.Nubo–NuboprovidesprotectionforBYODremoteenterprisesecureworkspaceformobiledevices.Omlis–UK-basedfirmOmlissupportsarangeofmobilepaymentsolutionswithsupportforcybersecurity.PhoneWarrior–PhoneWarriorsupportsSpamcallblocking,textblocking,andCallerIDfunctionsformobile.Pradeo–LocatedinFrance,PradeooffersasuiteofmobileapplicationsecuritytestingtoolsandAPIs.Proofpoint–ThroughacquisitionofMarble,ProofPointoffersmobileapplicationsecuritybasedoncloudthreatintelligence.ProtectedMobility–ProtectedMobility,headquarteredinVirginia,offerssolutionsformobileappsecurity.PulseSecure–PulseSecure,aJuniperspin-off,offersarangeofSSLVPNandmobiledevicesecurity.Rapid7–Rapid7acquiredMobilisafein2012,whichprovidedthemwithadvancedcapabilityinmobilesecurity.Samsung–SamsungofferstheKnoxsuiteofmobileenterprisesecuritysolutionsfordeviceprotectionandmanagement.SAP–SAPMobileSecureprovidesasoftware-as-a-servicecapabilitytomanagemobileprotection.SequiturLabs–ThesmallcompanyinWashingtonStateoffersmobilesecurityapplicationdevelopmenttools.Skycure–Skycure,ledbyAdiSharabani,offersarangeofadvancedmobileintrusiondetectionandpreventionsolutions.SnoopWall–SnoopWalloffersarangeofmalwaredetectionsolutionsfortabletsandmobiledevices.Sophos–SophosMobileSecurityprovidescustomerswithadvancedsecurityprotectionforAndroiddevices.Symantec–SymantecprovidesMDMandmobilesecuritysolutionsforenterpriseandconsumers.TekTrak–TekTrakoffersarangeofmobileapplicationsecurityproductsforAndroidmobiledevices.TrendMicro–TrendMicroofferssecurityprotectionforAndroidincludingmobiledevicemanagement.TrustGo–PartofBaidu,TrustGooffersmobilesecuritysolutionsforappscanningandotherfeatures.Trustlook–SanJose-basedTrustlookoffersanti-virus,anti-Spyware,andothersecuritycapabilitiesforAndroiddevices.Verizon–VerizonoffersarangeofprotectionoptionsfortheirenterprisecustomersinmobilesecurityandMDM.V-Key–RedwoodCity-basedV-Keyemploysintrusionpreventionprotectionformobileapplications.VMware–VMwareoffersarangeofmobilevirtualizationandapplicationwrappingforcybersecurity.Webroot–WebrootofferscustomersitsSecureAnywhereMobilesolutionsforAndroidsmartphones.Workspot–Workspotoffersasecurevirtualdesktopsolutionfortheenterprisewithcloudsupport.Zimperium–ZimperiumoffersenterprisemobilesecuritysolutionssupportingenterpriseBYODinitiatives.Control23:Password/PrivilegeManagement
Passwordandprivilegemanagementinvolvesthepeople,processes,andtoolsrequiredtoproperlycontrolandprotectpasswordsandprivilegedaccountsinanenterprise.IT,network,andapplicationteamsrecognizedyearsagothatenterpriseidentificationandauthenticationrequiredmorefocusedattentionintwoareas:Passwordswerebeingpoorlyselectedandroutinelymishandledbyvirtuallyallusers,andprivilegedaccountneglecthadparticularlysignificantconsequencesforanyenterprise.Assuch,toolsemergedtoimprovebothareas,andhavegrowninuseoverthepasttwodecades.Evenwithadvancesinmulti-factor,adaptiveauthentication,theuseofpasswordandprivilegemanagementtoolswillcontinuetogrowinthecomingyears.Thisisanenterprisecontrolwheretheriskequationworksoutquitewell;thatis,modestinvestmentproducesgreatbenefit.TheonlyreasonthesetoolshavenotgrownmorerapidlyisthatdecisionsforpasswordandprivilegemanagementareoftenmadeintheorganizationalseamsbetweensecurityandITteams.Vendorsinthisareaareoftenunsurewhotheircustomerreallyis,inanenterprise.Thishasslowedthegrowthofproperinfrastructuresolutionsintheseareas.GeneralOutlookThegeneraloutlookforpasswordandprivilegemanagementinvolvestransitionfromsimpleadministrativecontrolssuchaspasswordstufferstomoreadvancedanalytictoolsthatwilltakeadvantageofbehavioralgorithmstoimproveusabilityandaccuracy.Passwordandprivilegemanagementtools,includingpasswordvaults,willmovefromstand-alonetoolstomoreembeddedcapabilitiesinthesystemsthatcomprisehybridcloud-basedvirtualinfrastructure.Firstgenerationpasswordandprivilegemanagementtoolsfrom1998to2007involvedthesimplestpasswordmanagers,mostlyforPCswithnon-privilegefocustocombatweakthreats.Secondgenerationpasswordandprivilegemanagementtoolsfrom2007to2016sawmuchimprovedtools,increasingusedtohandle2FA.Enterprisefocusonprotectingprivilegedaccountsgrewduringthisperiod,toaddressmanyprivilegeweaknessesthatstemmedfromignoranceandbasicsystemadministrativeneglect.Thirdgenerationpasswordandprivilegemanagementtoolsfrom2016to2025shouldexpecttoseemassivetransitiontoMFAwhichwillrequiremoreadvanced,embeddedcontrols.Machinelearningandanalyticswillhelpthisareaofenterprisecybersecuritydealwithmoreadvancedthreats.
Figure23.2018Password/PrivilegeManagementOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,sincethegrowthofpasswordandprivilegemanagementtoolsandsystemshasbeensteady.Passwordswillnotgoawayinpersonalandenterpriseuse,butwillratherseecomplementby2FAandadaptiveauthentication.Growthwillcontinuesteadyoverthecomingdecade.AdviceforEnterpriseSecurityTeamsChancesarethatyourteamisdoingamuchbetterjobtodaymanaginguserpasswordsthanyoudidadecadeago.Chancesarealso,however,thatyoucouldstandtoimproveyourmanagementofprivilegedaccounts.Toomanyprivilegedaccessuse-casesdonotincludesufficientmandatorycontrolofprooftokensinpropervaultswithcentralizedoversight.APTsoftentakeadvantageofthisenterprisesystemadministrativeweaknesstobuildpowerduringlateraltraversalinsideaperimeter.Securityteamsarethusadvisedtofirsttakeinventoryoftheirprivilegedaccounts,whichbytheway,isoftenthemostdifficultaspectofproperprotection.Sufficientdiversityofvendorsexiststodaytobuildoutimprovedsolutionsforsecuringprivileges,sotherearenolongerthetypesofsupplychainissuesthatexistedinthisareawhenitfirstemerged.AdviceforSecurityTechnologyVendorsVendorsprovidingsecuritymanagementsupportforpasswordandprivilegedaccountsshouldkeepatit,becausetangiblebenefitsandgrowthhaveoccurredinthepastdecade.SincetheorganizationalseamsbetweenITandsecuritywillcontinue,youmuststepupyoureducationandawarenessprograms,becausenotallITdecision-makersunderstandthetoolsyouoffer.Virtualizationandshifttohybridcloudwillonlyincreasetheneedtocentralizecontrolofdistributedaccountmanagementacrossheterogeneousas-a-servicecapabilities.Expecttoseecontinuedgrowth,butyouwillneedtoexpectsomenativecapabilitiesemergefromcloudandSDNproviders.ThismightbeagoodopportunityforIPlicensingorpartnership.ListofSupportVendorsAgileBits–CanadiancompanyAgileBitsoffersthe1Passwordsolutionforpersonalandenterpriseuse.AnimabilisSoftware–Animabilisoffersafull-featuredpasswordstorageandmanagementsolutionforenterprise.Avatier–Theglobalfirmofferspasswordmanagementaspartofitsidentityandaccessmanagementsuite.Avecto–Avectocombinesprivilegemanagement,applicationcontrol,andsandboxingtoprovideendpointsecurity.BeyondTrust–BeyondTrustprovidespassword,privilegedaccount,andvulnerabilitymanagementsolutions.Bitium–SantaMonica-basedBitiumprovidespassword,user,andidentitymanagementsolutions.CA–CAoffersthePrivilegedAccessManagerproductforfine-graineduseraccesscontrolsintheenterprise.CyberArk–CyberArkprovidesprivilegedaccountmanagementandsecuritysolutionsfortheenterprise.Dashlane–DashlaneofferstheDashlanePasswordManagerandSecureDigitalWalletproducts.DataViz–DataVizincludesaproductcalledPasswordPLUSfororganizingpasswordsacrossiOS,Android,Mac,andWindows.Dell–DellprovidesarangeofprivilegedaccountmanagementsolutionsforUnix,Windows,andotherenvironments.FischerInternational–Fischeroffersarangeofpassword,privilege,andidentitymanagementsolutions.Fox-T–MountainView-basedFox-Toffersaccessmanagementandpassword/privilegemanagementsolutions.Hitachi-ID–Hitachi-IDincludesprivilegedaccessmanagementinitsidentitymanagementandaccessgovernancesolutions.IBM–IBMincludesprivilegedidentitymanagementinitssuiteofidentityandaccessmanagementsolutions.KeePass–KeePassisanopensourcepasswordmanagerthatmightbeconsideredforuseintheenterprise.KeeperSecurity–KeeperSecurityincludesapasswordmanagercapabilityandsecuredigitalvault.LamantineSoftware–LamantineSoftwaredevelopsapasswordmanagerandformfillercalledStickyPassword.LastPass–LastPassoffersapasswordmanager,autoformfiller,randompasswordgenerator,andsecuredigitalwallet.
LiebermanSoftware–LiebermanSoftwaresupportsidentity,passwords,andprivilegemanagement.ManageEngine–ManageEngineincludesprivilegedpasswordmanagementandself-servicepasswordmanagementsolutions.mSevenSoftware–mSevenSoftwareprovidesapasswordmanagerforMacandWindowsusers.MyLOK+–MyLOK+offersitscustomersasecurepasswordmanageranddatastoragecapability.NetWrix–NetWrixoffersITsecurityandauditingsolutionsforprotectingsystemsandapplicationsacrossITinfrastructure.OneID–RedwoodCity-basedOneIDoffersidentity,access,password,andprivilegemanagement.Oracle–Oracleofferspasswordandprivilegedidentitymanagementfunctionsinitsidentityandaccessmanagementsolutions.OrangeCatSoftware–OrangeCatSoftwareoffersapasswordkeeperproductsolutionforitscustomers.Osirium–UK-basedOsiriumoffersidentity,access,password,andprivilegemanagementsolutions.PasswordGenie–PasswordGenieisadataprotectionandpasswordsecuritysolutionforWindows,Mac,Android,andiOS.RoboForm–RoboFormprovidesitscustomerswithanadvancedpasswordmanagementcapability.SplashID–SplashIDsupportsmanagementofpasswordsforiPhoneAndroid,Windows,andMac.Symantec–Symantecincludesidentityaccessmanagercapabilityinitsinformationprotectionsuite.Thycotic–ThycoticofferscompleteprivilegedaccountmanagementsolutionforenterpriseITadministrators.Wallix–WallixprovidesSSO,passwordmanagement,privilegedusermanagement,andrelatedfunctions.Control24:Two-FactorAuthenticationTwo-factorauthentication(2FA)solutionsprovideincreasedassuranceinthevalidationofreportedidentities.Generally,2FAisusedtoenhancethesecurityofremoteoron-lineserviceaccessfromuserswhohadpreviouslyjustsuppliedpasswordstoprovetheiridentities.Toreducethelikelihoodofmaliciousspoofingorfraud,asecond(orthird)diversefactorisaddedtoincreasethedifficultyofanattackerguessing,stealing,orderivingaccesstoatargetsystemoraccount.Popular2FAmethodsincludehardwareorsoftwaretokens,publickeycertificates,biometricidentifiers,andtextexchangeofcodeswithknownmobiledevices.Enterprisesecurityteamscommonlyinclude2FAasanassurancerequirementforexternalaccesstosharedservices,sotheprogressiontohybridcloudwillnaturallycauseincreaseddeploymentofthistechnology.Consumersarelikelytoremainskepticalof2FA,however,fortheforeseeablefutureintheiraccesstosocialmedia,Internetemail,andotheron-lineservices.Eventually,theuseofcontextual,adaptiveauthenticationwilldominate,basedonbehavioralanalyticsandsituationalcharacteristicsincludinglocationandobservedergonomics;butthismighttakeabitlongerthanmostexpect,simplybecauseoldhabitsdiehard.Expectpasswords,plusasimplesecondfactortoremainthebaseline2FAchoiceforseveralyears,afterwhichthetechnologywillbecomemorestreamlined.Onenewaspectof2FAthatshouldemergeinthecomingdecadeinvolvesthegreateruseoftrustedexecutionenvironment(TEE)-hostedidentitiesthatarecascadeddirectlytoapplicationswithoutinteractionwiththeoperatingsystem.Thisresultsinasuperhighassuranceauthenticationprocessthatresultintheactualdevicebecomingatrustedprooffactor.Issuanceofknowndevices,forexample,thatareprovisionedwithhighlyassuredcryptographicidentitiesallowsforsecurepubliccloudaccesswithoutaperimeter.GeneralOutlookThegeneraloutlookfortwo-factorauthenticationinvolvestransitionfromasimple,add-onsecondfactortoadaptive,contextualauthentication–albeitoveraslowerthanexpectedperiod.Thisiscomplemented,however,byatransitionfromlowuseof2FAinthelate1990’stomoreintenseuseofthetechnologyacrossalltypesandsizesofenterpriseinthecomingdecade.Firstgeneration2FAfrom1998to2007involvedhand-heldtokens(mostlyfromRSA)
usedinlargerenterpriseandgovernmentorganizations,butwithalmostnousebyconsumers.Secondgeneration2FAfrom2007to2016involvedtheadditionofsomenewtypesof2FAtokensincludingbiometricsandcertificates,aswellassoftwaretokens.Earlyadaptiveandcontextualauthenticationsolutionsemergedduringthisperiod.Thirdgeneration2FAfrom2016to2025shouldexpecttoseethegradualtransitionto3FA,butwhenthetransitiondoesoccur,itwillbeheavy.Thatisbecauseonceadaptiveauthenticationsolutionsbecomesupereasytouse,everyenterpriseandeveneveryconsumerwillbecomeheavilyvestedinthetechnology.Expectthetransitiontobeslowincoming,butrapidonceitdoescome.AlsoexpecttoseeTEE-basedauthenticationsolutionsturnmobiledevicesandevenPCsintotokenauthenticatorsthemselveswithtrustcomingfromhighassuranceprovisioningofcryptographicidentities.Mobileserviceproviderswillnaturallygravitatetowardthistypeofbusiness.
Figure24.2018Two-FactorAuthenticationOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookismoderatelyhigh,giventhepatternthathasbeenestablishedforearly2FAadoptionbyawidersegmentofbusiness.Confidencelevelsarenothigh,however,simplybecausepredictinguserpreferencesinthisareacanbehazardous.Forexample,PKI-basedusagepredictionsforconsumersmadetwentyyearsagowithhighconfidence,nevercametrue.AdviceforEnterpriseSecurityTeamsEnterpriseteamsshouldalreadybeusing2FAforremoteaccess,aswellasaccesstosharedservicesinpublicclouds.Iftheyarenot,andthismightbemorecommonforsmallercompanies,thenitistimenowtomakethetransition.Startbywriting“should”requirementsforuseraccesstoanythingofvalue,andeventuallytransitionto“must”requirements.Selectionofsecondfactorsshouldbeconsistentwiththelocalcultureandenvironment.Mobiledevicesaregenerallyubiquitousinbusinesssettings,sotext-basedexchangeofmobilecodesisanaturalmethod.Inenvironments,whereendpointsareissuedbytheITorOTadministrationteam,theprovisioningofanunderlyingcertificate,enabledwithadevicebiometricmightbethepreferredapproach.AdviceforSecurityTechnologyVendors
Companiesproviding2FAsolutionsareinanexcellentpositiontoexperiencecontinuedgrowthformanyyears.Thechallengeisthateventually,theissuanceofidentityproofwillbecomeembeddedinthebehavioralanalyticprocess,sothatcouldspelltroubleforexistingsolutions.Widespreadadoptionofadaptiveandcontextualmethodsremainshardtoforecast,andsomeaggressivevendorstryingtoinnovateinthisareahaveseentheirearlysolutionsfizzle.Thisisanaturalartifactofanytransitioningnewtechnology,andithighlightstheimportanceofperfecttimingintheintroductionofachangeincommonlyusedcomputingmethods.MyadvicewouldbetomaintaingoodprogramsofR&Dinadaptivesolutions,buttoremainpragmaticaboutrevenueopportunitiesinthenearterm.Onceitbecomesclearthat2FAsolutionsaretrulybecomingmoreembeddedintocontextualanalytics,themoreattentivevendorsshouldbereadytomakethetransition,albeitintheroleoffollower(whichmightbebetteranyway).ListofSupportVendorsAuthentify–Authentify,partofEarlyWarning,offersphone-basedmulti-factorout-of-bandauthentication(OOBA)solutions.AuthLite–LocatedinSpringfield,AuthLiteofferstwo-factorauthenticationusingaUSBkeyandpassword.AuthRocket–Colorado-basedAuthRocketprovidesausermanagementAPItosupportauthenticationasaservice.Authy–Authyprovidesatwo-factorauthenticationsmartphoneapplicationforindividualsandbusiness.Auth0–Auth0supportssoftwaredeveloperswithSSO,token,andrelatedproductsforintegrationintoappsandAPIs.Behaviosec–SwedishfirmBehaviosecprovidesabiometricauthenticationsolutionbasedonbehavioralattributes.BI2Technologies–BiometricintelligenceandidentificationtechnologiesfirmBI2technologiesisbasedinMassachusetts.BlackridgeTechnology–Thecompanyutilizesfirstpacketauthenticationtoenforcestrongnetworkaccesscontrolpolicy.CA–CAoffersstrongauthenticationservicesembeddedinitsrangeofidentityandaccessmanagementsolutions.Celestix–Fremont-basedCelestixprovidesunifiedremoteaccesstoanyapplicationonanydeviceusingsinglesign-on.MIRACL–Thecompanyprovidesatwo-factorencryptionandauthenticationsolution,aswellasacryptographicSDK.CollectiveSoftware–CollectiveSoftwareprovidestheAuthLitetwo-factorauthenticationsystem.Comda–TheIsraelifirmoffersarangeofITsecurityproductsincludingbiometricauthentication.Crossmatch–CrossmatchoffersitsDigitalPersonaAltussolutionforbiometricidentityverificationandenrollment.Cyxtera–Cyxtera’sEasySolutionsincludesmobileandstrongauthenticationinitssuiteofanti-fraudsolutions.Daon–DaonisabiometricsidentitymanagementcompanywithanunderlyingBiometricTrustInfrastructure.DeepnetSecurity–Deepnet,locatedintheUK,offersanauthenticationplatformusingmultifactorandbiometricsolutions.Delfigo–Delfigodevelopsarangeofidentity-basedstrongauthenticationservicesforcustomers.DeltaID–TheCalifornia-basedfirmprovidestheDeltaIDirisrecognitionsolutionforstrongauthentication.DeviceAuthority–TheD-FACTORauthenticationenginedeliversconnecteddevicesforIoTapplications.DirectRM–LocatedinCalifornia,DirectRMprovidesstrongauthenticationandaccessmanagementsolutionssupportingBYOD.DuoSecurity–DuoSecurityprovidestwo-factorauthenticationsolutionswithemphasisonendpointvisibilityprotection.DynamiCode–LocatedinHongKong,DynamiCodeoffersstrongauthenticationandsecuremobilePOSsolutions.ECKey–ThePennsylvania-basedfirmofferssolutionsforturningBluetoothsmartphonesintoaccesscontrolcomponents.ElevenPaths–TheMadrid-basedcompanyprovidesarangeofsecurityproductsincludingauthentication.Entersekt–LocatedinSouthAfrica,Entersektprovidesinteractiveauthenticationandencryptionsolutions.Entrust–Entrustprovidesidentityandauthenticationtechnologiesusingmobile,certificates,andothertechnologies.FEITIANTechnologies–TheChinesefirmoffersarangeofITsecuritysolutionsincludingauthentication.Gemalto–GemaltoprovidesdigitalsecuritysolutionsrangingfrombiometricstoSIMcardandNFCsecurity.HIDGlobal–HIDGlobalincludesaccesscontrolandsecureidentitysolutionsincludingsmartcardsandreaders.HoyosLabs–HoyosLabsoffersarangeofmobilebiometricsolutionsforstrongtwo-factorauthentication.IDControl–LocatedintheNetherlands,IDControlprovidesarangeofstrongauthenticationsolutions.Idevity–Idevitysupportssmartcardandidentityusewithvisualizationappsformobileandrelatedproductsandservices.ImageWare–ImageWareprovidesbiometricsolutionstosupportauthenticationandidentitymanagement.Imprivata–Massachusetts-basedImprivatafocusesonsinglesign-on,authentication,andrelatedsolutionsforhealthcare.Iovation–LocatedinPortland,iovationsupportson-linefraudpreventionbasedonstrongdeviceauthentication.i-SprintInnovations–LocatedinSingapore,thecompanysupportsidentity,credential,andaccessmanagementsolutions.Keypasco–SwedishfirmKeypascoofferssecureauthentication,multi-factor,anddeviceauthentication.Mi-Token–Mi-Tokendevelopsarangeoftwo-factorauthenticationsolutionsbasedonsofttokens.mSIGNIA–mSIGNIAprovidesmobileauthenticationenhancedwithbiometricdevicerecognition.NokNokLabs–ThefirmprovidesastreamlinedstrongauthenticationprotocolbasedonFastIdentityOnline(FIDO).
Nymi–Nymienablessecure,continuousauthenticationthroughawearable,multi-factorbiometricdevice.OneLogin–OneLoginofferscloud-basedIAMwithsecureaccesstocloudapplicationsfrommobiledevices.OnWire–OnWireincludesaFedRAMP,multi-factorauthenticationplatformwithcloudbasedIAM.PointSharp–ThePointSharpmobileappprovidesauthenticationviasoftware-basedone-timepasswordtoken.Protectimus–UK-basedfirmProtectimusofferscustomersarangeoftwo-factorauthenticationsolutions.RSA–RSAoffersone-timepasswordtokensolutionsthatareinusearoundtheworld.Ingenico–Ingenico’sSafeNetprovidesenterpriseauthenticationaspartofitssuiteofsecuritysolutions.SalesforceIdentity–SalesforceIdentityprovidesfederatedidentityservices.Seamoon–ChinesecompanySeamoonprovidesaone-timepasswordauthenticationsolutionforitscustomers.SecSign–LocatedinNevada,SecSignprovidestwo-factorauthentication,encryption,andrelatedcapabilities.SecureAccessTechnologies–SecureAccessTechnologiesprovidesmobileauthenticationviatheSATMobileIDsolution.SecureAuth–SecureAuthsupportstwo-factorauthenticationandSSOforenterpriseapplications.SecurEnvoy–UK-basedSecurEnvoyoffersmobilephone-basedtokenlesstwo-factorauthentication.SecureKey–SecureKey,locatedinCanada,supportsidentityandauthenticationneedsforonlineconsumerservices.SecurePush–Israelifirm,SecurePush,offersitscustomersastrongmulti-factorauthenticationplatform.SecuTech–CanadianfirmSecuTechofferstheUniKeyandUniTokensolutionsforUSB-basedplug-and-playauthentication.Socure–BasedinNewYork,Socureprovidessocialbiometricsolutionsforidentityverification.Sonavation–Sonavationisabiometricsfirmsupportingidentityauthenticationandothersecuritysolutions.SSH–HeadquarteredinFinland,SSHprovidesSSHkeymanagement,access,andauthenticationsupport.StrikeForceTechnologies–HeadquarteredinNewJersey,StrikeForceprovidesout-of-bandauthentication.SurePassID–SurePassIDsupportsnext-generationidentityandaccessmanagementwithFIDOauthenticationandsecureIoT.SwivelSecure–UK-basedSwivelSecureprovidesstrongauthenticationforcloud,Web,VPN,anddesktop.Syferlock–Connecticut-basedSyferlockoffersarangeoftoken-lesssolutionsformulti-factorauthentication.Symantec–Symantecprovidescloud-basedvalidationandIDprotectionservicesforsecuremulti-factorauthentication.Synaptics–Synapticssupportshigh-endtechnologyinthetouchsensinganddisplayintegrationarea.TeleSign–TheCalifornia-basedcompanyoffersarangeofmobileidentityandauthenticationsolutions.TransmitSecurity–Thecompany,runbyRakeshLoonkar,offersarangeofprogrammablebiometricsolutions.TRUSTID–LocatedinOregon,TRUSTIDofferscustomersarangeofautomaticcalleridentityvalidationcapabilities.Twilio–Twilioprovidesarangeofmessaging,voice,andauthenticationAPIsforcustomerapplications.2FA–TheAustin-basedcompanyofferscustomersarangeoftwo-factorauthenticationsolutions.Usher–Usherprovidesbiometric,location-basedauthenticationsolutionsforbusinessandindividuals.Vasco–Illinois-basedVascoprovidessolutionsforstrongauthentication,digitalsignature,andidentitymanagement.Vir-Sec–TheFlorida-basedfirmprovidesarangeofmulti-factorauthenticationaccesstoapplications.VUSecurity–HeadquarteredinArgentina,VUSecurityofferstwo-factorauthenticationsolutions.WWPass–WWPassprovidesstrongtwo-factorauthenticationsolutionsusingcryptographytechniques.Yubico–TheSwedishfirmprovidesanadvanced,opensource,USBauthenticationsolutionforplatforms.Control25:VoiceSecurityVoicesecurityconsistsofspecialencryption-basedprotectionsthataddresssecrecyandauthenticationweaknessesinmobilevoiceandtextconversations.Mostvoicesecuritysolutionsaredesignedasend-to-endsoftwareapps,evolvedfrommanyprevioushardwareproducts,thatoperateover-the-toponusermobiles.Keymanagementsolutionshaveimprovedtothepointwhereendusersgenerallymustdolittlemorethandownloadtheappandparticipateingroupsofotheruserswiththeapp.Amajoruse-casethatmotivatesdeploymentofvoicesecuritysolutionsinvolvesexecutivesandotherswhomusttraveltoregionsoftheglobewheretheunderlyingmobilityinfrastructuremightbelesstrustworthyorrobust.Voicesecuritysolutionsmustdealwiththechallengeofgenerallylesserrecognitionamongconsumerandbusinessusersofthesecrecythreatsthatexistformobilevoiceandtextcommunications.ThisisexacerbatedbythecommonpracticeofauthenticatingInternettransactionswithtexts,whichimpliesmuchhigherlevelsofsecurity.Whilethismightbe
somewhattrue,voiceandtexttrafficisnowdigital,sothelikelihoodofmaliciouseavesdroppingisgrowing.Luckily,voicesecuritysolutionqualityisnowexcellent.GeneralOutlookThegeneraloutlookforvoicesecurityinvolvesanincreaseinintensityofthedisclosurethreat,alongwiththeobvioustransitionfromheavylandlinevoicetoheavymobile4G/5Gcommunicationsinthecomingyears.Firstgenerationvoicesecuritysolutionsfrom1998to2007involvedearlytransitiontomobilewithweakencryptionsolutionsfrommanycarriers.Mostofthevoicesecurityissuesformobileinvolvedcellcloning,andtheonlyrealencryptiontoolswereusedingovernmentandthemilitary.Secondgenerationvoicesecurityfrom2007to2016involvedanincreaseddisclosurethreat,suchasSS7weaknesses,throughrapidgrowthofsmartphones.Therecognitionofthisgrowingdisclosurethreat,especiallyfortravelers,remainedweak,however.Encryptionimprovedconsiderablyduringthisperiod,especiallyfrommobilecarriers.Thirdgenerationvoicesecurityfrom2016to2025shouldexpectmoreintensedisclosureissues,routinevoicecommunicationleakstoplaceslikeWikiLeaks,strongerencryption,andmoreroutineuseofhigherqualitysolutions.
Figure25.2018VoiceSecurityOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,butadditionalworkisrequiredtohelpbusinessusersunderstandthepotentialthreat.IfsomeprominentbusinessorgovernmentexecutivesseetheirvoicecommunicationspostedtoWikiLeaks,thentheuseofvoicesecuritytoolswillmostcertainlygrowquickly.Fewcomplianceframeworksincludevoicesecurityasarequirement,andthelikelihoodthatthiswillchangeismoderate,sincemostregulatoryandauditteamswilltendtocarryoverpreviousrequirementsintoanynewframeworkupdates.AdviceforEnterpriseSecurityTeamsIfyourexecutivestravel,thentheyshouldbeusingencryption-basedsecurityappsfortheirmobilevoiceandtextcommunications.Thecostislow,theadministrationislow,andthebenefitsareconsiderable,especiallyinglobalregionswherethevoiceinfrastructureislesstrustworthy.Toextendtheuseofvoicesecurityacrosstheentireemployeebaseissurprisingly
simpleandlowcost,sothisisoneofthoseunusualareasofcybersecuritywhereactiveadoptionisano-brainer.Nevertheless,voicesecurityuseatscaleisremarkablylow,sogofigure.Myadviceistogivethiscontrolafreshlookinthecomingyears–andifsomecompanywatchesitssensitivemergertalksorconfidentialearningsdiscussionspostedtoWikiLeaks,thenyouwillbereadytoaddresstherisk.AdviceforSecurityTechnologyVendorsMostvoicesecuritysolutionvendorshavebeenhardatworkimprovingthesecrecy,keymanagement,usability,andqualityoftheirproductsduringthepastyears.Myadviceistofocusoneducationandawareness,producinggoodcontentforpotentialbuyerstounderstandhowmuchbettervoicesecurityqualityandusabilityhavebecome.Manypersonalandenterprisebuyerscontinuetothinkthatvoicesecurityisforgovernmentspooksandconspiracykooks,sothiswillrequiresomedoing.Keepatit–andthedividendswillcomeduringthenextfewyears.ListofSupportVendorsAEP(UltraElectronics)–TheUK-basedfirmprovidesHSMsfordataandvoicesecurityprotection.AT&T–TheISP/MSPwilldesignasecurevoicesolutionthatcanintegratewithmanagedsecurityandthreatintelligence.Cellcrypt–Cellcryptprovidesarangeofvoicesecuritysolutionswithencryptionandrelatedprotections.CellTrust–Thecompanyprovidesasecurevoiceandmessagingsecuritygatewayandaggregationsolution.CoverMe–CoverMeisafreedownloadforAndroidandAppletoencryptmobilecommunications.Enigmedia–HeadquarteredinSpain,Enigmediaprovidessolutionsforsecurevoiceandtelepresence.GeneralDynamics–GeneralDynamicsoffersSecteraWirelessGSMphoneforsecurecommunications.Koolspan–Koolspanofferssolutionsforvoice,texting,andmessagingsecurityforenterpriseandmobilevoiceplatforms.Nuance–Thefirmprovidesarangeofadvancedknowledge-basedandvoicebiometricsolutions.Ostel–TheJitsiappfromOsteloffersencrypted,opensourcetoolsresultinginsecurevoicecomparabletoSkype.PhoneWarrior–PhoneWarriorsupportsSpamcallblocking,textblocking,andCallerIDfunctionsformobile.Pryvate–Pryvateoffersencryptionproductsforsecurevoice,video,IM,andrelatedcommunications.RedPhone–RedPhoneisafree,opensource,securevoiceapplicationforAndroidcreatedbyWhisperSystems.SecureGSM–Australian-firmSecureGSMprovidesarangeofmobilecommunicationsecuritysolutions.SecureLogix–SecureLogixofferssecuretelephonyinfrastructurecontrolsforserviceprovidersandenterprise.SecureMobile–ThedivisionofSiRRANCommunicationsoffersencryption-basedsecuritysolutionsformobile.SilentCircle–SilentCircleprovidesencryptiondesignedbyPhilZimmermanwithhighlevelsofprivacyprotectionforusers.Simlar–SimlarisaGerman-developedappforsecuritymobilewithsupportforAppleandAndroid.Sophos–Thewell-knownsecurityfirmoffersitsSafeGuardencryptedvoicesecuritysolutionforcustomers.T-Systems–Thelargetechnologyandinformationassurancecompanyoffersavoiceencryptionapplication.Twilio–Twiliooffersarangeofvoiceandmessagingsecureinfrastructureprotectionsolutionsforcustomers.Verizon–ThelargemobilecarrierofferssecurevoicesolutionsthroughabusinesspartnershipwithCellcrypt.VIPole–VIPoleisasecuremessagingapplicationdevelopedintheUnitedKingdomforsecurebusinesscommunications.VoiceSecuritySystems–TheCalifornia-basedcompanyofferstechnologysolutionsforvoicesecurityprotection.Whatsapp–Whatsappisanapplicationclaimingabillionuserswithembeddedcryptographicprotectionsforprivacy.ZoIPer–ZoIPerisaSIPsoftphoneproductwitharangeofadvancedencryption-basedsecurityfeatures.Control26:BrandProtectionTheareaofbrandprotectioninvolvestechniquestomonitorandmitigatedigitalrisksfromsocialnetworks,websites,email,andon-lineservicesthatcanadverselyaffectthereputation,integrity,andpublicviewofacompany’sassets.Theprimaryumbrellaassetforanorganizationisitsbrand,butmorespecificcomponentsatriskofdigitalspoofing,tampering,fraudulentuse,
andmisrepresentationincludecorporatedomains,websites,e-commercesites,certificates,andotherdesignationsthatwouldbepurportedtohavebeencreatedwiththefullauthorityoftheorganization.Thisisanewareaofcybersecurity,onethatisundergoingtransitionfromteamsofhumaninvestigatorstrollingandscrapingwebsitesinsearchofkeywords,tomoreautomatedplatformsthatuseadvancedanalyticstodetect,learn,andmitigateanyidentifiedbrandissues.Vendorsdifferentiatetodaybasedonacombinationoftheirteamexperiencesandplatformfeatures,sobuyerswillgenerallyhavetoexamineboth.MostCISOshavetraditionallynotbeeninvolvedinthisaspectofcybersecuritytodate,sothepossibilityexiststhatpublicrelationsormarketingteamsmighthavealreadybeenbuyingadjacentcapabilities.GeneralOutlookThegeneraloutlookforbrandprotectioninvolvestransitionfromsimplesearchmethodssuchasscreenscrapingtomoreadvanceddigitalriskmonitoringincludingtheuseofdataanalytics.Thetransitionofbuyerfocusforthistypeofprotectionisalsoshiftingfrommarketingandbrandmanagementteamstoexpandedinvolvementofenterprisesecurityteambuyers.Firstgenerationbrandprotectionfrom1998to2007involvedsimpledatacollectionfromtheInternetwithsomeearlyDarkWebinvestigation.Techniquesinvolvedscreenscrapingandthefocuswasonverybasicbrandprotection.Secondgenerationbrandprotectionfrom2007to2016involvedexpendeddatacollectionandnavigationacrosstheInternetandDarkWebinsearchofbrandfraudandmisrepresentation.Earlyriskanalyticsemergedduringthisperiodwhichallowedformoreseriousthreattobemonitoredandevenmitigated.Thirdgenerationbrandprotectionfrom2016to2025shouldexpecttoseeamorecomprehensive,BigDataanalytic-basedapproachtodigitalriskmonitoringandmitigation.All-sourceinvestigationwillpowerthesemethodswhichwillprovidestrongerbrandprotectionandidentificationofmuchmoreseriousthreatstobrand,domain,andreputation.
Figure26.2018BrandProtectionOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,sincethisriskhasbecomesomuchmoreprominent.OnecouldarguethattheRussianhackingoftheUSelectionsin2016,forexample,involvedlarge-scalebrandandreputationtamperingagainstoneofthepoliticalpartiesintheUnitedStates,andthatthisattackmighthavebeenaddressedbya
nationalprogramofdigitalriskmonitoringandbrandprotection.Gradualrecognitionofthisfactwilltendtohighlighttheimportanceandpracticalapplicationofthesenewprotectionmeasures.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsshouldeducatethemselvesimmediatelyaboutthevalueofdigitalriskmonitoringandbrandprotection.Manyexcellentnewvendorshaveemergedthatcanbeinterviewed,tested,andpartneredwithtocreateanewprogram,whereonepreviouslydidnotexist.Platformsolutionsarenowmoreprofessional(lessemphasisonsitescraping)withadvancedanalyticsthatcanlearntorecognizepotentialdigitalriskstoorganizationalassets.Checkaroundthecompanytomakesureyourmarketingorpublicrelationsteamshavenotalreadyengagedsimilarcapabilitiesforadjacentpurposes.Thiswouldnotbebadnews,bytheway,butratherwouldprovideanaturalpartnerforsharingcostsandexpendingexistingcontractsandrelationships.AdviceforSecurityTechnologyVendorsIfyouareprovidingdigitalriskmonitoringandbrandprotectionsolutions,thenyoualreadyknowthatthisisamassivelygrowingaspectofcybersecurity–especiallysincetheelectiontamperingof2016intheUnitedStates.Maintainyourfocusonautomation,becauseascustomerlistsgrow,theabilityforhumananalyststoscaletheirsupportwilldiminishquickly.Thisisanimportantfacttosharewithyoursalesandmarketingteamsbecausetheirpresentationsstilltoutthebackgroundsandcapabilitiesofyourhumananalysisteams.Thiswillcausesuspicionamongstbuyerswhoknowthathumaninvestigationonlyworkswhentheclientbaseissmall.ListofSupportVendorsAgari–Agari’sprovidesadvancedbrandprotectionenhancementviaDMARCsolutionsforemailfraud.Bouju–LocatedinLosAngeles,Boujuoffersarangeofbrandprotectionsolutionsviadatacollectionandanalysis.BradyBrandProtection–PartofBradyCorporation,thecompanyprovidesproductauthenticationlabels.Brandle–Brandleoffersitscustomersarangeofsocialmediasecurityandbrandprotectionsolutions.Brandma–ChinesebrandprotectionfirmBrandmaworkscloselywithtop-leveldomainregistrars.BrandProtect–CanadianfirmBrandProtectofferscustomersarangeofbrandprotectionservices.Brandshield–Brandshieldsupportsarangeoftechnologymethodstomonitorandprotectbrandsonline.BrandVerity–BrandVerityprovidesbrandprotectionandmonitoringservicesforsearch,Websitecontent,andcouponcodes.ChannelIQ–Chicago-basedChannelIQoffersbusinesspricing,media,andbrandmonitoringservices.CitizenHawk–CitizenHawkisaproviderofadvancedonlinereputationandbrandprotectionservices.DomainTools–DomainToolsprovidesdomain,network,andmonitoringtoolsforresearchandthreatintelligence.FirstCyberSecurity–TheUKfirmprovidesreputationalanalysisofwebsiteauthenticityforreducingfraud.4iQ–Thecompanyscanssurface,deep,anddarkwebsourcetodetectevidenceofbrand-basedfraudandmisuse.Identify–Identifyprovidesbrandprotectiontohelpbusinesseswithonlinetrademarkinfringements.MarkMonitor–ObtainedbyThomsonReuters,MarkMonitorofferssolutionsforprotectingorganizationalbrands.Microtrace–Microtraceofferssecuritysolutionsforbrandprotection,anti-counterfeiting,andproductauthorization.NetNames–NetNamesprovidesdomainregistration,brandmanagement,namealerts,andconsultingservices.OpSecSecurity–OpSecSecuritysupportsanti-counterfeiting,brandprotection,supplychainsecurity,andInternetmonitoring.Original1–Original1offersitscustomersaSecurity-as-a-Servicesolutionforbrandprotection.OneWorldLabs–OwlusesadvancedDarkNetthreatintelligencetounderstandrisksandprotectbrands.Reputation.com–LocatedinRedwoodCity,Reputation.comoffersbrandandpersonalreputationprotectionservices.ReturnPath–ReturnPathoffersarangeofanti-fraudandbrandprotectionsolutionsfortheenterprise.RiskIQ–RiskIQusesadvanced,intelligencedriventechniquestoscantheopenwebforevidenceofabuse.SecureMySocial–TheNewYork-basedfirmfocusesondetectionofsocialmediaactivitythatcouldbeconsideredabusive.
Sproxil–SproxilprovidesaconsumerSMSandappproductverificationservicetoreducecounterfeitrisk.Stealthmark–RecentlyacquiredbyWellnessCenter,Stealthmarkoffersproductauthorizationsolutions.TheMediaTrustCompany–ThecompanyprovidesmediasecurityscanningforWebsites,advertisements,andmobile.YellowBP–YellowBPprovidesawiderangeofbrandprotectionandanti-counterfeitingsolutions.YourInternetDefender–YourInternetDefenderprovidesaserviceformanagingonlinereputation.ZeroFOX–Baltimore-basedZeroFOXsocialmediaanddigitalsecuritysolutionstoprotectorganizationsacrosssocial,mobile,webandcollaborationplatforms.Control27:BugBountySupportBugBountysupportinvolvesin-houseandthird-partyinfrastructureset-uptoacceptvulnerabilityinformationfromexternalresearchersforreviewandpotentialreimbursement.Thisinfrastructureconsistsofstaff,policies,procedures,tools,incidentresponsemeasures,andfinancialpaymentsystems.Largercompaniesoftensetthisupthemselves,butincreasingly,thisisperformedinconjunctionwithavendorproduct,platform,orserviceoffering.Vendorsprovideanimportantlayerofcoordinationandevenprotectionbetweenresearchersand(ahem)hackers,andtheenterprisesecurityteamstaff.Vendorsalsoprovideplatforms,coordinatedcommunitiesoftesters,andpaymentmethodsthatgreatlysimplifytheprocessofpayingexternalhackerstotestexternallyvisiblesystemsinanenterprise.Itappearsinevitablethatevenmuchsmallercompanieswillbeginusingthisprocess,simplybecauseitoffersacost-effectivemeansfordetectingcertainerrorswithoutmuchrequiredset-up.Themostcommonmistakemadeinabugbountyprograminvolvemisinterpretingquietperiodswithsecurity,andbusyperiodswithinsecurity.Instead,bugbountyprograms,likepenetrationtesting,provideareasonablydependablemeansforshowingthepresenceoferrors,butnevertheirabsence.GeneralOutlookThegeneraloutlookforbugbountysupportinvolvestransitionfromearlybugbountieswithpurelyreactiveresponsesolutionstobugbountiesfocusedmoreonpreventingproblems.Thistransitionalsoincludessimplereimbursementforreportedbugstomorecomprehensive,relationship-orientedprogramsbetweenenterpriseteamsandsecurityresearchers.Firstgenerationbugbountyprogramsfrom1998to2007involvedearlyadoptersdealingwithoccasional,exceptionalreports,withnon-uniformmeansforreimbursement.Secondgenerationbugbountyprogramsfrom2007to2016involvedmorecreativesolutionsfromvendors,withmorecomprehensiveadoption,andmoreuniformapproachestoimportanttaskssuchasresearchercompensation.Thirdgenerationbugbountyprogramsfrom2016to2025shouldexpecttoseefullcoverageacrosstheentireindustryfocusingmoreonearlyindicatorstopreventratherthanjustreacttoissues.Increasedvettingwillimproverelationshipsbetweenenterpriseteamsandresearchers,whichwillintroducebettermeansforcompensation.AwiderrangeofvendorserviceswillalsoemergetosupportbugbountiesinmorespecificandnicheareassuchasICSandIoT.
Figure27.2018BugBountyOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,anditisdifficulttofindmanydownsidesinbugbountyprovisionforbothenterpriseandvendors.Bothwillseeagrowingecosysteminthecomingdecade,andsoon,theuseofbugbountieswillbeascommonaspenetrationtestingandotherfamiliarmeansfordetectingvulnerabilities.AdviceforEnterpriseSecurityTeamsIfyoudonothaveabugbountyorcrowdsourcedvulnerabilitydiscoverysolutiontoday,thengetone.ResearchersandhackersaregenerallywillingtofollowyourdefinedproceduresiftheydiscoveranissueinoneofyourInternet-visiblesystemsorservices.Ifyoudonotpublishanyprocedures,however,thentheirresponsewillbeadhoc.Enterprisebuyersshouldbecarefultocheckwiththeirbugbountysolutionprovidertomakesurethatadhocreportingfromunknownresearchersiscoveredintheecosystem.Somebugbountysolutionprovidersofferexcellent,vettedresearchteamsthatattackyourservicesandprovideamazingvalue;buttheseservicesdonotaddresstheproblemofstrayhackersstumblingontoanissueonyoursite.You’llneedtodoanend-to-endassessmenttomakesureyouhavebugbountysupportandwell-definedproceduresforanyonenotpartofadefinedbugbountycommunity.AdviceforSecurityTechnologyVendorsTimesshouldbegoodforbugbountyprovidersinthecomingdecade,especiallydown-marketforSMBcustomers.Despitetherelativelysmallnumberofvendorssupportingbugbountytoday,morecompetitionwillemergeinthisareaduetorelativelylowbarrierstoentry,sofindingauniquevaluepropositionisessential.Acreativeoptionforsomeprovidersmightinvolveviewingdiscoveredvulnerabilitiesasitemsofvalue,fromwhichmarketsmightemerge.Justastradingoccursforcommoditiesandsecurities,thepossibilityemergesthattradingmightoccurfordiscoveredvulnerabilities.Whiletheideaoftradingvulnerabilitiesmightnotsoundappealing,itisanexampleofthetypeofout-of-the-boxthinkingthatwillberequiredforbugbountyteamstodifferentiateinthecomingyears.ListofSupportVendorsBugBountyHQ–BugBountyHQprovidesaplatformandresourcesinsupportofBugBountyprograms.BugCrowd–BugCrowdoffersacrowd-sourcedapproachtovulnerabilitydiscovery.
Cobalt–OriginallycalledCrowdCurity,Cobaltinvolvesteamsofcrowdsourcedsecurityresearchers.HackerOne–HackerOneoffersasecurity-as-a-service(SaaS)platformforoperatingacorporatebugbountyprogram.HackingTeam–TheItalianfirm(controversially)sellsoffensiveintrusionandsurveillancecapabilitiestogovernments.MitnickSecurity–TheprofessionalservicesfirmoperatedbyKevinMitnickincludesazero-dayexploitexchange.OffensiveSecurity–PenetrationtesttrainingfirmOffensiveSecurityoperatesabugbountyprogram.Synack–Synackprovidesanadvancedintelligenceplatformforbugbountysupportwithactionableintelligence.Zerodium–Zerodiumoffersanexploitacquisitionplatformfocusedonpayingrewardsforhighconsequencevulnerabilities.Control28:CyberInsuranceCyberinsuranceinvolvestransferringaspectsofcyberriskfromenterpriseteamstoinsurancecompanies.Despiteconsiderableactivityinthepastdecade,thisremainsaweaklyunderstoodaspectofcybersecuritymanagement.Themostuncertainaspectofcyberinsuranceinvolvestheproperlevelofinsuranceforanenterprise,andhowmuchthatlevelofrisktransfershouldcostintermsofpremiums.Simpleback-of-the-envelopecalculationshelpCISOteamsdetermineifagivendealisreasonable.Forinstance,ifitcostsalargebank$5Mperyearinpremiumstoobtain$500Mininsurance,thenthisislikelyagooddealsimplybecausetwentyyearsofpremiumsamountto$100Minpayout–andthepotentialfora$500Mcyberlossincreaseseveryday.Changingthesetermsto$5Mannualpremiumsfor$50Mincyberrisktransfermightbealessattractivedeal.Yougettheidea.Herearesomeissuesthatremainsomewhatinfluxinthisimportantareaofcybersecurity:
• HumanInitiatedRisk–Humanscausethecyberrisksbeingtransferred,ratherthanActsofGodlikefloodsandstorms.Thisdifferenceaffectsthenatureofprobabilityanalysisandmakesitharderforinsurancecompaniestodeveloppredictivemodelsofoccurrence.
• Pre-ExistingRisks–Everycompanyhaspre-existingrisks,simplybecauseallsoftwareandcomplexsystemsincludebugs.Thiscomplicatesre-existinganalysisandmightleadtodiscrepanciesonceaclaimisfiled.
• GovernmentFines–Whetherornotinsurancecoversgovernmentfinesisapointofdebate,andshouldbeanimportantfactorforanyregulatedcompanyconsideringpurchaseofaninsurancepolicy.
• VettingandDueDiligence–Theprocessofperformingvettedduediligenceforapotentialbuyercouldinvolvelargenumbersofunderwriterswhoneeddetailedinformationaboutabuyer’ssecurityprogram.CISOsshouldnotprovidesuchdatatopeopletheydonotknow.
Despitethesechallenges,cyberinsurancewillcontinuetoevolveintoavitallyimportantaspectofthecybersecurityequationforallsizesandshapesofenterprise.GeneralOutlookThegeneraloutlookforcyberinsuranceinvolvestransitionfromahighlyvaryingsetofdifferentcoveragelevelsandpremiumstoaconvergedandmoreuniformsetofofferings.Inaddition,atransitionison-goingfromadhocbuyerdecisionsaboutwhethertopurchasepolicies,tomore
maturebestpracticesforcyberinsurancerisktransfer.Firstgenerationcyberinsurancefrom1998to2007involvedtheearliestinsuranceofferingspurchasedbyearlyadopterswithunclearriskbasesandequations.Adoptionofcyberinsuranceduringthisperiodwaslow.Secondgenerationcyberinsurancefrom2007to2016involvedagreatlyexpandedmarketplacewithmoreuniformandunderstandablecoverageandpremiums.Executivesandboardsalsobecamemorefamiliarandcomfortablewithcyberinsuranceasaviablerisktransferoption.Thirdgenerationcyberinsurancefrom2016to2025shouldexpecttoseeessentiallyfullcoverageacrosstheentirebuyingindustry,perhapsexcludingsmallercompaniesintheSMBsegment.Cyberinsurancewillbecomeaneffectiveriskmanagementtoolwithexpandedoptions.CISOexpertisewillbeusedtohelpimprovethefinancialequationstodetermineproperriskcoverage.
Figure28.2018CyberInsuranceOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,andtheexpansioninthisindustryisalreadyoccurring.Mostinsurancecompaniesviewcyberproductsasoneoftheirmostpromisingareasoffuturegrowthandthebrokersandagentsareallgearinguptoprovideexpandedsupportaswell.AdviceforEnterpriseSecurityTeamsIfyouworkinalargercompany,thenyourboardhasprobablyalreadybeguntoprobeaboutcyberinsurance–thatis,ifyoudon’talreadyownapolicy.Boardstypicallyhaveapoorunderstandingoftruecyberrisk,soyouwillhavetohelpthemunderstandthenatureofconsequenceafteranattack.Bemindfulofthechallengesofduediligence,becauseinsuranceunderwriterswillwanttoknoweverysensitivedetailaboutyourprogram.OneaspectofthecyberinsuranceprocurementprocessthatmakestheproductirresistibleformostCISOsisthatenterprisesecuritybudgetsarerarelyonthehookfortheinsurancepurchase.Whatthisimpliesisthatadditionalriskmanagementisofferedtothesecurityteamwithoutimpactingtheircapital,headcount,oroperatingexpense–simplybecausefinanceteamsusuallycoverinsurancepurchases.Thismakescyberinsuranceamust-doformostsecurityteams,especiallyinlargercompanies.
AdviceforSecurityTechnologyVendorsInsurancecompaniesofferingcyberrisktransferproductsforenterprisemustbecarefultomaintainsolidquantitativemodelsoflikelihoodandconsequenceofcoveredattacks.Thisisawonderfulgrowtharea,butitalsocomesfraughtwithunusuallyhighriskofmassivelycascadedattacksthatcouldcutthroughswathsofindustryinamatterofminutes.Thepotentialforthecyberequivalentofa2008AIG-likeevent,whereinsufficientcapitalexiststocoveralltheclaimsafteramassiveglobalbreach,mustbemodeledandfactoredintopremiumsandreserve.Brokersandagents,ontheotherhand,shouldexpecttoseemostlyupsideherewithagreatermarketofbuyers.Allpurveyorsofcyberinsuranceshouldseekcreativedifferentiatorssuchaspartnershipsanddiscountsfromthebestavailablesecurityvendors.ListofSupportVendorsAIG–AIGisalargeinsurancecompanythatisnowofferingcyberinsurancepoliciestocompanies.BCSInsuranceCompany–BCSincludesCyberandPrivacyLossProtectioninsurancethatcoversfinesandcoverageto$30M.Chubb–ChubbrecentlyacquiredbytheACEGroup,thatoffersarangeofcyberinsurancepolicyofferings.CoverWallet–CoverWalletisaninsurancemanager,withanon-lineplatformthatprovidesbrokerservices.ECBM–LocatedinPennsylvania,ECBMisabrokerthatprovidescyberinsuranceconsultingandbrokerageservices.IDT911–IDT911isabrokerprovidingcyberinsuranceproductsandconciergeprofessionalservices.Insureon–Insureonisabrokerthatwillconnectsmallbusinesseswithanappropriateagentforcommercialinsurance.IntegratedCoverageGroup–IntegratedCoverageGroupisanindependentinsuranceagentsupportingcyberinsuranceplans.LockeLord–LockeLordisalargelegalfirmwithexpertiseandexperienceintheinsuranceindustry.Lockton–Locktonisaninsurancebrokeragethatwritespoliciesforcyberriskmanagementtoaugmentdatabackup.PhiladelphiaInsuranceCompany–PhiladelphiaInsuranceCompanymarketsaCyberSecurityLiabilityprogram.JohnReedStarkConsulting–JohnReedStarkConsultingprovidesindependentconsultingforcyberinsurance.TechInsurance–TechInsuranceisabrokerthatoffersbusinesscustomersupportforbuyingcyberinsurance.Travelers–Travelersofferscyberinsurancepoliciesforpublicentities,technologycompanies,andsmallbusinesses.XLCatlinGroup–XLCatlinGroupofferspoliciesthatcoverreasonablecustomizedcostsafterabreach.Zurich–Zurichofferscomprehensivedatabreachinsuranceprotectionanddatamanagementsolutions.Control29:GRCPlatformGovernance,Risk,andCompliance(GRC)platformssupportembeddedinitiativeswithinanorganizationtoidentify,control,andmanagerisks,andtoensurethehighestlevelsofintegrityforallfacetsoftheorganizationalmission.Despitethisstiffdefinition,GRCtoolsareawelcomeadditiontotheenterprisesecurityteam’sarsenal,simplybecausetheyprovidesupportforthreechallenginggoals:First,theyuseautomationtoeasethecompliancetaskforanyrequiredframeworkssuchasPCIandNIST.Second,theysupportbroadgovernanceinanumbrellamannertohelpprioritizeheterogeneousriskacrossallfacetsofabusiness.Third,theysupportamethodologythatembedsGRCdatacollectionandmitigationdirectlyintobusinessunitprocesses,ratherthanasatraditionaloverlay.Surprisingly,mostCISOteamsarestilljustlearningtofullyutilizethepowerofGRCplatforms–someevenusingtheworkflowcapabilityforadjacentneedssuchasincidentresponsehandlingandsupport.MorecompaniesintheSMBcategoryarebeginningtofindGRCplatformsusefulaswell,withcloud-basedSaaSofferingsemergingtosupportthisneed.GRCplatformsareabrightspotinthecybersecurityvendorecosystem,becausetheysupportthenoblegoalsofsimplifyingpaperwork,compliancereporting,andmanagementinteraction–allofwhichfreeupcybersecuritystafftofocusonmoreimportantoperationaltasks.
GeneralOutlookThegeneraloutlookforGRCplatformsinvolvestransitionfromstand-aloneenterprisehostedsystemstovirtualized,hybridcloud-hostedcapabilitiesinanas-a-servicemode.Thistransitionalsoincludesashiftfromtraditionalnon-embeddedcomplianceoverlaystoGRCsolutionsthatarefully-embeddedintobusinessunitworkflow.FirstgenerationGRCplatformsfrom1998to2007involvedearlyriskmanagementfeaturesthattrackedbasiccomplianceusingsimpleworkgovernanceprocesses.ManysecurityteamsfirstbecameawareofGRCduringthisperiod,butmanydidnotpurchaseplatformsupport,optingtouseMicrosoftExcelandmanualprocedures.SecondgenerationGRCplatformsfrom2007to2016sawanexpansionofautomatedsupportintheenterprise,withearlyembeddedhooksintobusinessunitsforGRCdatacollection.Moreextensiveriskmanagementtaskscouldthusbeperformedbasedonmultipledifferentcomplianceframeworks.Duringthisperiod,GRCplatformtrulybecamepartofthecybersecuritylexicon.ThirdgenerationGRCplatformsfrom2016to2025shouldexpecttoseeaheavytransitiontocloudservices,withvirtualizedfunctionsforlighter,as-a-serviceusage.GRChookswilldrivedeeperintobusinessunitprocesses,perhapsfollowingthebusinessintothecloud.GRCplatformsupportwillbecomeamorecommonelementofsmallercybersecurityteamarchitectures,especiallyinbusinesseswithmorecompliancerequirements.Thisincludessmallregionalbanksandfinancialinstitutions,aswellasanysmallerbusinessesprovidingpartsorcomponentsolutionstolargerorganizationswithdemandingcomplianceneeds.ThepushtocascadeGRCandcomplianceframeworksupportfromlargerbusinesscontextsdowntoallsmallerthird-partieswilldrivetheGRCplatformbusinesstohigherlevelsofusageandrevenuegrowth.
Figure29.2018GRCPlatformsOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,sincethelikelihoodofcomplianceneedsbeingdriventoalargerpercentageoftheSMBandhybridcloud-basedecosystemhasalreadybegun.Itseemsobviousthattheneedtoautomatecompliancewillgrow,sothepredictionthatGRCplatformusagewillincrease,virtualize,andbecomemoreembeddedshouldnotbeviewedascontroversial.
AdviceforEnterpriseSecurityTeamsAllenterprisesecurityteamsbynowshouldbeusingsomesortofGRCplatformtosupportcomplianceandriskactivities.Largerteamshavealreadyexperiencedtheobviousbenefits,andnowsmallerteamsshouldexpecttoseeriskmanagementandcomplianceimprovementsthroughautomation,especiallyiftheyfindagoodSaaSpartneratalowcost.JustabouteverybuyeratsomepointwillbeexposedtoamarketingorsalepresentationonapowerfulGRCtoolfromoneoftheindustry-leadingplatformproviders.Forsmallerteamswithlighterbudgets,considerthesepowerfultoolsaspirational,andtakesolaceinthefactthatadministration,configuration,andset-upactivitiesforthesetoolsarenon-trivial.Smallerteamsshouldsticktolighter,cloud-basedplatforms–albeitwithmoremodestfeatures.AdviceforSecurityTechnologyVendorsTwochallengesexistforGRCplatformvendors:First,apartfromacoupleofmassive,industryleadingoffers,thereisalongtailofsolutionprovidersinthisarea.Asaresult,differentiationbecomesdifficult.Perhapsthebestadviceistouseprofessionalservicesandconciergetreatmentforcustomerstocreateamoreuniquevalueproposition.Second,theenterpriseisshiftingrapidlyfromperimeter-basedenterprisetoamoreheterogeneouscollectionofhybridcloudservicesfrommanydifferentserviceandapplicationproviders.TheGRCecosystemandchallengewillthusshiftfromembeddedcollectiontoafederatedsharingmodel,wherecompanieswilldemandGRCintegrationfromthirdparties.ThebestGRCplatformsolutionswillincludeconnectors,interfaces,andAPIstoeasethistaskofcreatingaGRCprogramfrommanydifferentconstituentbusinessunits,partners,suppliers,andevencustomers.ListofSupportVendorsACL–VancouverfirmACLoffersproductsandservicesfocusedongovernance,risk,andcompliance.ActiveRisk–ActiveRiskprovidesanadvancedplatformsolutioncalledActiveRiskManagerforenterpriseriskmanagement.AlertEnterprise–AlertEnterprise,providesanext-generationgovernance,risk,andcompliancesolutionforenterprise.Allgress–Allgressprovidesagovernance,risk,andcompliancesolutionwithemphasisonbusinessriskintelligence.ARAMATECH–LocatedinDenmark,ARAMATECHoffersagovernance,risk,andcompliancesolutionforenterprise.Aruvio–Aruvioprovidesasuiteofadvancedcontinuousgovernance,risk,andcompliancesolutions.AuditSquare–AuditSquareprovidesauditandconfigurationassessmenttoolsforWindows.AvePoint–JerseyCityfirmAvePointoffersarangeofgovernance,risk,andcompliancesolutions.Bitcrack–SouthAfricanconsultingfirmBitcrackoffersservicesrelatedtogovernance,risk,andcompliance.BlueLance–Houston-basedBlueLanceprovidesenterprisesolutionsforgovernance,risk,andcompliance.Brinqa–AustinfirmBrinqaoffersanintegratedGRCplatformforanalysisofbusinesscomplianceandrisk.BWise–NASDAQfirmBWiseprovidesanadvancedgovernance,risk,andcompliancesolutionforenterprise.Cisco–Ciscooffersagovernance,risk,andcompliancesecurityassessmentserviceforitsenterprisecustomers.CMT–CMTprovidesacomprehensiveportfolioofsecurity,compliance,andrelatedsolutionsforbusiness.Coalfire–Coalfireprovidesadvisoryprofessionalservicesongovernance,risk,andcomplianceissues.CompliancePoint–ThecompanyperformsGRCassessmentsandauditswithemphasisoncallandcontactcenters.Compliance360–AlpharettafirmCompliance360providesanadvancedGRCsolutionforenterprise.ControlPanelGRC–ControlPanelGRCoffersanadvancedgovernance,risk,andcompliancesolutionforSAP.Convercent–Convercentprovidesanethicsandcompliancesoftwaresolutionforenterprisecustomers.CriticalWatch–CriticalWatch,partofAlertLogic,providessecurityrisk,vulnerability,andcomplianceplatforms.CuraSoftware–SingaporefirmCuraSoftwareoffersglobalcustomersanadvancedGRCsolutionforenterprise.Cytegic–Thecompanyoffersanadvanced,automatedriskmanagementplatformforenterprise.Deloitte–Deloitteprovidesprofessionalservicesrelatedtogovernance,risk,andcomplianceissues.DeltaRisk–SanAntonio-basedDeltaRiskprovidesstrategicadviceandexpertconsultinginGRC.Elemental–LasVegas-basedElementalprovidesGRCmanagementsolutionsforenterprisecustomers.EMC/RSA–RSAofferstheindustry-leadingArcherplatform,whichincludesallbaselineandadvancedGRCfunctions.Enablon–Enablonincludesanadvancedgovernance,risk,andcompliancesolutionforenterprise.
EY–GlobalconsultingfirmEYacquiredIntegrcandoffersgovernance,risk,andcomplianceservicesforSAPusers.FairWarning–FairWarningprovidesenterprisesecurityandcomplianceintegrationacrosstheenterprise.Fastpath–GRCStudiofromFastpathisanintegratedgovernance,risk,andcompliancetoolforenterprise.TheGRCGroup–TheGRCGroupisamemberorganizationwithresourcessupportingGRCprograms.GRC20/20Research–GRC20/20Researchoffersgovernance,risk,andcomplianceadvisoryserviceswithadviceforbuyers.HighWaterAdvisors–ConsultingfirmHighWaterAdvisorsoffersgovernance,risk,andcomplianceadvisoryservices.IBM–IBM’sOpenPagesoffersanadvancedgovernance,risk,andcompliancesolutionforitscustomers.InfoDefense–TheInfoDefenseplatformincludessupportforgovernance,risk,andcompliance,aswellasIAMandDLP.IntelleSecure–IntelleSecureisanIndianfirmthatprovidesgovernance,risk,andcompliancetraining.KPMG–KPMGprovidesprofessionalservicessupportinggovernance,risk,andcomplianceissues.LeviathanSecurityGroup–Seattle-basedLeviathanoffersinformationsecurityandGRCconsulting.LockPath–TheKeylightplatformfromLockPathisanadvancedgovernance,risk,andcompliancesolutionforenterprise.LogicManager–Boston-basedfirmLogicManagerprovidesanadvancedenterpriseriskmanagementsolution.Mega–Megadevelopstoolstosupportgovernance,risk,andcompliancesolutionforenterprise.Metacompliance–Metacomplianceprovidesarangeofproductsandservicessupportinggovernance,risk,andcompliance.MetricStream–MetricStreamprovidesanadvancedgovernance,risk,andcompliancesolutionforenterprise.Modulo–ModuloisaNewJersey-basedfirmthatprovidesgovernance,risk,andcomplianceservices.Mycroft–NowpartofEY,Mycroftincludesgovernance,risk,andcomplianceconsultingservicesinitsIAMsuite.Namtek–Bedford-basedNamtekoffersagovernance,risk,andcomplianceprofessionalservicespractice.NavexGlobal–NavexGlobalprovidessoftware,content,andservicestosupportgovernance,risk,andcompliance.Nettitude–Nettitudeincludesconsultingservicesforgovernance,risk,andcompliancesolutionsintheenterprise.NextLabs–NextLabsdataprotectionandIAMplatformssupportgovernance,risk,andcompliance.OCEG–OCEGisanon-profitgroupsupportinggovernance,risk,andcompliancebestpracticesandsolutions.Oracle–OracleprovidestheFusiongovernance,risk,andcompliancesolutionforenterprisecustomers.Paladion–TheRisqVuplatformfromPaladionisanadvancedGRCtoolsupportingworkflowandauditmanagement.Panaseer–Panaseeroffersaplatformforintelligenceonanetworkincludingcybersecuritythreatidentification.PervadeSoftware–PervadeSoftware,headquarteredintheUK,offerssecuritycompliancemonitoringsolutions.PicusSecurity–LocatedinTurkey,PicusSecurityprovidessolutionsforcompliancemonitoringandassessment.Prevalent–TheNewJersey-basedfirmoffersawiderangeofGRCconsultingservicesandadvancedplatformsolutions.Protiviti–ProtivitioffersitsGovernancePortaltosupportgovernance,risk,andcompliancewithinenterprise.PwC–PwCprovidesconsultingservicesinsupportofadvancedgovernance,risk,andcompliance.Resolver–CanadianfirmResolverofferscustomizedgovernance,risk,andcompliancesolutionsinthecloud.RiskLens–RiskLensoffersanadvancedplatformandmethodologyforestimatingenterprisesecurityrisk.RiskVision–SunnyvalefirmRiskVision(formerlyAgiliance)offersanintegratedGRCsolutionfortheenterprise.Rofori–Manassas-basedRoforioffersacapabilityformanagingcyberrisksconsistentwiththeNISTFramework.Rsam–RsamprovidesanintegratedGRCplatformwithvendorriskmanagementandcapabilitytobuildcustomapps.RSD–RSDoffersrangeofinformationgovernanceservicesinsupportofgovernance,risk,andcompliance.RSM–FormerMcGladrey,RSMoffersitscustomersadvancedgovernance,risk,andcomplianceservices.QuadMetrics–AnnArbor-basedQuadMetricsoffersadvancedtoolsforestimatingenterpriserisk.SaaSAssurance–IrishfirmSaaSAssuranceoffersacomplianceplatformformanagingGRCinenterprise.SAIGlobal–SAIGlobalprovidesSaaS-based,advancedgovernance,risk,andcompliancesolutionforenterprise.SAP–SAPprovidesanintegratedsetofgovernance,risk,andcompliancefeaturesforSAPusers.SAS–TheSASEnterpriseplatformautomatestherangeofgovernance,risk,andcompliancefunctions.Saviynt–LosAngeles-basedSaviyntprovidesanadvancedcloudaccessgovernancesolutionforenterprise.SDG–TruOpsisanadvancedgovernance,risk,andcompliancesolutionforenterprisecustomers.SecureDigitalSolutions–TheMinnesota-basedfirmoffersarangeofGRCconsultingservicesforcustomers.SecurityWeaver–LocatedinTheNetherlands,SecurityWeaveroffersGRCsolutionsforSAPusers.SecZetta–SecZettaprovidesarangeofconsultingservicessupportinggovernance,risk,andcompliance.SignaCert–SignaCert,locatedinTexas,offersproductsolutionsforautomatedcontinuouscompliancemonitoring.SoftwareAG–TheARISplatformfromSoftwareAGsupportsgovernance,risk,andcompliancesolutions.STEALTHbits–TheNewJersey-basedfirmprovidesarangeofdataaccessgovernancesolutionsforenterprise.Symantec–Symantecofferssolutionsforcontinuousmonitoringofinfrastructureforcomplianceandaudit.TemplarShield–TemplarShieldprovidesarangeofGRCsecurityconsulting,managedsecurity,andrecruitingservices.Tevora–TevorasupportsarangeofenterpriseriskmanagementsolutionsusingitsHydraRiskModel.ThomsonReuters–TheEnterpriseRiskManagerfromThomsonReutersisanadvancedGRCplatform.Titania–UK-basedTitaniaprovidesauditcompliancetoolsforenterprisedevices,servers,andworkstations.TraceSecurity–TraceSecurityofferstheTraceCSOgovernance,risk,andcompliancesolutionforenterprise.TrustWave–TrustWaveGRCisanadvancedgovernance,risk,andcompliancesolutionforenterprise.
TurnkeyConsulting–TurnkeyConsultingoffersSAPGRCConsultingservicesforenterprisecustomers.VerisGroup–InformationassuranceproviderVerisGroupincludesGRC-relatedsupportforgovernmentcustomers.VivoSecurity–VivoSecurity,locatedinLosAltos,providesarangeofautomatedriskcalculationsolutions.WinterhawkConsulting–WinterhawkConsultingoffersrangeofgovernance,risk,andcomplianceservicesforenterprise.Control30:IncidentResponseAsitsnameimplies,incidentresponseinvolvesthepeople,processes,andtechnologyrequiredforanorganizationtodealwithon-goingorcompletedcyberattacks.Traditionally,incidentresponseinvolvedcleaning-upacybermessafterithadoccurred,butmorerecently,advancedpersistentthreatshaveledtogreaterfocusintheincidentresponseprocessondetectingattackswhiletheyareon-going.Thismightseemlikeamoreproactivestance,buttherealityisthatmostcyberexploitactivityisjustlastinglonger.Incidentresponsebegandecadesagowithinterestedparties–usuallysecurityandsystemadministrators–agreeinginformallytoasetofhelpfulprocedures,contactandconferencebridgenumbers,andcasedocumentationmethodsfordealingwiththegrowingnumberofattacksthatwereoccurring.Thus,unlikemanyothertypesofcybersecuritydefense,incidentresponsegreworganicallyfromthepeoplewhoweredoingthework.Increasingly,incidentresponseisdependentonautomatedworkflow,andvendorshavesteppeduptothetaskofcreatingintelligent,incident-awareautomationthathelpsmovetheresponseactivityalongmorerapidlyandeffectively.Onewouldexpectthatthisautomationwilleventuallymovemostofthehumaninvolvementoutoftheway,sothatvirtualizedincidentresponsefunctionalitywillbeusedproactivelytodealwithareal-timestreamofindicators.Inthissense,onecanseeincidentresponsebegintocollidewithliveattackdetection–whichisacompetitivesituationfewmighthavepredictedinthepast.GeneralOutlookThegeneraloutlookforincidentresponseinvolvestransitionfromreactiveresponseinthepresenceofclearevidenceofattackswithfewfalsepositivecases,tomoreproactivefocusonearlyindicators,whichcouldincreasefalsepositivesituations.Iftheincidentresponsefunctionisvirtualandautomated,thenfalsepositivesbecomelargelyirrelevant.Firstgenerationincidentresponsefrom1998to2007involvedadhoccoalitionsofITandsecurityprofessionalsusingmanualprocessestohandlecases.Therewaseitherpoorornon-existenttestingofincidentresponse,butsomeofthemorevisionaryteamsbegantofocusonautomatingworkflow.Secondgenerationincidentresponsefrom2007to2016involvedimprovedautomationfrombetterdefinedteamsusingmoreadvancedmetricsinaproactivemanner.Duringthisperiod,incidentresponseestablisheditselfasamandatorycomponentofeveryCISOteam’sarsenal.Automatedincidentresponseplatformsalsobecame,duringthisperiod,morepopularvendorsolutionofferings.Thirdgenerationincidentresponsefrom2016to2025shouldexpecttoseeaheavyintroductionofautomation,withintegrationintosecurityoperationcenter(SOC)workflow.Incidentresponseactivitieswillhavetoexpandduringthiscomingperiodtohandlemorethird-partycases,aswellascloudandSaaSinfrastructure.TheemergenceofhuntteamsinSOCsprovidesanaturalpointofgreatcoordinationwithexistingornewincidentresponseteams,simplybecausethegroupshaveoverlappingcharterswithrespecttoon-goingorganizationcyberincidents.
Figure30.2018IncidentResponseOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,sincethegrowthandprogressionofincidentresponsefromitsorganicrootstoitsautomatedfuturehasgonejustaboutaseveryonewouldhaveexpected.Thetrendtothird-parties,cloud,andSOCcoordinationwithhuntteamsseemsjustasobvious.AdviceforEnterpriseSecurityTeamsEveryenterpriseandITsecurityteamcanimproveitsincidentresponseproceduressimplybecausehumancoordinationisinvolved,andthatisneverperfect.Smallerteamsshouldfocusmoreonthebasics,whereaslargerteamsshouldhaveaneyetoautomatedworkflowmanagement.EverysizeteamshouldbeexaminingtheimpactonincidentresponsemethodsofgreaterhybridcloudusageofSaaSserviceswithgrowingdependenceonthird-parties.Thiswilltendtoincreasethecomplexityandreducethecycletimesformostincidentresponsetasks.NewerincidentresponseplatformsshouldincludeAPIsandfederationsupportsothattwoorganizationsworkingtogethermightcoordinatetheirrespectiveautomationduringajointincident.AdviceforSecurityTechnologyVendorsThefocusforincidentresponseplatformsshouldbeintwoprimaryareas:First,vendorsmustoptimizetheworkflowautomationintheirtools,becausethatwillincreasinglybecometheprimarydifferentiator.Embeddinganalyticsandsmartalgorithmsintoincidentresponsetoolswillbewelcome,butthiswillnotbetheprimarycriterionforbuyers.Second,incidentresponsevendorsmustensurethehighestlevelofopeninterfacesintheirproducts,becausebuyersaregoingtostartdemandingthatallsupportplayersinanecosystemconnecttheirincidentresponseautomationtogetherduringacase.InanSDNcontext,onecouldimagineseeingdynamicservicechainingofdifferentcompany’sincidentresponseapplicationsbeingdonethroughsomeISPcarrier’snorthboundSDNcontrollerinterface.Thisisadvancedstuff,butitseemsperfectlyfeasiblegivencurrenttechnology.ListofSupportVendors
AccessData–AccessDataprovidesdataforensicsproductsandservicesforcybersecurityincludingincidentresponse.ArcticWolfNetworks–ArcticWolfNetworksprovidessecurity-as-a-servicecloud-basedSIEMwithincidentresponse.CounterTack–CounterTackfocusesonendpointsecuritywiththepotentialforactiveretaliationtoon-goingattacks.CrowdStrike–CrowdStrikeoffersexpertincidentrespondersasaprofessionalservicefortheenterprise.CyberSponse–CyberSponseprovidesacollaborationplatformforsupportingsecurityincidentresponse.Cyfir–Cyfirprovidesanenterpriseforensicssuitetosupportcomputerandnetworkinvestigationsandincidentresponse.D3Security–D3Securityprovidesanadvancedplatformforincidentmanagementandresponsesoftware.EmaginedSecurity–EmaginedSecurityprovidesprofessionalconsultingservicesforinformationsecurityandcompliance.EnclaveForensics–EnclaveForensicsprovidesincidentresponseanddigitalforensicservicesforenterprisecustomers.FastOrientation–FastOrientationprovidessoftwarethatallowsITorganizationstoexploreITeventsinrealtime.FireEye–FireEyeincludestheindustry-leadingMandiantplatformandprocessforsupportingincidentresponse.4Discovery–4Discoveryprovidesdigitalforensicsincludingmobile,remotecollection,computeranalysis,andreporting.GuidanceSoftware–LeadingdigitalforensicsfirmGuidanceSoftwaresupportincidentresponseactivitiesintheenterprise.IBM–IBMnowprovidestheResilientplatformforincidentresponse.IDExperts–IDExpertsprovidesaSaaSplatformforaggregatingbreachdetailsduringresponse.Intel–Intelprovidessecurityconsultingservicesthatincludesupportforincidentresponse.ISARR–ISARRprovidesaWeb-basedplatformformanagingrisk,resilience,response,andsecurityintelligence.Kroll–Krolloffersarangeofcyberandphysicalinvestigatoryservicesthatareusefulduringincidenthandlingandresponse.K2Intelligence–K2Intelligencesupportinvestigationsandresponsebefore,during,andafterabreach.Larson–LarsonSecurityprovidescybersecurityservicesincludingdigitalforensicsandincidentresponse.LIFARS-LIFARSprovidescybersecurity,digitalforensics,andincidentresponsesupportandservicesMaddrix–Maddrixprovidesincidentresponseprofessionalservicesincludingremediationandthreatintelligence.Modulo–Modulooffersaplatformthatisusedfrequentlytoautomateworkflowmanagementduringresponse.Palerra–PalerraprovidesaSaaSplatformforthreat,analytics,andincidentresponseinpubliccloudofferings.Praetorian–Praetorianprovidesprofessionalservicesinsupportofenterpriseincidentresponse.ReversingLabs–ReversingLabsoffersadvancedthreatprotectionandanalyticswithsupportforincidentresponse.RokaSecurity–RokaSecurityprovidesarangeofsecurityconsultingservicesincludingsupportforincidentresponse.RSA–ManyenterpriseteamsusetheRSAArcherGRCplatformtoautomateworkflowforincidentresponse.SecureState–SecureStateisaglobalmanagement-consultingfirmfocusedoninformationsecurityandincidentresponse.SecurityManagementPartners–SecurityManagementPartnersprovidessecurityandITassurance-consultingservices.StrozFriedberg–StrozFriedberg,nowpartofAon,offersprofessionalservicesafterabreachrequiringinvestigativeresponse.Swimlane–Swimlaneoffersarangeofenterprisesupportfortheincidentresponseandhandlingprocess.Sword&Shield–Sword&Shieldprovidesarangeofmanagedandprofessionalcybersecurityservices.Syncurity–Syncurityprovidesadvancedincidentresponsesolutionsforenterprisebreachremediation.ThalesGroup–TheThalesGroupoffersarangeofcyberanddatasecuritysolutions.VijilanSecurity–Vijilanoffersarangeofmanagedsecurityservicesincludingmonitoringandincidentresponse.Xyone–Xyoneprovidessecurityconsultingincludingpenetrationtesting,compliance,incidentresponse,andtraining.Control31:PenetrationTestingPenetrationtestinginvolvesthedeliberateuseofhackingtechniquesundercontrolledconditionstodemonstratethepresenceofspecific,targetedvulnerabilitiesinsomeapplication,system,network,orinfrastructure.Manysecuritymanagersmistakenlytrytodemonstratetheabsenceofvulnerabilitiesthroughpenetrationtesting,butthiscannotbedone.Softwarelacksacontinuitytheoremwhichwouldenabletestingofarangeofvaluesandthenconcludingthatinterimvaluesfollowacontinuousshape.Instead,softwaretestingcanproduceunpredictableandadhocresults,sothismeansthatallformsoftesting,includingpenetrationtesting,playadifferentrolethanintraditionalanalogsystems.Penetrationtestingcanbeaccomplishedinthefollowingways:
• In-HouseStaff–Largercompaniesoftenhireso-calledwhitehathackerstopenetrationtesttheirsystems.Thismaynotbeoptimalforsmallercompaniesbecausethe
mischievousskillsrequiredtoprobeandhacksystemsoftendonoteasilyextrapolatetootherrequiredsecurityactivitiessuchascompliance.
• ExternalConsultants–Consultantsandpenetrationtestingprofessionalservicesaboundintheindustry,sothisisaneasytasktohireout.Companiesneedtodeterminewhethertodealwithmultipletesters,ortobuildarelationshipwithonetestinggroupforrepeatwork.
• UnknownResearchers–Penetrationtestingbyexternalresearcherswhohavenotbeenspecificallyengagedtoprobeforproblemsisadjacenttothebugbountiesprovidedbycompanies.
Theuseofpenetrationtestinghasincreasinglyreliedonautomation,anditispossiblethatbot-controlledpenetrationtestingwillbecomeamorepopulartechnique.Thedangerofsuchautomatedprobingisthatitcouldleadtodisasterifnotproperlycontrolled.TheNachiwormof2003,forexample,waspresumablyprobingforsecurityproblemstofix,whenitspunoutofcontrolandbroughtdownmassiveportionsoftheInternet.GeneralOutlookThegeneraloutlookforpenetrationtestinginvolvestransitionfrombroad,generalpenetrationteststomorefocused,domain-specifictestsinareassuchasvirtualsystems,IoT,mobility,andindustrialcontrol.Transitionisalsoon-goingfrommostlyadhocmanualpenetrationtestsbyexpertstoautomated,platformassistedtestingthatcanbedonebystaffwithlessexpertise.Firstgenerationpenetrationtestingfrom1998to2007involvedawiderangeofcapabilitiesusingmostlyadhochackingmethodswithlittlecommonalityandunevencostandpricingstructures.Secondgenerationpenetrationtestingfrom2007to2016involvedimprovedtestingtoolswithmoreprofessionalengagements.Thedisciplineemergedduringthiseraasalegitimateaspectofthecybersecurityprofessionwithincreasedcommonalityofapproach.Thirdgenerationpenetrationtestingfrom2016to2025shouldexpectmoredomain-specificityandembeddedfunctionality.Oneironyisthatwhereaspenetrationtestingautomationwillreducetheexpertiserequirementsfortesters,therequirementformoredomainknowledgemightincreasethedemandforexpertswithspecificknowledgeandbackgroundinatargetarea.Penetrationtestingplatformswilllikelyalsovirtualizetocloudoperatingsystemssothatembeddedtoolsexisttosupporttestengagements.
Figure31.2018PenetrationTestingOutlook
TheTAGCyberdegreeofconfidenceinthispredictiveoutlookismoderatetohigh,sinceconsiderablemisunderstandingexistsinthemarketplacearoundthebenefitsofpenetrationtesting.SomanyboardsandC-suitemembershavesuchadeeplackofknowledgeandunderstandinginthisareathatitmightskewtheprogressionofthisdiscipline.AdviceforEnterpriseSecurityTeamsCISOteamsmustbeclearonthis:Iftheplanistousepenetrationtestingtoidentifyandremovevulnerabilities,thenplanonemptyingoutthebudgetinrecordtime.Thisisanineffectivemethodforoperatingacybersecurityprogramandisperpetuatedbyrookieswhodonotknowbetter.CISOsinsteadmustbefullyawareofthemanyamazingbenefitsofpenetrationtestingfordemonstratingthepresenceofflaws.Afavoritetechniqueinvolvesrunningpenetrationtestsonthefinanceteaminadvanceofbudgettime.ShowtheCFOalonglistofseriousvulnerabilitiesinthefinancialinfrastructureandthiswillhavedeepinfluenceonfunding.AdviceforSecurityTechnologyVendorsVendorsshouldfocusonfourinitiativestobemoresuccessfulinpenetrationtestingduringthecomingdecade:First,theyshouldcontinuetodeveloptechnicalskills,becausewithautomation,greatercompetitionwillemergefromtesterswithweakbackgrounds.Second,theyshouldselect,develop,andintegratethebestpossibleautomatedsuitesintotheirengagements.HackingsuitestracetheirlineagebacktotoolssuchasSATANandMetasploit,andtheusefulnessofautomationhasneverwaned.Vendorsshouldthuspaycloseattentiontoresearchtoolsfromopensourceandacademiccommunitiesforideasandavailablesoftware.Third,penetrationtestingteamsshouldselectgoodareasfordomain-specificfocus,withIoT,ICS,cloud,andmobilityasexcellentcandidatechoices.Finally,penetrationtestteammanagementshouldtrytobuilddeeperrelationshipswithselectclients.Theoldshotgunmethodofhavingdifferentclienteveryweekproducesweakerresultsforthebuyerthanapartnershipwithagreatpenetrationtestteam.ListofSupportVendorsACROSSecurity–ACROSisasmall,family-ownedSloveniapenetrationtestingandresearchcompany.AppSecLabs–IsraeliapplicationsecurityexpertgroupAppSecLabshasemphasisontestingmobileapps.Atsec–Atsecisasecuritytestandevaluationgroupwithamainframepenetrationtestingservice.AT&T–AT&Toffersarangeofpenetrationtestingsolutionsthroughon-staffandoutsourcedgroups.AtredisPartners–AtredisisasmallexpertteamofpenetrationtesterswithpresenceatconferencessuchasBlackHat.AuraInformationSecurity–PartofKordia,Auraprovidesinformationsecurityandpenetrationtesting.Auxilio–TheCalifornia-basedcompanyofferssecurityrisk,compliance,andpenetrationtestingservices.AVeS–LocatedinJohannesburg,AvesprovidesarangeofITconsultingandpenetrationtestingservices.Avnet–Israel-basedAvnetprovidessecurityconsultingandpenetrationtestingwithfocusonsecuringdatabases.BINAR10–Peru-basedBINAR10providesarangeofethicalhackingandrelatedcybersecurityservices.BishopFox–Phoenix-basedBishopFoxofferssecurityconsultingandpenetrationtestingservices.Bitcrack–LocatedinSouthAfrica,Bitcrackofferssecurityconsulting,GRC,andpenetrationtesting.Bitshield–LocatedinthePhilippines,Bitshieldprovidessecurityconsultingandpenetrationtestingservices.BuddhaLabs–TheEncino-basedfirmoffersITsecurityandtestingservicesforcloudsincludingAWS.BugSec–LocatedinIsrael,BugSecoffersclientsvariouspenetrationtestingandsecurityconsultingservices.
CarveSystems–Carveprovidesfull-stackpenetrationtestingservicesforIoTdevicesandothertargets.CoalfireLabs–CoalfireLabsoffersaudit,risk,penetration,andscanningservicesacrosstheUSandUK.Comodo–PenetrationtestingisdonebyComodoDragonLabs,whichincludesstaffaroundtheworld.ContentSecurity–ContentSecurity,locatedinAustralia,offerssecurityconsultingandtestingservices.CoreSecurity–CoreSecurityofferstheCoreImpactPropenetrationtestingplatformfornetworks,endpoints,andWeb.CyberAlphaSecurityBV–LocatedinTheNetherlands,CyberAlphaSecurityoffersconsultingandtestingservices.CyberDefenseLabs–CyberDefenseLabsprovidessecurityconsultingandpenetrationtestingsolutions.Cyberis–SanAntonio-basedCyberisprovidessecurityconsultingandpenetrationtestingsolutions.DellSecureWorks–PenetrationtestingisofferedaspartoftheSecureWorksTestingandAssessmentsServices.DepthSecurity–KansasCity-basedDepthSecurityprovidessecurityconsultingandpenetrationtestingsolutions.Fortego–Maryland-basedFortegoprovidesnetworkoperations,reverseengineering,andotheradvancedcybertestservices.FRSecure–FRSecureofferspenetrationtestingaspartofitssuiteofsecurityconsultingservices.GoSecure–CanadianfirmGoSecureprovidessecurityconsultingandpenetrationtestingsolutions.Grid32Security–Newark-basedGrid32Securityprovidespenetrationtestingandvulnerabilityassessment.HackingTeam–HackingTeamprovidesoffensiveattacktoolsandsurveillancecapabilityforlawenforcementandgovernment.HackLabs–SecurityconsultingfirmHackLabsspecializesinpenetrationtestingandethicalhacking.HalockSecurityLabs–HalockSecurityLabsprovidessecurityconsultingandpenetrationtestingsolutions.Hedgehog–TheUK-basedconsultingfirmprovidesarangeofpenetrationtestingandsecurityresearchservices.High-TechBridge–LocatedinSwitzerland,High-TechBridgeprovidessecurityconsultingandpenetrationtestingsolutions.Immunity–Florida-basedImmunityprovidessecurityconsultingandpenetrationtestingsolutions.InGuardians–Washington-basedInGuardiansprovidessecurityconsulting,audit,andpenetrationtestingsolutions.ITsecSecurityServices–ITsecSecurityServicesprovidessecurityconsultingandpenetrationtestingsolutions.Ixia–TheCalifornia-basedfirmfocusesonsecurityandpenetrationtestingsolutionsforenterprise.Kaprica–Reston-basedKapricaprovidessecurityconsultingandpenetrationtestingsolutionswithemphasisonmobile.Kernel–LocatedinColoradoKernelprovidessecurityconsultingandpenetrationtestingsolutions.KoreLogic–KoreLogicprovidessecurityconsulting,applicationsecurityassessment,andpenetrationtestingsolutions.Kroll–Krollisanexperiencedsecurityfirmthatincludespenetrationtestingaspartoftheirconsultingoffer.Krypsys–UK-basedKrypsysprovidesarangeofsecurityconsultingandpenetrationtestingsolutions.Kyrus–LocatedinVirginia,Kyrusfocusesonreverseengineering,securityresearch,andrelatedtesting.LanceraSecurity–LanceraisaUtah-basedsecurityfirmthatincludespenetrationtestingasanoffer.LayerSevenSecurity–SecurityservicesgroupLayerSeven,partofCA,focusesonofferingSAPpenetrationtesting.LBMCSecurity&RiskServices–LBMChasaninformationsecurityteamwithpenetrationtestingcapability.LogicallySecure–UK-basedLogicallySecureprovidessecurityconsultingandpenetrationtestingsolutions.Lunarline–Virginia-basedinformationassurancefirmLunarlineofferspenetrationtestingservices.MavenSecurity–MavenSecurityprovidesasuiteofcybersecurityconsultingandtestingservices.MetaIntelligence–Virginia-basedMetaIntelligenceoffersriskmanagementandpenetrationtesting.MitnickSecurity–Mitnicksecurityisthesecurityconsultingandpenetrationtestingfirmofwell-knownhackerKevinMitnick.NCCGroup–Thecompanyoffersarangeoftestingservicesfromdeeptechnicalinvestigationstohigher-levelassessments.Netragard–PenetrationtestingfirmNetragardmadenewsbyterminatingtheirexploitacquisitionprogramin2015.Nettitude–Nettitudeprovidespenetrationtesting,riskmanagement,andrelatedcybersecurityservices.NetSPI–InformationsecurityandriskconsultingcompanyNetSPIincludesapenetrationtestingcapability.nGuard–Charlotte-basedcybersecurityconsultingfirmnGuardincludespenetrationtestingservices.NisosGroup–NisosGroupfocusedonpenetrationandstresstestingtodetectadvancedthreats.OffensiveSecurity–OffensiveSecurityisagroupofexperthackersrunningarangeofpenetrationtestingcourses.OneconsultAG–SwisssecurityconsultingfirmOneconsultAGoffersarangeofpenetrationtesting.ParameterSecurity–Missouri-basedParameterSecurityprovidessecurityconsultingandpenetrationtestingsolutions.PenTestPartners–UK-basedPenTestPartnersprovidespenetrationtestingservicesformobile,SCADA,andapplications.Pentura–PartofInteliSecure,Penturaofferssecurityconsultingandpenetrationtestingservices.PivotPointSecurity–PivotPointSecurityprovidesinformationassuranceincludingpenetrationtestingandethicalhacking.Portcullis–UK-basedPortcullisprovidesarangeofsecurityconsultingandpenetrationtestingsolutions.Praetorian–ConsultingandpenetrationtestingservicesareavailablefromAustin-basedPraetorian.Provensec–Provensecmakesavailablecybersecurityandpenetrationtestingfocusedonmid-sizedbusinessneeds.PwnieExpress–Boston-basedPwnieExpressprovidessecurityconsulting,assetdiscovery,andpenetrationtestingsolutions.Rapid7–Rapid7offersscanningandpenetrationtestingbasedontheworkofH.D.Moore,inventorofMetasploit.ReactionInformationSecurity–ReactionInformationSecurityprovidessecurityconsultingandpenetrationtestingsolutions.RhinoSecurityLabs–RhinoSecurityLabsincludesnetworkandWebpenetration,mobileapp,andsecurecodereviews.Riscure–LocatedinTheNetherlands,Riscureisaglobalsecuritytestlaboratoryfocusedonsidechannelanalysis.RiskSense–RiskSenseprovidesavulnerabilitymanagementplatformalongwitharangeofsecurityservices.
Root9b–TheNewYork-basedcompanyprovidesadvancedcybersecurityconsulting,testing,andtrainingservices.SafeBreach–California-basedSafeBreachprovidesaplatformforbreachexecutiononatargetsystem.SAINT–SAINToffersarangeofpenetrationtestingthroughtheSAINTexploitscanningplatform.SECFORCE–UK-basedSECFORCEoffersarangeofsecurityconsultingandpenetrationtestingservices.SecureAnchor–Virginia-basedSecureAnchoroffersarangeofsecurityconsultingandpenetrationtestingservices.SecureIdeas–Florida-basedSecureIdeasoffersarangeofsecurityconsultingandpenetrationtestingservices.SecurityArt–SecurityArtprovidesarangeofcybersecurityconsultingservicesincludingredteamexercises.SecurityAuditSystems–UKfirmSecurityAuditSystemsoffersarangeofWebsitepenetrationtestingservices.SecurityMetrics–SecurityMetricsoffersPCIandHIPAAcomplianceservicesincludingscanningandpenetrationtesting.SenseofSecurity–LocatedinAustralia,SenseofSecurityoffersarangeofsecurityconsultingandpenetrationtestingservices.Synack–SynackofferscontinuousBugbountyexploitationfromavettedteamofcrowd-sourcedexperts.Syndis–Iceland-basedSyndisoffersarangeofsecurityconsultingandpenetrationtestingservices.Synopsys–Thecompanyoffersasuiteproductsandservicesfocusedonvulnerabilitytesting.TBGSecurity–TBGSecurityprovidessecurityconsultingtoassistwithcomplianceinHIPAA,PCI,andrelatedframeworks.TechGuardSecurity–TechGuardofferssecurityconsultingandpenetrationtestingforcommercialandgovernmentcustomers.ThreatIntelligence–AustralianfirmThreatIntelligenceprovidesmanagedthreatintelligenceincludingpenetrationtesting.TopgallantPartners–TopgallantPartnersoffersarangeofsecurityconsulting,assessment,andpenetrationtestingservices.TrailofBits–NewYork-basedTrailofBitsprovidesarangeofexpertresearch,training,andtestingservices.TrojanHorseSecurity–TrojanHorseSecurityoffersarangeofsecurityconsultingandpenetrationtestingservices.TrustedSec–LocatedinOhio,TrustedSecoffersarangeofsecurityconsultingandpenetrationtestingservices.Trustwave–TrustwavemakesavailablecybersecurityconsultingandPCIDSSQSAservicesincludingpenetrationtesting.2-Sec–2-secprovidesarangeofsecurityconsultingoffersincludingpenetrationtestingandPCIDSSservices.ValueMentor–ValueMentorConsultingprovidesinformationsecurityincludingassessmentsandpenetrationtesting.Veracode–Veracodeisanapplicationsecurityfirmthatincludesarangeofpenetrationtestingservices.Verizon–Verizonoffersarangeofpenetrationtestingsolutionsthroughon-staffandoutsourcedgroups.vThreat–Herndon-basedvThreatofferstestandsimulationplatformsupportcapabilitiesforcybersecurityfunctions.Xyone–UK-basedXyoneofferssecurityconsultingandpenetrationtestingsolutionsforenterprise.Yarix–ItalianfirmYarixofferssecurityconsultingandpenetrationtestingservicesforcustomers.Control32:SecurityAnalyticsSecurityanalyticsinvolvesadvancedtechniques,tools,andalgorithms–oftenbasedonmachinelearning,deeplearning,andartificialintelligence–thatprovideeitherstand-alone,embedded,oradd-onfunctionalitytodetectevidenceofsecuritycompromiseinlargevolumesofdata.Securityanalyticscanbeperformedondatathatiseitherstoredatrestorcollectedinmotion,perhapsevenatlinespeedonamassivenetwork.Thisisacapabilitythatcanbeobtainedbysecurityteamsinavarietyofdifferentways,becausevirtuallyeverysecurityproductandserviceincludessomesortofsecurityanalyticfunction.Thesweetspotforthisadvancedcapability,however,involvesplatformswithtoolsforsiftingthroughdatainlargestores,usuallyHadoop-based,topullindicatorneedlesfrommetadatahaystacks.Considerablecross-overexistsinthisareaofenterprisecybersecuritywithSIEMprocessing,andmanyofthevendorsmarketingthemselvesassecurityanalyticsprovidersuseaSIEMastheirplatformbase.Additionalcross-overexistswithnetworkmonitoringvendorswhoapplyadvancedanalyticstotheirnetworkpacketandmetadatacaptureengines.Evenendpointsolutionsincludeconsiderablecross-oversincemostsecuritysolutionsforusersandentitiesarenowbasedonbehavioralanalytics.Fewervendorsthanonewouldexpectfocusonpurelicensingoftheirsecurityanalyticscapability,especiallyuser-behavioral,toturbo-chargesolutionsfromothervendors.Thisisunfortunate,andonemightexpectthatlicensingdealswillincreaseasthecompetitionbetweensecurityanalyticplatformvendorsheightens.
GeneralOutlookThegeneraloutlookforsecurityanalyticsinvolvestransitionfromcentralized,stand-aloneanalytictoolstodistributed,platform-enabledcapabilitiesembeddedincloudworkloads.Thistransitionalsoinvolvesshiftfromsimpledatacorrelationmethodstomuchmoreadvancedalgorithmsbasedonmachinelearning,deeplearning,andartificialintelligence.Firstgenerationsecurityanalyticsfrom1998to2007involvedsimplecorrelationtoolsforSIEMsusingsmalldatasetstodetectindicatorsafteranattack.Secondgenerationsecurityanalyticsfrom2007to2016involvedtheintroductionofmoreadvanced,heuristicBigDataanalytics,oftenbasedonHadoop,insupportoftheSOChunter.Thirdgenerationsecurityanalyticsfrom2016to2025shouldexpecttoseemassivelydistributedanalyticscoordinatingadvancedalgorithmicprocessingacrosscloudworkloads.Machinelearningandartificialintelligencemethodswillbeusedtogeneratemoreproactiveintelligencebeforeanattackcanproduceconsequences.
Figure32.2018SecurityAnalyticsOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,becausewehavealreadyseensignificantgrowthinsecurityanalyticsandourviewisthatconsolidationand(insomecases)realitywillsetin,andthegrowthwillsettledownslightlytosomethingmorelinearandsustainable.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsareadvisedtodemandtounderstandtheunderlyingmathematicsofagivensecurityanalyticsplatform,andshoulddemandfulltransparencyinanyhuman-assistedactivityformachinelearningandartificialintelligencetools.Sincemostoftheproductsthatyourteamwillpurchaseinthecomingyearswillincludesecurityanalytics,thechallengeofintegratingallthisdistributedprocessingintosomethingmeaningfulwillbecomeanewchallenge.AskyourSIEM,networkmonitoring,logmanagement,andendpointsolutionproviderstoexplainhowsuchintegrationmightbeachieved.Sincethesteepgrowthinthisarea,especiallyformachinelearning,willlikelywaneslightlyinthenextdecade,itmightbegoodtoavoidlongtermcontractstotakeadvantageofbetterdealsthatcouldemergeamidstgreatercompetition.
AdviceforSecurityTechnologyVendorsDespitethisbeingapromisingaspectofcybersecuritytechnology,thebusinessofbeinginsecurityanalyticsmightseesomestormcloudsahead.Thisisacrowdedfield,withmanydifferentcybersecurityvendorsclaimingtobeenabledwithadvancedanalytics(eveniftheyarenot).Ouradvicehereistofocusintwoareas:First,anyvendorwithtrulyamazinganalyticalgorithmsthatreallydoworkwillbesuccessfulnomatterthefuturecircumstances.So,ifyouaretherealdeal,thenkeepitup.Second,ouradviceistofullyexploreallpossibleusageopportunitiesforyourtechnology,includingadd-on,embedded,andstand-alone.Licensingoptionsmaybethemostattractiveoptionformanyvendors,especiallyinlightoffutureneedsincloud,SDN,NFV,andvirtualdatacenters.ListofSupportVendorsAttivoNetworks–AttivoNetworksprovidesdeception-basedattackdetectionandpreventionincludingadvancedanalytics.AxonAI–Virginia-basedAxonAIprovidesarangeofAI-basedswamtechnologyforanomalydetection.Balabit–LocatedinBudapest,Balabitprovidesrealtimeintelligencebasednetworksecurityanalytics.BayDynamics–BayDynamicsofferscustomersitsRiskFabricpredictivesecurityanalyticsplatform.Brinqa–LocatedinAustin,BrinqaprovidesanintegratedGRCplatformthatincludesextensivesecurityanalyticsupport.ContextRelevant–ContextRelevantprovidesstate-of-the-artpredictivedataanalysistoolsforenterprisecybersecurity.Cylance–Cylanceoffersartificialintelligence-basedanalysistoolstodetectthreatsonendpoints.Cymmetria–Cymmetriaprovidesarangeofcybersecurityanalytic-basedintrusiondetectionsolutions.Cynet–BasedinNewYork,Cynetoffersadvancedenterpriseanalyticsupportfordetectingcyberthreats.Cyphort–Cyphortsupportsthe“singlepaneofglass”approachtoenterpriseanalytics.Darktrace–Darktraceoffersaplatformthatsupportsso-calledEnterpriseImmuneSystemtechnologyforadvancedanalytics.Dataguise–Fremont-basedDataguiseoffersadvancedsolutionsforBigDataanalysissecurityprocessing.DtexSystems–DtexSystemsfocusesoninsiderthreatprotectionusingsecurityanalyticswithbehavioralpatterndetection.E8Security-E8securityprovidesasecuritybehavioralintelligenceplatformtosupportdetectionofthreatsintheenterprise.Encode–Encodeprovidesasecurityanalyticsandresponseorchestrationplatformfortheenterprise.Endgame–Virginia-basedEndgameprovidescybersecuritysupportforthreatandvulnerabilitydetection.eSentire–eSentireoffersanactivethreatprotectionsolutionwithcontinuousmonitoringservice.Exabeam-ExabeamprovidesuserbehavioralanalyticintelligencefromSIEMandlogmanagementdata.FileTrek–KnownasInterset,thecompanyprovidesendpointbehavioralanalyticsforenterprise.FireEye–ThepopularFireEyeplatformincludesadvancedsupportforenterprisesecurityanalytics.Flowtraq–Flowtraqprovidesanadvancedcapabilityforadvancedanalysisofnetworkflowdata.Forcepoint–Forcepointofferscontentsecurity,analytics,cloudsecurity,firewall,andWebsecurityfortheenterprise.Fortscale–Fortscaleprovidesuserbehavioralanalyticssolutionsforenterprisesecuritythreatdetection.GuardianAnalytics–MountainView-basedGuardianAnalyticsprovidesbehavioralanalyticsolutionsfordetectingfraud.GuruCul–GuruCulsupportsidentity-basedbehavioralanalyticstosupportcyberriskintelligence.HawkNetworkDefense–HawkNetworkDefenseprovidesanalyticsforenterprise,serviceproviders,andSIEMenrichment.HaystaxTechnology–HaystaxTechnologyprovidessecurityintelligenceandreal-tomesituationawarenesssolutions.HPE–Oneoftheindustry-leadingSIEMsolutions,ArcSitefromHPE,offersarangeofsecurityanalyticsfunctions.IBM–IBMincludesanextensiverangeofsecurityanalyticsolutionsaspartofitscybersecurityproductofferings.IKANOW-IKANOWprovidesBigDataanalyticsolutionstoreducetheriskofbreachesandAPTattacks.Informatica-InformaticaprovidesBigDatasolutionsincludingadatasecurityofferingfocusedoncriticaldataintelligence.InterGuard-InterGuardprovidesemployee-monitoringsoftwarethatrecordsandcontrolsPCactivityforlossandmisuse.Jask–SanFrancisco-basedJaskprovidesanartificialintelligence-basedplatformforsecurityanalytics.KEYW–KEYWprovidestheHexisenterprisesecurityanalyticssolutionwithdataanalysisandSIEMfunctions.Lastline–Lastlineprovidesmalwaredetectionandthreatanalysisforenterpriseasahostedoron-premisesolution.LightCyber–LocatedinIsrael,LightCyberprovidesadvancedbreachdetectionwithemphasisonAPT.Morphick–Morphickprovidessecurityanalytictoolsforadvancedthreatdetectionandresponse.Niara–Niaraoffersanintegratedplatformforperforminganalyticsandforensicsonenterprisedata.NIKSUN–Princeton-basedNIKSUNprovidesnetworkperformancemonitoringandsecuritysurveillancesolutions.NoraghAnalytics–Noragh’sTACsupportsenterpriseinvestigationandanalysisoflargevolumesofinformation.Novetta–Novettaprovidesanadvancedanalyticsplatformfordetectingthreatandpotentialfraudintheenterprise.Nuix-Nuixprovidesinvestigation,informationgovernance,eDiscovery,andcybersecuritysolutionsforenterprise.ObserveIT–ObserveITprovidesasoftwaresolutionforuseractivitymonitoringbasedontailoredanalyticsandforensics.
OutlierSecurity–OutlierSecurityprovidesagentlesscybersecurityanalyticsasaserviceforendpoints.Palantir–Palantirprovidesrealtimedatafusionandintelligenceplatformsolutionsforenterpriseandotherapplications.Panaseer–Panaseeroffersaplatformforintelligenceonanetworkincludingcybersecuritythreatidentification.Pixlcloud–PixlcloudsupportsBigDataanalyticsandvisualizationintheenterprisewithtrainingoffersforanalysts.RedLambda–RedLambdaprovidesaBigDatasecurityplatformthatsupportscorrelation,reporting,andautomation.RedOwl–RedOwlsupportsbehavioralanalyticsforinformationsecurityandenterprisecompliance.ReversingLabs–ReversingLabsprovidesaplatformforthreatprotectionandanalyticswithsupportforincidentresponse.RiskI/O–RebrandedasKennain2015,thecompanyprovidesariskintelligenceandvulnerabilitymanagementplatform.RiskLens–RiskLensusesadvancedanalyticstooptimizeinsuranceandmanagecybersecurityriskintheenterprise.RSA–Theindustry-leadingsecuritydivisionofEMChasexpandeditsfocusonenterprisesecurityanalyticssupport.SAS–AdvancedanalyticsfromSASsupportsbusinessintelligenceandpredictiveanalysisforenterprise.Savvius–Savviusprovidesadvancednetworkmonitoringandsecurityanalyticssoftwareforenterprise.Secnology–SecnologyprovidesawiderangeofSIEM,logmanagement,andenterprisesecurityanalyticscapabilities.SecureDecisions–SecureDecisionsprovidessecurityvisualizationforanalysisofsoftware,networks,andothersystems.SecurityDo–SecurityDoprovidesaproductcalledFluencythatprovidesbreachdetectionandresponsecapabilities.Sophos–SophoscombinesendpointsecurityprotectionwithenhancedanalysistoolsbasedonCybereasonacquisition.SpectorSoft–SpectorSoftprovidesmonitoringsoftwaretodetectinsiderthreats,employeefraud,anddatabreaches.Splunk–Splunkoffersaplatformforintelligenceonanetworkincludingcybersecuritythreatidentification.Sqrrl–Sqrrl’sLinkedDataAnalysissupportsenterprisesecurityanalysisandmonitoringofcollecteddata.SS8–SS8providesadvancedenterprisecommunicationsecuritythroughanalysis,correlation,andforensics.SumoLogic–RedwoodCity-basedSumoLogicprovidesadvancedcontinuouslogmanagementandsecurityanalytics.SurfWatchLabs–SurfWatchLabsprovidesariskanalyticplatformAPIfortranslatingdatatointelligence.Tanium–Taniumprovideshighperformance,realtimeendpointprotectionthroughdatacollectionandthreatanalysis.ThetaRay–ThetaRayoffersenterprisecybersecurityanalyticssupportforindustrialsectorcustomers.ThreatStream–RedwoodCity-basedThreatStreamoffersathreatintelligenceplatformforsupportingsecuritydataanalytics.ThreatTrackSecurity–ThreatTrackSecurityprovidesasandbox-basedsolutiontodetectsuspiciousormaliciousbehavior.TIBCO–TIBCOprovidesarangeofbusinessintelligenceandinfrastructuresolutions,includingdatasecurity.Trustpipe–Trustpipeoffersendpointsecurityvianetworktrafficscansandanalysisusinganattacktaxonomy.21CT–21CTprovidesabehavioralanalyticfrauddetectionsolutionthatsupportsenterpriseinvestigations.Verint–Verintprovidesanalytichardwareandsoftwareforsecurity,businessintelligence,andsurveillanceindustries.Webroot–HavingacquiredCyberFlowAnalytics,Webrootnowprovidesnetworkmonitoringandsecurityanalytics.Yaana–YannaincludesadvancedcybersecurityanalyticsinitssuiteofBigDatasolutionsforenterprise.Yaxa–Yaxaprovidesaninsiderthreatprotectionsolutionbasedonuserbehavioralanalyticsforenterprise.Zettaset–ZettasetprovidessolutionsforsecuringHadoopandorchestratingenterprisesecurityanalytics.Control33:SIEMPlatformSecurityInformationEventManagement(SIEM)platformscollectandprocessaudittrails,activitylogs,securityalarms,telemetry,metadata,andotherhistoricalorobservationaldatafromavarietyofdifferentapplications,systems,andnetworksinanenterprise.ForaSIEMtooperateproperly,connectorsandinterfacesarerequiredtoensuretranslatedflowfromthesystemofinteresttotheSIEMdatabase.Eventually,betterstandardswillemergeforhowSIEMsintegrateintoanecosystem,butfornow,vendorsdifferentiatebasedonhoweasilyacustomercancollectandprocessdata.TheprocessingpartofaSIEMrangesfrombasiccorrelativeanalysisresultinginanactivitydashboardwithalarms,tomachinelearning-basedheuristicanalysisbasedonbehaviors,profiles,andrudimentaryartificialintelligence.(ManyexperiencedSIEMoperatorspreferthesimplertools.)AdjacentsolutionsalsoexisttoenhancetheoverallSIEMprocessingthroughimprovedlogmonitoringordomain-specificpre-processingofcollectedalarms.LAN-hostedSIEMswillnaturallymigratetodistributed,virtualizationinhybridcloudenvironments,soexpecttoseenewpointsofmarketingdifferentiationfromthissegment.Thisvirtualizationwillassistdown-marketSMBorganizationstobecomemoreactive
SIEMusers,apointthatisbecominginevitableanyway,asthird-partyriskmanagementprogramsimposeSIEMsolutionsaspartofimposedcompliancerequirements.GeneralOutlookThegeneraloutlookforSIEMPlatformsolutionsinvolvestransitionfromusagemostlyfromlargerorganizationstoexpandedusebyalargernumberoforganizationsincludingfromtheSMBsegment.Thistransitionalsoincludesashiftfromcentralized,LAN-basedSIEMdeploymentstomoredistributed,hybrid-cloudhostedSIEMsolutionsthatcollectdatafromvirtualworkloads.FirstgenerationSIEMplatformsfrom1998to2007involvedtheearliesttoolswithsimplerelationaldatabasescollectingfirewallandIDSalarms.TheactionsresultingfromtheseearlySIEMSweretypicallyuneven,withmostSIEMbuyersexpressingdisappointmentattheirinvestment.SecondgenerationSIEMplatformsfrom2007to2016involvedmorefeatures,supportforlargerdatasets(includingnetflowcollection),andtheearliestsupportforvirtualcloudinfrastructure.SIEMbuyersweremostlysatisfiedwiththeirinvestmentsduringthisperiod,andmostcomplianceinitiativesbegantoreferenceuseofthesetoolsasrequirements.ThirdgenerationSIEMsfrom2016to2025shouldexpecttoseeareductioninLAN-hostedSIEMSastheperimeterimplodes,butthiswillbereplacedwithexpendedvirtualSIEMsdeployedtohybridcloud.Third-partyriskrequirementsimposedonSMBorganizationswilldrivethisvirtualgrowth,andthenativecapabilitieswillimprovewithmachinelearning,deeplearning,andartificialintelligence.
Figure33.2018SIEMPlatformOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,sincethemarketforSIEMplatformswillcontinuetoexpandthroughcomplianceframeworks,virtualoptionsforSMB,andbetterprocessing.ThisisabrightspotincybersecurityandexpectSIEMStoincludebetterconnectorsforincidentresponseworkflow.AdviceforEnterpriseSecurityTeamsEnterpriseteamsnotcurrentlyusingaSIEMshouldjumpimmediatelytoavirtualsolutionwithanas-a-service,mobiledevice-accessibledashboardforrenderinganalysisoutputfromdatacollectedfromcloudworkloads.TeamswithaLAN-hostedSIEMneedtoworkwiththeirvendor
todeterminethebestpathforwardforcollectingdatafromheterogeneousdistributedcloudcomponents.Thispathshouldbesomethingmoreelegantthanjustshovelingthecloudworkloaddatabackintotheenterprisethroughopenportsongatewayfirewalls.ComplianceframeworkwritersarecorrecttoincludeSIEMsintheirfunctionalrequirements,andSMBsshouldnolongerflinchwhentheyseethisasamandatoryexpectationwhentheysupportalargercustomer.AdviceforSecurityTechnologyVendorsExpandingtovirtual,cloud-basedSIEMsolutionsistheobviousplayhere.Thegrowthinthatsegmentwillbeexponential,andthedown-marketoptionstoSMBareexciting.Vendorsshouldbecarefulnottooverplaytheadvancedmachinelearningandartificialintelligenceaspect,simplybecausemostexperiencedSIEMoperationsteamsunderstandthatbasiccorrelation,simpleeventcounthistograms,andclearcomparisonofone-thing-with-anotherareperfectlyfinefordetectingtrends.ComplexmathematicalanalysiswillbeuselessifoperationsteamshavenocluewhataBayesiandistributionmeans.Ouradvicehereistokeepitclean,elegant,andsimple,especiallyondashboards.ListofSupportVendorsAlertLogic–AlertLogicprovidesamanaged,cloud-basedsecurityinformationandeventmanagementsolutionforenterprise.AlienVault–AlienVaultoffersaunifiedSIEMplatformforenterpriseandSMBcustomerswithopensourcethreatfeeds.ArcticWolfNetworks–ArcticWolfNetworksprovidesmanagedsecurityinformationandeventmanagement.Assuria–UK-basedAssuriasellsacloud-readysecurityinformationandeventmanagementplatformforenterprise.A3Sec–SpanishcompanyA3SechasarelationshipwithAlienVaultandfocusesonSIEMproductsandservices.BlackStratus–BlackStratus,formerlyNetForensics,offersmanagedSIEMproductsandsolutionsfortheenterprise.Correlog–Correlogprovidesasecurityinformationeventmanagementcomponentthatoperatesinamainframeenvironment.EMC/RSA–RSAofferstheenVisionsecurityinformationeventmanagementsolutionforenterprise.EventSentry–EventSentryprovidesaplatformforeventlogmonitoringandrelatedrealtimeenterprisesecurityfunctions.EventTracker–EventTrackerprovidesadvancedSIEM-as-a-Servicesolutionforenterprisecustomers.ExtremeNetworks–ExtremeNetworksoffersitsExtremeSIEMbasedontheEnterasysacquisition.Fortinet–FortinetoffersasecurityinformationandeventmanagementplatformcalledFortiSIEMforenterprisecustomers.GFISoftware-GFISoftwareoffersemailsecurityservices,eventmanagement,andmanagedanti-virus.HPE–HPEofferstheindustry-leadingArcSightplatform,whichincludesallbaselineandadvancedSIEMfunctions.Huntsman–HuntsmanofferstheadvancedTier-3securityincidentandeventmanagementcapability.IBM–IBMoffersenterprisecustomerstheQRadarSIEMQ1throughitsacquisitionandintegrationofQ1Labs.Juniper–TheJuniperJSA3800applianceprovidesbothenterprisesecurityanalyticsandSIEM-likefunctions.KEYW–KEYWacquiredSensagein2012andoffersadvancedlogandeventmanagementsolution.LOGbinder–LOGbinderprovidestoolstoconnectsecurityintelligencetoenterpriseSIEMwithfocusonMicrosoftproducts.Logentries–Logentriesprovidesafeature-rich,low-costsecurityinformationeventmanagementproduct.Loggly–Logglyoffersanadvancedsecurityandeventlogmanagementsolutionforenterprisecustomers.LogRhythm–LogRhythmsupportsSIEM,logmanagement,andnetworkanalyticsinitsenterpriseplatform.ManageEngine–ManageEngineprovidestherealtimeEventLogAnalyzer,whichincludesSIEMfunctionality.McAfee–SIEMsolutionsfromMcAfeeincludeadvancedcapabilitiesforenterpriseandSMBcustomers.Papertrail–Papertrailisaneventviewerandlogmanagementapplicationavailableasvirtualsolution.PrismMicrosystems–PrismoffersadvancedSIEM,ITsecurity,compliance,andlogmanagementtools.SolarWinds–Austin-basedSolarWindsoffersaSIEM,log,andeventmanagementsolutiononasinglevirtualappliance.Splunk–Splunkoffersasetofcollection,correlation,andanalysistoolsforlogandenterprisedatasecurityinvestigation.SumoLogic–SumoLogicprovidessecure,cloud-basedlogmonitoring,management,andanalytics.Stackify–Stackifyoffersadeveloper-centricsolutionthatintegratesapplicationlogmanagementwithDevOps.Symantec–SymantecmaintainssupportforexistingSIEMcustomersthrough2017asitmovesfocustootherareas.Tenable–TenableoffersanadvancedsecurityinformationeventmanagementsolutionforenterpriseandSMB.TIBCO–TIBCOoffersanadvancedsecurityinformationeventmanagementsolutionforenterprise.Tripwire–TripwireoffersaLogCenterenterprisesolutionthatincludesadvancedSIEMfunctionality.TrustedMetrics–TrustedMetricsoffersacloud-basedsecurityinformationandeventmanagementsolution.
Trustwave–Trustwaveoffersarangeofsecurityinformationeventmanagementsolutionsforenterprise.Control34:ThreatIntelligenceThreatintelligenceservicesconsistofreal-timeinformationfeedsforenterprisesecurityteamsfromhumanandautomatedsourcesonthebackground,details,specifics,andconsequencesofpresentandfuturecyberrisks,threats,vulnerabilities,andattacks.Threatintelligenceservicesoftenincluderecommendedactions,butmostenterprisesecurityteamstailortheirresponsetoreportedthreatissuesbasedonlocalconditions.Mostthreatintelligenceserviceswerecreatedbasedontheexperienceandexpertisetheirfounders–oftenformergovernmentintelligenceofficers.Increasingly,modernthreatintelligencefeedsaremorecenteredontechnology-basedcollection,aggregation,andpresentationtocustomersusingwell-definedapplicationandnetworkexchangeprotocols.Notethatthreatintelligenceisasupersetofcyberthreatintelligence,andthisisausefuldistinctionforsecurityoperationsstaff.Whenperformingall-sourcecorrelativeanalysisofcybereventsandindicators,itisoftenusefultofoldnon-cyberthreatintelligenceintotheanalysis.Thiscanincludegeo-politicalissues,naturaldisasters,criminalaction,militarymaneuvers,andsoon.Standardsforthreatintelligenceautomationareemerging,butacceptingexternalinformationasthebasisforautomatedsystemadministrativeactionsisstillinitsinfancyintermsofgeneralenterpriseadoptionandcomfort.GeneralOutlookThegeneraloutlookforthreatintelligencesolutionsinvolvestransitionfromhumantimeusagetoreal-time,automateduse.Inaddition,threatintelligenceisundergoingtransitionfromsimplethreatintelligencesourcessuchasvulnerabilityfromreportsfromavendortoall-sourcethreatintelligencefeedsfromavarietyofintegratedoriginationpoints.Firstgenerationthreatintelligenceservicesfrom1998to2007consistedofbasicinformationpulledfromtheearliestuseofDarkWeb,butwithlightintegrationintobusinessresponseactivity.Secondgenerationthreatintelligenceservicesfrom2007to2016begantoseemoreextensiveusebyCISOteams,simplybecausethethreatinformationimprovedintermsofaccuracy,relevance,andeventailoringtotheenterprisebuyer’sneeds.Thirdgenerationthreatintelligenceservicesfrom2016to2025shouldexpecttoseemoreautomatedfeeds,increasedreal-timeusageandapplication,moreactionabledata,andgreaterfocusondomain-specificintelligence,especiallyforIoTandICS.
Figure34.2018ThreatIntelligenceOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookismoderate,sincethreatintelligenceisnowsoreadilyavailableasacomponentofvirtuallyeverycybersecurityproductandserviceinthemarket.Thebarriertoentryforthreatintelligenceservicesisincrediblylow,despitewhatyourvendorbragsaboutthebackgroundsoftheirprincipalsasformerofficialsinthenationalintelligenceserviceoftheirhomecountry.AdviceforEnterpriseSecurityTeamsEnterpriseteamsmustlearntoingestthreatintelligencefortheircybersecurityprogramsinmuchthesamewayasautomobilesmustbedesignedtoingestgasoline,oil,andotherfluidsforproperoperation.Securityoperationscentersandhuntteamsalreadyknowthevalueofthreatintelligence,asdoanygatewayadministratorsacceptingliveURLfeedstokeeptheboredaccountantsintheFinanceDepartmentoffpornsites.Therealchallengeforenterpriseteamsiswhethertheyarewillingtotakethefullleapintoautomatedcollectionandrapid,automaticmitigationbasedoningesteddata.Thekeyattributehereistrust,andthequestionemergeswhethersufficientconfidenceexistsinathreatfeedtoallowmachine-controlledreconfigurationofsomesystemtooccur.Myadviceistoproceedforward,albeitwithsufficientcautiontoavoidrashintegrationofpotentiallybuggyfeedsdegradingthecorporategateway.AdviceforSecurityTechnologyVendorsThreatintelligenceisagrowingaspectofcybersecurity–nodoubt.Butthecompetitionhereisfiercewithlowbarrierstoentryanddisintermediationwithvendorsskippingthethreatintelligencefeedintegrationstepbyjustpoweringafeedthemselves.Opensourcethreatintelligenceshouldbealessintensethreattobusiness,simplybecausethesignal-to-noiseratioinsuchfeedsissuspect.Theadvicehereistofocusonanelegantplatformwithsimpleoperation,andclean,understandableinterfaces.Furthermore,compliancewithstandardssuchasStructuredThreatInformationExpression(STIX),CyberObservableExpression(CybOX),andTrustedAutomationExchangeofIndicatorInformation(TAXII)areamust,asautomatedthreatfeedintegration,federation,andsharingwillincreaseinthecomingyears.ListofSupportVendors
AlienVault–AlienVaultincludestheOpenThreatExchangecrowd-sourcedthreatintelligenceinitssecurityofferings.AT&T–AT&TisthefirstISPintheworldtoprovidethreatinformationviaitsvirtualizedSDNcore.BAESystems–BAESystemsprovidesanadvancedthreatintelligencemanagementandanalyticsplatform.Blueliv–Thecompanyprovidesanend-to-endcloud-basedcyberthreatintelligencesolution.BoozAllenHamilton–BAHprovidesitsCber4SightThreatIntelligenceofferingfortheenterprise.CentripetalNetworks–CentripetalNetworksprovidesareal-timenetworkprotectionsolution.Confer–ConferprovidesasensorthatconnectsanenterprisetoacyberthreatpreventionnetworkCheckPointSoftware–CheckPointSoftwaremarketstheThreatCloudIntelliStorethreatintelligenceplatform.CoraxCyberSecurity–CoraxCyberSecurityprovidessecuritythreatmanagementandintelligenceservices.CrowdStrike–CrowdStrikebasesitsendpointsolutiononitscloud-basedIntelligenceExchange(CSIX)program.CrypteiaNetworks–CrypteiaNetworksprovidesthreatintelligenceandrelatedsecurityservicesinEasternEuropeandEMEA.CyberInt–CyberIntprovidesintelligence,monitoring,andconsultingfocusedoninformationsecurityandcyberwarfare.CyberUnited–CyberUnitedoffersthreatintelligence,analytics,andmachinelearningtodetectmaliciousinsiderbehavior.Cyren–CYRENprovidesanadvancedcloud-basedplatformthatmakesthreatdataavailabletoendpoints.Dell–DellpowersitssolutionswiththreatintelligencefromtheCounterThreatUnitresearchteam.DigitalShadows–DigitalShadowsofferscybersituationalawarenesssolutionstoprotectagainstattacks.Disrupt6–Disrupt6providesthreatintelligencebasedonasubscriptionfeedorviaadeployedsensornetwork.DistilNetworks–DistilNetworksprotectsWebsitesfrombotnets,scraping,anddataminingwithadvancedthreatintelligence.DomainTools–DomainToolsprovidesdomain,network,andmonitoringtoolsforlook-up,investigation,andthreatintelligence.EclecticIQ–EclecticIQ,formerlyIntelworks,providesarangeofcyberthreatintelligencemanagementsolutions.FarsightSecurity–FarsightSecurityprovidesthreatintelligencefeedsfromrealtimepassiveDNSsolutions.FireEye–Throughacquisition,FireEyehasemergedasoneoftheindustryleadersinprovidingadvancedthreatintelligence.Flashpoint–FlashpointprovidescyberadphysicalthreatintelligenceservicesfromtheDeepandDarkWeb.HaystaxTechnology-Haystaxprovidesactionablesecurityintelligenceandrealtimesituationalawareness.HoldSecurity–HoldSecurityprovidesconsultingservicesandthreatintelligenceforbusinessclients.HPE–HPEThreatCentralincludesactionablethreatanalysisandintelligencefromHPE’scloud-basedsharingplatform.IBM–TheIBMSecurityX-ForceThreatIntelligencesupportsIBMplatformswiththreatdata.Infoblox–BasedonacquisitionofIID,Infobloxoffersarangeofadvancedthreatintelligenceservices.McAfee–ThecompanyofferstheGlobalThreatIntelligence(GTI)situationalawarenessservice.Lookingglass–Lookingglasssupportsthreatintelligencemanagementsupportingsecurityoperationsandrealtimedecisions.Maddrix–Maddrixprovidesincidentresponseprofessionalservicesincludingremediationandthreatintelligence.PhishMe–PhishMesuppliesthreatmanagementsolutionstosupporttheiranti-phishingmission.MetaIntelligence–MetaIntelligenceprovidesintelligence-basedservices,cyberriskmanagement,andpenetrationtesting.NC4–NC4supportsdisseminatinginformationrelatedtocyberthreats,physicalsafety,crime,andincidentmanagement.NoraghAnalytics–NoraghAnalyticsoffersadataanalysisanddecisionframeworkforapplicationsincludingcybersecurity.Norse–NorseincludescapabilitytoreportonlivenetworkprotocolactivitysuchasBorderGatewayProtocol.OneWorldLabs–OneWorldLabsprovidesthreatintelligenceandrelatedserviceswithemphasisonbrandprotection.OWLCybersecurity–OWLCybersecurityoffersaDarkNetthreatintelligenceplatform.PierceGlobalThreatIntelligence–PierceGlobalThreatIntelligence(GTI)providesrankedthreatintelligence.RecordedFuture–RecordedFutureprovidesrealtimethreatintelligencetodefendanorganization.RSA–RSAFirstWatchinvolvesadvancedthreatintelligenceandsecurityanalyticsfocusedonsophisticatedthreatmanagement.Security-Database–Security-Databasemonitorsandprovidesdashboardsummariesofvulnerabilitiesforavarietyofproducts.SecurityTracker–Theorganizationprovidesfreeandpremiumsecuritythreatandvulnerabilityadvisoryinformation.SenseCy–SenseCy’sadvancedcyberintelligenceprovidesspecificthreatinformationforvarioussectors.Silobreaker–SilobreakerprovidesanappforsecurityprofessionalstokeeptrackofopensourcedatafromtheWeb.Spamhaus–Spamhausisanon-profitfocusedontrackingSpammersandsupportinganti-Spamactivitiesacrosstheworld.SurfWatch–SurfWatchLabsoffersadvanced,comprehensivecyberthreatintelligencesolutions.Symantec–SymantecoffersDeepSightIntelligencewithactionablestrategicandtechnicalcyberinformation.TaiaGlobal–TaiaGlobalprovidesacounter-intelligenceservicethatworkswithaSIEMtoproviderealtimeinformation.TeamCymru–TeamCymruprovidesactionabledatawiththeintelligencerequiredtoprotectanorganization.ThreatConnect–ThreatConnectoffersathreatintelligenceplatformthatempowersorganizationstoaggregateinformation.ThreatIntelligence–ThreatIntelligenceprovidesmanagedthreatintelligenceservicesincludingpenetrationtesting.ThreatQuotient–ThreatQuotient(ThreatQ)supportsmanagementofinternalandexternalthreatintelligence.ThreatStream–ThreatStreamoffersenterpriseclassthreatintelligencebasedondatacollection,prioritization,andanalytics.Tripwire–Tripwireprovidesarangeofadvancedenterprisethreatandvulnerabilityintelligenceservices.TruSTAR–TruSTARprovidesananonymousmeansforsharingofthreatandvulnerabilityinformationwithacommunity.Verisign–Verisignincludesexpertcyberthreatintelligenceservicesforglobalenterpriseclients.WapackLabs–WapackLabsprovidescyberthreatanalysis,securityresearch,andintelligenceservices.
Webroot–TheWebrootBrightCloudThreatIntelligenceServicesincludesIPreputationservices.Control35:ApplicationSecurityApplicationsecurityinvolvesavarietyofstaticanddynamicmethodsusedtoreducecyberriskinenterprisesoftwareapplications.Techniquesforapplicationsecurityspanabroadrangeofemphasisincludingfocusonsoftwareprocessenhancements,staticcodeimprovements,andrun-timeoperatingsystemenvironmentalcontrols.Becausetheworkactivitiesinvolvedineachoftheseapproachesvarysowidely–fromsoftwaremethodologyreviewstoautonomousrun-timelearning–itisdifficultformanyCISOteamstogettheirarmsaroundthisaspectoftheirenterpriseprotectionresponsibility.Codescanningtoolshavetraditionallybeentheprimaryfocus,butadvancesintheabilityofsoftwaretoself-protectusingadvancedheuristicmeansmakethisaspectofapplicationsecurityhighlypromising.Tohelpkeeptrackofthevariouspossibilities,hereisalistofcurrenttechniquestypicallyassociatedwithapplicationsecurity:
• SoftwareProcessReviews–Thismethodfollowsthepresumptionthatitiseasiertopredictsoftwareissuesbylookingathowyoudevelopsoftwarethanbylookingattheactualcodeyouproduce.
• SoftwareFrameworkCompliance–VariousbestpracticeframeworksforapplicationsoftwaresuchasOWASPcanbehelpfultodevelopersinreducingcyberriskthroughcommonsenseDev/Opsapproaches.
• ApplicationSecurityScans–Thismethodinvolvesrunningautomatedscansofexecutablesandsourcecodetoidentifyevidenceofpossiblevulnerabilitiesorexploitableweaknesses.
• ApplicationCodeReviews–Thisinvolvesthetediousprocessofpeer-reviewbyhumanbeingsofdevelopedcode.Mostdeveloperswillexplainthatnothingreplacesthevalueofexpertreview.
• Run-TimeSecurityControls–Embeddedsoftwarethatexportsrun-timetelemetryorthatimposescontrolsonbehaviorfromapplicationexecutableisbecomingmorecommonlyusedinenterpriseapplicationhosting.
• AdvancedSelf-Protection–Thetechniqueofautonomous,self-protectionisanexcitingpremiseforimprovingapplicationsecurityduringrun-time.
Sinceallthesemethodscontributetothesamegoalofimprovingsecurityofsoftwareapplicationsintheenterprise,expecttoseeconvergenceofsolutionsinthemarketplace,eveninthefaceofsignificantdifferencesinhowCISOteamscarryouttherespectiveactivities.GeneralOutlookThegeneraloutlookforapplicationsecurityinvolvestransitionfrommanual,mostlyadhocapplicationsecurityreviewstoautomated,intelligent,self-learningapplicationsecuritycontrols.Thistransitionalsoinvolvesshiftfromapplicationasaminor(orevenmissing)componentofmostsecurityteamstoanessential,highlightedcomponentofeveryCISOprogramineverysector.Firstgenerationapplicationsecurityfrom1998to2007involvedad
hocfunctions,mostlyscanning,withearlyprocessmaturitywork.Secondgenerationapplicationsecurityfrom2007to2016involvedamorecomplexmixofsolutionsasapplicationbecameperceivedasagreatersecurityrisk.CISOsappliedmorefocusinthisareaduringthisperiod.Thirdgenerationapplicationsecurityfrom2016to2025shouldexpecttoseegreaterconvergenceofsolutions,acrosstheboard,withanevenheavierfocusfromCISOteams.Fundingforapplicationsecurityislikelytobecomemoreroutinewithyear-over-yearbudgetpositioningmakingthefunctionslessadhocandmorepredictable.
Figure35.2018ApplicationSecurityOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookismoderate,onlybecausetherearesomanymovingpartshere.Applicationsecuritycouldeasilybearguedastheleastwell-developedaspectofenterprisesecurityprograms.IfyouweretoaskagroupoftypicalCISOswhatconcernsthemthemost,forexample,applicationsecuritywouldbeapopularanswer.AdviceforEnterpriseSecurityTeamsIfyouarepartofanenterprisesecurityteamandyouarefeelingsomewhatconfusedaboutapplicationsecurity,thenyouarenotalone.Takesometimethisyeartofocusonlearningaboutthedifferentdimensionsofapplicationsecurity,especiallyareasthatyoumightbelessfamiliarwithasateam.Manyenterpriseteamshavelittleunderstanding,forexample,ofsoftwaresecuritymaturitymodels,soperhapsspendingsometimeinthisareawouldbewellspent.Similarly,manyenterpriseteamsmayhaveneverconsideredtheuseofarun-timesecuritycontrolsuchasaRASPtoolintheirapplicationhostingenvironment.Thiswouldthusbeagoodareatospendsometime.Inadvanceofthecomingconvergenceinapplicationsecurity,theadvicehereistofocusonlearningnewmethods,deployingproof-of-conceptengagements,andcreatingnewrelationshipswithdiversevendors.Expecttoseeconsiderablemergerandacquisitionactivityinthisareainthecomingdecade.AdviceforSecurityTechnologyVendorsThegoodnewsforapplicationsecurityvendorsisthateveryCISOwillagreethatthisisahugeriskareaandthatimprovedsolutionsarerequired.Suchcommonanduniformrecognitionwillgoalongwaytodrivingnewbusiness.Thebadnews,however,isthatyouaredealingwitha
confusedandpartitionedcustomermarket.Onechallengeisthatnooneinatypicalenterprisehasanyideawhoownsrunningapplications:Itmightbethedevelopers;itmightbethehostingtea;itmightbethesponsoringbusinessunit;itmightbethecommunityofusers;andonandon.So,whenasecurityteamwantstoimprovetheprotectionprofileforanapplication,it’softenunclearwhatstepsneedtobedone–orevenwhotoworkwithinsidetheenterprise.Thiscanbefrustratingforapplicationsecuritysalesteams.Theadvicehereistoremainpatientandfocusonhelpingeveryoneunderstandthemechanicsofhowyoursolutionsworks.Evenifyoucannotsolvetheenterpriseconfusionaroundwhoownsgivenapplications,youcanatleastensurethatyourownsolutionisnotcontributingtothecomplexity.ListofSupportVendorsAppthority–Appthorityoffersauniquesolutionforrisk-scoringapplicationsbasedonsecurityfactors.AppSecLabs–AppSecLabsprovidesresearchandtooldevelopmentformobileapplicationsecurity.Arxan–Arxanprovidesrun-timeprotectionforapplicationsonmobile,desktop,embedded,andservers.AspectSecurity–AspectSecurityprovidestraining,softwaretestingandanalysis,andsecurityconsulting.BeyondSecurity–BeyondSecurityoffersautomatedsecuritytestingfornetworks,software,andWebapplications.BlackDuckSoftware–Thecompanyprovidesappsecurity,containersecurity,andcomplianceforopensource.Bluebox–Blueboxoffersadvancedmobileappsecurityandmanagementsolutionstoprotectdata.CapstoneSecurity–CapstoneSecurityoffersservicesinapplicationsecurity,regulatorycompliance,andsecurityassessments.Checkmarx–Checkmarxprovidesarangeofstaticcodeanalysistoolsinsupportofapplicationsecurity.CIXSoftware–CIXSoftwareisworkingspecificallyinRASPwithprincipalsfromthefinancialindustry.CodeDX–CodeDxprovidestoolsforstaticsoftwaretestingofapplications.ContentSecurity–ContentSecurityprovidesasoftwaresolutionforsecuritytestingWebapplications.ContrastSecurity–ContrastSecuritysecuresapplicationsfromzerodayvulnerabilitiesviainteractivesecuritytesting.Coverity–Coverityprovidesarangeofadvancedsoftwareapplicationtestingtoolsforstaticanalysis.Cybera–Cyberaprovidesasecureapplicationdefinednetworkplatformforenterpriseapplications.Cyxtera–Cryptzone,partofCyxtera,offerssecureaccess,contentencryption,andrelatedsecuritysolutions.DBAPPSecurity–DBAPPSecurityprovidesWebapplicationanddatabasesecuritytechnologysolutions.DenimGroup–DenimGroupprovidessecuresoftware,includingappdevelopment,assessment,training,andconsulting.D-Risq–D-Risqprovidesautomatedformalanalysistoolstoimprovethecorrectnessofsoftware.ERPScan–ERPScanoffersasuiteofSAPsecurityproductsandservicesforenterprisecustomers.F5–F5supportsnetworksecurityandoptimizingapplicationdeliverynetworkcapabilities.Fortego–Fortegoprovidescomputernetworkoperationsdevelopment,reverseengineering,andsecurityanalysis.Fortinet–Fortinetoffersitsflagshipnext-generationfirewallwithVPNintegrationandsupportforapplicationsecurity.GreenSQL–GreenSQLprovidesdatabaseapplicationsecurityfordatamasking,compliance,anddatabasethreatprotection.GroundworksTechnologies–Thecompanyprovidesengineeringservicesincludingembeddeddevicesecurity.HPE–HPEofferstheWebInspectdynamicanalysissecurity-testingtoolforvulnerabilitydiscoveryinWebapplications.IBM–IBMoffersinitssecuritysuitetheAppScantool,whichtestsWebandmobileapplicationsforvulnerabilities.IncludeSecurity–IncludeSecurityoffersinformationandapplicationsecurityassessment,advisory,andconsultingservices.Indusface–IndusfaceoffersasuiteofWebapplicationfirewall(WAF),andWebandmobileapplicationtestingproducts.Klocwork–Klocworkprovidesadvancedsecurecodeanalysistoolsforsoftwareandapplicationsecurity.LanceraSecurity–LanceraSecurityofferspenetrationtestingandsecureapplicationdevelopment.LayerSevenSecurity–LayerSevenSecurityoffersSAPsecurityservicesincludingappsecurityandpenetrationtesting.Lookout–Lookoutoffersarangeofmobileandapplicationsecuritysolutionsforpersonalandenterpriseuse.MarbleSecurity–Marble,acquiredbyProofPointin2015,providesamobileappsecuritybasedonthreatintelligence.Metaforic–Thecompanyprovidestechnologyforsoftwaredeveloperstoensurethattheircodeisself-defending.MindedSecurity–MindedSecurityprovidessoftwaresecurityconsultingaswellasapplicationsecuritytestingtools.Mocana–MocanaprovidesamobileapplsecurityplatformwithsupportforembeddeddevicesintheInternetofThings.N-Stalker–N-StalkerprovidesaWebappsecurityscannertosupportthewebdevelopmentlifecycle.Onapsis–OnapsissupportsadvancedprotectionofSAPapplicationsandprocessesfromvulnerabilities.Parasoft–Parasoftoffersvirtualization,APItesting,anddevelopmenttestingsoftwaresolutions.PentaSecurity–PentaSecurityoffersWebapplicationsecurity,databasesecurity,andsinglesign-onsolutions.Port80Software–Port80SoftwareprovidesWebapplicationsecurityandperformancefocusedonMicrosoftIIS.PortSwigger–PortSwiggerofferstheBurpSuiteWebapplicationsecuritytestingsoftwaresolution.Pradeo–PradeoprovidesanadvancedsuiteofmobileapplicationsecuritytestingtoolsandAPIs.
Prevoty–Prevotyoffersanadvanced,dynamicrun-timeapplicationsecuritysolutionfortheenterprise.ProtectedMobility–ProtectedMobilityofferssolutionsformobileappsecurityincludingasecureSMSservice.Quotium–NowpartofSynopsis,Quotiumprovidesanautomatedcontinuous,applicationsecuritytestingsolution.Radware–Radwareoffersapplicationdeliveryandloadbalancing,webapplicationfirewall,andotherareas.Rapid7–Rapid7providesvulnerabilitymanagement,penetrationtesting,andapplicationmonitoringsecuritysolutions.SafeBreach-TheSafeBreachplatformexecutesbreachmethodsonatargetsystemtoidentifypotentialweaknesses.Saviynt-Saviyntprovidescloudaccessgovernanceandintelligencefordataprotection,privacy,andregulatoryrequirements.SecurityInnovation–SecurityInnovationprovidesappsecurityawarenesstrainingandrelatedproductsandservices.Sentrix–Sentrixprovidescloud-basedWebapplicationsecurityandDDOSsolutionsfortheenterprise.Sonatype–Sonatypeprovidesopensourcedev/opstoolsincludingNexusfirewallforsoftwaredevelopmentorganizations.Synopsys–Synopsysprovidesarangeofapplicationsecurityprotectionsfromseveralrecentacquisitions.TrendMicro–TrendMicroprovidesarangeofenterpriseandcloudsecuritysolutionsthatareapplicabletoapplicationsecurity.TrulyProtect–TrulyProtectprovidesanencryption-basedsoftwaredatasecuritysolution.TrustWave–TrustWaveprovidessolutionsbasedontheacquisitionofApplicationSecurityInc.in2013.Veracode–Veracodeoffersenterprise,Web,andmobileapplicationsecuritysolutionstodetectweaknesses.Virsec–Virsecprovidesnext-generationdatabreachprotectionforapplicationsincludingvirtualpatching.VirtualForge–VirtualForgeoffersarangeofadvancedsecuritysolutionsforSAPapplicationusers.Waratek–Waratekprovidesapplicationsecuritythroughruntimeapplicationself-protectionforJavaaswellascontainers.WhiteCloudSecurity–WhiteCloudSecurityprovidesblockingofuntrustedapplicationexecutablesandscriptedmalware.whiteCryption–whiteCryptionprovidescodeintegrityprotectionforapps,aswellasawhite-boxcryptographylibrary.WhiteHatSecurity–WhiteHatSecuritysupportsdiscoveryandcontinuousscanningofWebapplications.Control36:ContentProtectionContentProtectioninvolvestheestablishmentandmanagementofdigitalrightsforowned,createdintellectualproperty.Theemphasishereislessonprotectionofdigitalrightsforpureentertainmentsuchasmovies,video,music,andbooks–althoughmuchofthediscussionherecertainlyapplies.Instead,however,ouremphasisisontheuseoffamiliartechniquessuchasdigitalrightsmanagement(DRM)toprotectconventionalbusinessassetssuchasfiles,databases,records,andotherinformation.AlmostallDRMsolutions,whichgenerallyusecryptographiccontrolsandadministrativesoftwaretoenforceowner-definedpoliciesfordigitalproperty,haveunderperformedtodateforavarietyofreasons.OnereasonisthecomplexityofoperatingtheunderlyingPKIservices;anotherisrelativeunpopularityofdigitalrights,especiallyinentertainment;athirdistheclumsyapproachtoprivatereadersandotherclientsoftwaresometimesusedtocontaincontent;andwecouldgoon.Asaresult,theviewhereisthatenterpriseDRMsolutionswillnotgrow,althoughsomestubbornuserswillcontinuetorunstand-alonesystems.Instead,however,anewcontentprotectionindustrywillemergeinthecloud,whereembeddedcryptographiccontrolswillallowuserstohosttheirintellectualpropertyinthecloudandtospecifyexactlythecontrolsrequiredforusers.AnyonewhohaseverpublishedabookonAmazon.comorplacedmusiconiTunesknowsexactlyhowthisworks,andtheextrapolationtoenterpriseIPisobvious.ThedifferenceisthatinsteadofusingacreditcardtopurchaseaneBookfromthecloud–whichwealldooften,youwoulduseacredentialtodownloadasharedbusinessdocument.Ourcommentaryhereislargelypredictiveandobservational,sincewehavenotseenasmuchvendoractivityhereaswewouldexpect.GeneralOutlookThegeneraloutlookforcontentprotectionsolutionsinvolvestransitionfromweak,ineffectivestand-aloneenterpriseDRMsystemsthatarehostedinsideaperimeterLANtocloud-hosted
contentprotectionsystemsthatareembeddedintoSaaSinfrastructure.Firstgenerationcontentprotectionfrom1998to2007involvedearlyenterpriseDRMsolutionsthatwerecomplexandthatledtomanyfailedprojects.(OK,maybenotallwerefailed,butnexttimeyouarewithsomemoreseniorCISOs,askabouttheirenterpriseDRMeffortsduringthatperiodand90%ofthemwillbehappytosharetheirpriorchallenges.)Secondgenerationcontentprotectionfrom2007to2016involvedaclearreductioninemphasisonenterpriseDRM,amidstaclearriseincontentrisk.Somuchintellectualpropertywasstolenbynation-stateactorsduringthisperiod,forexample,thatsomeobserverswouldcallthisperiodashavingexperiencedthelargestshiftofintellectualproperty(fromownertocyberthief)inthehistoryoftheworld.SomevisionaryCISOsbegantoexploreuseofcloudtoprotectcontent,butitneverreachedmuchcriticalmass.Thirdgenerationcontentprotectionfrom2016to2025shouldexpecttoseefamiliartechniquessuchasembeddedrightsincloud-hostedcontenttobeusedmoreextensivelyintheenterprisetoprotectshareddata.It’salmostcomicalthatduringenterprisesecurityteamdiscussionsabouthowtodealwiththis“frustratingproblemofprotectingourIP,”thatduringthemeetingbreak,attendeeswilldownloadasongfromiTunesorabookfromAmazon.Theobviousdesignextrapolationwillbecomemorenoticedduringthenextdecadeandcloud-hostedcontentprotectionintheenterprisewillgrowexponentially.
Figure36.2018ContentProtectionOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookismoderate,becausewearebeingpredictivehereaboutacomplexarea.OnlyminorevidenceexiststhatembeddedDRMsolutionsinthecloudwillcatchonat-scaleacrossenterprisesectors.Timewilltell,butwearehopeful.AdviceforEnterpriseSecurityTeamsIfyouarenewtocontentprotectionandDRM,thenyouarenotalone.MostCISOsdonothaveexpertsonstaffwhounderstandthistechnology,andtheirpredecessorsmayhavewarnedaboutavoidingcomplexenterpriseDRMsolutionswiththeirprivateclientreadersandcomplicatedPKIunderbellies.Mostcurrentdocumentprotectiondeploymentstendtobesmallandisolated,withaplethoraoftinyvendorssupportinghandfulsofclients.Theproblemisthat
enterprisecontentandIParebeingrippedoffatridiculoushighratesacrossentireindustrialsectors,soCISOteamswouldbewisetobeginexploringprotectionoptionswithsmalldocumentprotectionvendors,andwiththelargercloudandSaaSproviders.YouwillfindthatmostofthemoresuccessfulcloudserviceproviderswillbehappytodiscussDRM-likecapabilitieswithyou.AdviceforSecurityTechnologyVendorsTheembeddeduseofcloud-basedcontentprotectiontooffervirtualizedDRMsolutionsforenterpriseisamajorbusinessopportunitywithmassivegrowthopportunitiesandexponentialrevenuegrowthpotential.Itisthereforecuriousthatthisisnotabiggercomponentofthecybersecurityvendorlandscape.CloudserviceprovidersshouldbemarketingvirtualDRMtoenterprisebuyers.TheadvicehereistolearnfromtheexistingconsumerDRMsolutionsfromApple,Amazon,andthelike.TheuseofTPM-basedTEEonmobileandPCdevicescouldalsobeusedtofederatecredentialsfromtheuserdomainuptotheembeddedDRMdomainwhereIPisstored.ListofSupportVendorsAdhaero–AdhaeroDocsupportsencryptionandcontrolofMicrosoftOfficeandOutlookdocumentsthroughoutthelifecycle.aegisDRM–G-TechoffersaegisDRMproductthatsupportssecuritycontrolforMicrosoftWordandotherOfficeproducts.AmazonWebServices(AWS)–AmazonoffersDRMoptionsforcontentusersaswellasforAWSinfrastructureservices.Apple–ApplesupportsDRMforitsrangeofdevices,computers,systems,applications,andsupport.Appligent–AppligentsupportsarangeofenterpriseDRMprotectionsforprotectingPDFdocuments.Araloc–Aralocofferssecurecontentmanagement,distribution,andfilesharing.Armjisoft–ArmjisoftprovidesDRMsolutionsforlicenseprotection,watermarking,andrelatedprotections.ArtistscopeCopysafe–ArtistsCopysafeoffersawebplugintoprotectmediafromunauthorizedcopy.Arxan–Arxanprovidestwo-tieredsoftware-basedapplicationandkeyprotectionfordigitalmedia.Axinom–Axinomoffersamulti-DRMservicesupportingMicrosoftPlayReady,AppleFairPlay,andGoogleWidevine.Aspack–AspackprovidesitsASProtectsolutionforsoftwareprotectionwithcryptoregistrationkeys.Bisantyum–TorontofirmBisantyumoffersdistributedDRMmanagementusingblockchaintechnology.ContentGuard–ContentGuardprovidesDRM-basedcontentmanagementtechnologysolutions.ContentRaven–ContentRavenprovidescloud-basedsolutionsforprotectingthedistributionoffiles.CryptKey–CryptKeyprovidesarangeofsoftwarelicensingandsoftwarecopyprotectionoptions.DefectiveByDesign–DefectiveByDesignisanorganizationthatsupportsoppositiontoDRM.docTrackr–docTrackr,fromIntralinks,controlssecurityinGmailextensionsandwebappsforAPI-basedandcustomsolutions.Dubset–Dubsetofferssecuredistributionsolutionsforartists,labels,andproducers.DRMNZ–DRMNZprovidesadvancedDRMsupportservicesforcontentcreators,managers,andowners.EditionGuard–EditionGuardconsistsofasecureeBookdistributionplatformwithsellingtoolsandDRM.EMMS–EmacsMultimediaSystemsupportsmultimediafilesinEmacsusingexternalplayers.EZDRM–EZDRMprovidesanadvanceddigitalrightsmanagementsolutiontoprotectdigitalmedia.Fadel–Fadelsupportsthemanagementofintellectualpropertyviadigitalassetrightsinthecloud.Fasoo–Fasoosupportscontinuousencryption,permissioncontrol,andenterpriseDRMsolutions.FileOpen–FileOpenconsistsofanAdobeAcrobatpluginthatensuresthatdigitalpublicationsarenotredistributed.FinalCode–FinalCodeprovidesanencryption-basedsolutionforsecurefilesharinginenterprise.Foxit–FoxitoffersitscustomersarangeofadvancedsecurePDFprotectionsolutionsincludingreaders.Gemalto–ThroughacquisitionofSafeNet,thecompanyincludesDRMintheirrangeofcontentprotectionofferings.GiantSteps–ManagementconsultancyGiantStepsfocusesonprotectionforthecontentindustries.GigaTrust–GigaTrustoffersitscustomersarangeofpervasivecontentmanagementsecuritysolutions.Google–GoogleincludesWidevineDRMprotectionsinitsdevice,application,system,andcontentecosystem.Haihaisoft–HaihaisoftofferstheDRM-Xdigitalrightsmanagementsolutiontoprotectdigitalcontentproducts.HoGo–HoGoprovidesadigitalrightsmanagement(DRM)-basedsolutionforprotectingandsharingdocuments.InsideSecure–InsideSecureprovidesembeddedsecurityformobilepayment,contentprotection,secureaccess,andIoT.InterTrust–InterTrustTechnologiesinvents,developsandlicensessoftwareandtechnologiesincryptoandDRM.Identify3D–Identify3DprovidesIPprotection,qualityassurance,anddatasecuritythroughallphasesofdigitalmanufacturing.
LinkDataSecurity–LinkDataSecurityprovidesadvancedcopyprotectionforCDs,DVDs,USB,andWeb.LiquidMachines–LiquidMachinesdevelopsenterpriserightsmanagementsoftwaretoprotectcorporateassets.Locklizard–LocklizardprovidesDRMsoftwareforcompletedocumentsecurityandcopyprotection.Lockstream–LockstreamoffersadvancedDRMsolutionsforringtones,music,andmobilegames.Microsoft–Microsoftprovidessoftware,electronics,andPCservicesincludingITsecurityandcontentprotection.NextLabs–NextLabssupportsawiderangeofenterprisedigitalrightsmanagementsecuritysolutions.OpenText–OpenTextprovidesacontentmanagementplatformforcloud,Oracle,Microsoft,andothersoftwaresuites.Rchive–Rchiveconsistsofacopyrightprotectionsystemforsecurelysharing,tracking,andrevokingaccesstoscreenplays.Rightsline–RightslineprovidesDRMfortrackingcontractandroyaltyrightswithemphasisonmediaandentertainment.Sansa–Sansaprovidesembeddedsecurityfordevicecontentprotection,platforms,andchipmanufacturerssupportingIoT.SecureMedia–SecureMediaprovidesasecuritysystemforencrypteddistributionofdigitalcontent.Sealedmedia–Sealedmediaoffersarangeofdigitalrightsmanagementsoftwaresolutionsforcustomers.Sofpro–SofproofferssoftwarecopyprotectionandlicensingsolutionsforWindowsand.NETframeworkapplications.Softwarekey–SoftwarekeysuppliesProtectionPLUSsoftwarelicensingandserverlicensingautomationtechnology.Source3–Source3providesanadvancedsoftwareplatformforlicensinganddistributionof3Dcontent.TerbiumLabs–TerbiumLabsprovidesafingerprintingsolutionthatcandetectstolenintellectualproperty.TrendMicro–TrendMicrodescribesitsendpointandrelatedsecuritysolutionsascontentsecurity.Valve–ValvedevelopsSteam,aDRM-freesolutionforgames.Theiralgorithmsonlyprotecttitlesthatdonotincludea3.Vaultize–VaultizesupportsenterprisesecurefilesharingsolutionsthroughitsDRMsecuritysupport.X-Formation–X-Formationoffersawiderangeofsoftwarelicensemanagementsolutionsinitssuite.Vitrium–VitriumprovidesdocumentsecurityanddigitalrightsmanagementprotectionforPDFfiles.WatchfulSoftware–WatchfulSoftwareprovidesDRM-baseddatasecuritysolutionsforenterprisecustomers.Control37:DataDestructionDatadestructioninvolvesthepolicies,procedures,tools,andtechnologyusedtosecurelydeleteinformationanddisposeofequipment.Amazingly,despitethemostintenseintellectualpropertytheftinthehistoryoftheworldduringthispastdecade,enterprisesecurityteamsstillpayinsufficientattentiontothiscriticallyimportantfunction.Datadestructionshouldbeaddressedfromthreeperspectives:
• DestructionofUnneededStoredData–Employeesshouldonlysavedatathatisabsolutelyrequiredfortheirjobfunction.MassivedistributedstoresofoldinformationacrossallthePCsinthecompanyisahugeriskthatcanbeeasilyavoidedbyinformingemployeesofsuitablecriteriaandproceduresforremoval.
• SecureDeleteFunctionforCriticalData–WhencriticaldataissimplydeletedonaPC,eventhemostnoviceITprofessionalknowsthatitcanberecoveredwithreadilyavailabletools.Thiscanbeavoidedthroughproperuseofsecuredeletefunctions.
• ProperDecommissionofUnneededEquipment–Whenequipmentisdecommissionedfromacompany,thetaskisusuallyhandledbyalow-levelITemployeewhomighthavezeroconnectiontotheenterprisesecurityteam,andwhomightbefollowingadhocprocedures.Thisisobviouslyalargeriskthatiseasilyavoided.
Itissurprisingthatthisaspectofdatahandlinghasreceivedsolittleattentiontodateinenterprise,butthegoodnewsisthatvirtualcloudservicesandinfrastructurewillbeginmoreaggressivelyofferingsecuredeletionfunctionsforstoreddataandevencomputinginfrastructure.Thiswillgrowsignificantlyascriteriarequirementsframeworksbegintodemandthiscapability,especiallyforanythingcritical,sensitive,orsignificant.Goodstandardformedia
sanitizationdoexistincludingNIST800-88andDoD5220-22,butthetypicalCISOwillnotevenrecognizethesedesignations.GeneralOutlookThegeneraloutlookfordatadestructionsolutionsinvolvestransitionfromadhocITcontrolofthisfunctiontomandatorycontrolofdatadestructionandmediasanitizationbysecurityteams.Firstgenerationdatadestructionmethodsfrom1998to2007involvedadhoccoveragewithparkinglotdumpstersinheavyuseformostcompanies,whichledtotheemergenceofdumpsterdivingasapopularhackduringthisperiod.Secondgenerationdatadestructionmethodsfrom2007to2016sawcontinuedweakfocusbyenterprisesecurityteamscharacterizedby(Ihatetosaythisbut)neglectbyCISOs.FewCISOs,forexample,everybotheredduringthisperiodtochallengerecordsinformationmanagement(RIM)policiesdevelopedbycorporatelawyersthatturnedemployeesintopackratssavingeverythingontheirPCs.Thirdgenerationdatadestructionfrom2016to2025shouldexpecttoseeamassivegrowthincloud-hostedsolutionsformediasanitization,securedelete,andproperdecommissionofvirtualserversandequipment.
Figure37.2018DataDestructionOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,sincethethreatissignificantandvirtualsolutionsarenotonlyeasytoimplement,butwillbereadilyadoptedbyenterpriseteams.AdviceforEnterpriseSecurityTeamsTheadvicehereistoaninventorytodayofyourprocessesinthisarea.Ifalow-levelITstaffmemberperformedthedecommission,thendowhateverisnecessarytoeithergaincontrolofthefunctionorwritemandatoryrequirementsforhowthetaskisperformed.TheNIST800-88standardshouldhelpyou.YoushouldalsoimmediatelyreviewyourRIMpoliciestoseeifemployeesmightbeencouragedorrequiredtogetridofanythingtheydon’tneed.Dothemath:IftenthousandemployeesremoveaGBofunneededdata,you’rejustremoved10TBofinformationthathackerscannolongersteal.
AdviceforSecurityTechnologyVendorsTheexistingmarketwillcontinuetooperatewithintheenterprisewithsmalltonegligiblegrowth.Lotsoftinylocalvendorsdrivingtruckstocorporateparkinglotsforperiodicdisposalwillcontinuetobepopular,albeitofferinginsecureservices.Thebigtrendisforcloudproviderstoincludesecuredeletion,mediasanitization,andsecuredecommissioningofvirtualserversandinfrastructureasanoptionforcustomers.Someofthelargerprovidersmentionsecuredataerasuretodayinpassing,butfewusethisasamarketingdifferentiator.Theadvicehereistohighlightthefunctionwhereveryoucan,andmarketitasanadd-oncapabilityforuserswhoneedmoreprotection(andthisshouldbeeveryone).ListofSupportVendorsAllGreen–AllGreenprovidessecureandcertifieddatadestructionandon-siteharddriveshreddingservices.Altep–ElPaso-basedAltepprovidesforensicsanddatadestructionwithaconsultingpracticefocusedoncybersecurity.AppliedMagneticsLab–AppliedMagneticsLabmanufacturesmilitarysecurityanddatadestructionequipment.BrassValley–BrassValleyisacomprehensiveITsolutionsandservicesfirmwithsolutionsfordatadestruction.CorporateBusinessServices–CorporateBusinessServicesprovidesharddriveshreddingandrelatedservices.CloudBlue–CloudBlueprovidesITassetdisposition,on-sitedatadestruction,andITlifecyclesupport.DataDestruction–Datadestructionoffersharddriveshredding,papershredding,andelectronicrecycling.DataDevicesInternational–DDIprovidessecuredatadestruction,degaussing,andhardwaredestructionservices.DataKillers–DataKillersincludesarangeofon-siteshreddinganddegaussingsolutionsfortapesandharddrives.DataSecurityInc.–DataSecuritysupportssecurelyerasinganddestroyingdatastoredonhardwaremedia.4Secure–4SecureprovidessecurityconsultingandtrainingforclientsacrossEurope.4thbin–4thbinprovidesarangeofcertifiedandsecuredatadestructionservicesforcustomersinNewYork.GarnerProducts–GarnerProductsincludesprofessionaldatadestructionforhighsecuritywiping.GuardianDataDestruction–GuardianDataDestructionspecializesinon-sitedatadestruction.HeshengdaInformationSecurity–HSDmanufacturesinformationdestructiondevicesincludingdegaussers.IntelliShred–NewJerseyfirm,IntelliShred,offersawiderangeofon-sitedocumentshreddingservices.IronMountain–IronMountainisanindustry-leadinginformationdisposal,destruction,andmanagementfirm.KrollOntrack–KrollOntrackincludesarangeofrecovery,restoration,collection,review,discovery,anderasureservices.LSoft–CanadianfirmLSoftprovidesasuiteofadvancedtoolsfordatarecovery,security,andbackup.Nexcut–Nexcutprovidesitsenterprisecustomerswithharddriveanddigitalmediashreddingservices.Phiston–Phistonoffersarangeofhighsecuritydatadestructionsolutionsincludingharddrivedestruction.ProShredSecurity–ProShredSecurityprovideson-siteshreddingsolutionsforcustomersintheNewYorkarea.ProTekRecycling–ProTekRecyclingoffersharddriveanddatadestructionincludingdesktops,laptops,andservers.RocklandITSolutions–RocklandITSolutionsprovidesdatadestruction,dataerasure,anddocumentshredding.Seagate–SeagateisamajorAmericanstoragecompanyofferingarangeofbusinessproductsandservices.Secudrive–SecudriveprovidesUSBdataleakagepreventionandadvanceddatasecuritysolutionsincludingdiskerasure.Securis–SecurisprovidesarangeofITassetrecyclinganddatadestructionservicesforbusinesses.Shred-it–Shred-itoffersawiderangeofharddrivedestructionservicesforobsoletedatastorage.Sims–Simsofferscustomersseveralon-sitedatadestructionservicesformagneticandsolidstatedevices.SolsticeTechnologies–SolsticeTechnologiessupportsdegaussingofUSB,SDcard,flash,andothermedia.SystemsMaintenanceServices–SystemsMaintenanceServicesincludesITassetdispositionaspartofitsrangeofservices.TBSIndustries–TBSIndustriesisafull-servicecomputerrecyclingcompanysupportingdatadestruction.TechFusion–TechFusionoffersdataforensicsandeDiscoveryservicesincludingerasureverificationandevidencepreservation.VeritySystems–VeritySystemsisamanufacturerofmagneticmediabulkerasersfordatadestruction.WhitakerBrothers–WhitakerBrotherssuppliespapershredders,folder,andotherbusinessequipment.WhiteCanyon–WhiteCanyonoffersadvancedsolutionsforwipingharddrivesandrecoveringfiles.WiseDataRecovery–WiseDataRecoveryoffersarangeoffreewareforrecoveringdeletedfiles.WorldDataProducts–WorldDataProductsdeliversrefurbishedequipmentbasedonsalesofusedhardware.ZLOOP–ZLOOPoffersarangeofdatadestructionandhardwarerecyclingproductsandservices.Control38:DataEncryption
Dataencryptioninvolvesadvancedtechnology,organizedintoacollectionofalgorithms,protocols,andsupportinginfrastructure,designedtoprotectinformationfromunauthorizeddisclosureeitherduringmovementoratrest.Manyuse-optionsexistforthisfamiliarandimportantsecuritytechnology:Dataencryptionsolutionscanbepackagedasstand-aloneproducts,embeddedfeatures,orlicensedsoftware.Theycanbedesignedusingproprietaryalgorithms(totakeadvantageoftheattendantsecrecyofdesign)orusingstandard,publiclyavailablealgorithms(toavoidtheweaknessesofsecurity-through-obscurity).Theycanbeembeddedinprotocolsthataredesignedspecificallyforalocalorproprietaryapplication,ortheycanbeintegratedintostandard,massive-useprotocolssuchasSSLorHTTPS.Theycanbeweak,inthesensethateitherdomainsizeoralgorithmcomplexityaresub-optimal(aswithobfuscationtools),ortheycanbestrongenoughtowithstandthecryptanalytictechniquesofnation-states(notaneasytask).Theycanalsobeexpensivetopurchaseanduse,ortheycanbefreelyavailabletoolkitsthatyoucanusewithnorestrictions.Yearsago,thecountryoforiginwasahugeissueindataencryption,tothepointwhereexportissuesbecamepartofthecomputersecuritylexicon.Today,thatissue,whilestillnotcompletelynon-existent,iscertainlylessofapressingissue.Thebottomlineisthatbuyerswillneedtonavigatetheoptionslistedabove–nottomentiontheaddeddimensionofpickinganencryptionvendor.Thismaybethemosttraditionalandwell-knownaspectofourindustry,butitremainsoneofthemoredifficulttoproperlydeploy.Oneareawherethisdifficultywillwanesomewhatinthecomingyearsinvolvesprotectionofkeysandcertificates,ifonlybecausewithvirtualizedcomputinginhybridcloud,moreofthiscriticallyimportanttaskwillbeoutsourcedtoathird-party.Today,fewbuyersdeployproperprotectionsoftheirkeysandcertificates.Inthecomingyears,everyonewill,giventherelativelystreamlinedinfrastructurerequiredtosupport.GeneralOutlookThegeneraloutlookfordataencryptionsolutionsinvolvestransitionfromadhoc,optionalkeymanagementsolutiondeployedinanunevenmanneracrossourindustrytorequired,standardkeymanagement,perhapswithhardwareassistedprotectionusingtoolssuchashardwaresecuritymodules(HSMs)intrustedexecutionenvironments(TEE).Thetransitionalsoinvolvesashiftfromadhocuseofstand-alonedataencryptiontoolstomoresmoothlyembeddedencryptionfunctionalityintovirtualizedhybridcloudinfrastructure.Databases,forexample,aremovingfromenterprise-hostedsystemstovirtualizedcloud-residentservices;thisenablesembeddedencryptionandkeyprotectionoptions.Firstgenerationdataencryptionfrom1998to2007involvedearlysoftwareencryptionwithclumsykeymanagementandpoorlyprotectedcertificates.HTTPSusagegrewduringthisperiod,whichformanysecurityexperts,wasthefirstintroductiontoPKI.Secondgenerationdataencryptionfrom2007to2016sawcontinuedgrowthofdataencryptionsolutionswithslightlyimprovedkeymanagementtechniques.HTTPSusageonthewebgrewdramaticallyforweb-basede-commerce,butdataencryptiontoolusagewasmassivelyscattered.Thirdgenerationdataencryptionfrom2016to2025shouldexpecttoseecontinuedlineargrowth,butkeyandcertificationprotectionsolutionswillgrowdramatically.Duringthecomingdecade,encryptionsolutionswillbecomemoreembedded,simplertomanage,moredependentonhardware-basedprotection,andfocusedonencryptingcloudworkloads.Moreas-a-servicesolutions,includingdatabaseinthecloud,willinclude
embeddedadvancedencryptionandsupportingkeymanagement.Thisisgoodnewsforourindustry.
Figure38.2018DataEncryptionOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,sincedataencryptionwillremainsacorecontrol,andvirtualizationwillmaketheever-naggingchallengesofPKI,keymanagement,andcertificatehandlingmucheasier.Thistrendhasalreadybegun.AdviceforEnterpriseSecurityTeamsTheadvicehereforenterprisesecurityteamsistoremaincommittedtostrongdataencryptionasaprimarycontrol,butbegintoplanformorestreamlinedinfrastructureascloudservicesofferattendantencryptionfeatures.Spendlesstimedebatingkeysize,andmoretimefiguringouthowtofederateandintegratedifferentPKIsolutionsfromcloudproviders.Standardsgroupswillemerge,liketheFIDOAlliance,forhowthiscanbeaccomplished.Writerequirementsthisyearthatdemandworld-classencryptionoptionsfromcloudproviders,andlookcloselyatvendorswhoofferexcellentoverlaysolutionsforencryptingyourvirtualdata.Thesevendorshaveimprovedquiteabitinrecentyears.AdviceforSecurityTechnologyVendorsThisisagoodtimetobeintheencryptionbusiness,butexpectchallengesfromtwodifferentangles.First,youmustexpectthebiginfrastructureproviderssuchasTier1ISPswithSDN-basedinfrastructureandcloudserviceproviderswithvirtualizedcapabilitytoincludeembeddedencryptionintotheiroffers.Theselargecompanieswillhavestrongvaluepropositions,sosmallerencryptionvendorsshouldworkhardtodeveloppartnerships.Second,theuseofencryptionisbecomingsocommonlyembeddedineveryaspectofcomputingthattheintegrationandfederationofdifferentsolutionswillbecomeasimportantasthestrengthofthecryptographyandprotocols.Makesureyouralliancesarestrongandthatyourkeymanagementinfrastructureplaysnicelyintheenterprise.ListofSupportVendorsAbsio–Absiosupportssecurelystoringandsharingemailmessagesexternally,whilemaintainingcontrolofitsuse.AgileBits–AgileBitsprovidesarangeofsecurityapplicationsforpasswordprotectionandfileencryption.
Alertsec–AlertsecoffersaWeb-basedservicetodeployandadministerPointsecdiskencryptionsoftwareonPCs.BoldonJames–UK-basedBoldonJamesprovidesdataclassification,securemessaging,andarangeofrelatedsecurityproducts.BooleServer–ItalianvendorBooleServerprovidesdatasecurityandDLPthroughitsencryptionandsupportforsharing.Boxcryptor–BoxcryptorprovidesfileencryptiontoolsforusewithpubliccloudservicessuchasDropboxandGoogleDrive.CATechnologies–Thelargesoftwareandtechnologycompanyincludesdataencryptionsolutionsforitscustomers.CENTRI–Seattle-basedCENTRIprovidesanadvancedencryption-basedsolutionfordataprotection.Certes–CertesNetworksprovidessoftware-defined,encryption-basedsecurityforenterpriseapplications.Certicom–NowpartofBlackberry,Certicomprovidesarangeofcryptographicsolutionsusingellipticcurvecryptography(ECC).CertiVox–NowknownasMIRACL,thecompanyoffersopensource,distributedsecurityandencryptionsolutions.CheckPointSoftware–CheckPointprovidesarangeofdataencryptionsolutionsbasedonitsPointsecacquisition.CipherCloud–CipherCloudprovidescloudsecuritymonitoring,encryption,andkeymanagementsolutions.Cisco–ThroughacquisitionofPawaa,Ciscoofferssecureon-premise,encryptedfilesharingcapabilities.CloakLabs–Thecompanyprovidesend-to-endencryptionofapplicationdatafromtheenterprisetopartners.CloudLink–PreviouslyAforeSolutions,thecompanyprovidesdatasecurityandencryptionmanagementproducts.CORISECIO–CORISECIOprovidesawiderangeofdataencryptionsolutionsforMicrosoftSharePoint.CryptographyResearch–PartofRambus,CryptographyResearchlicensescryptosolutionsforsemiconductorchips.Cryptomathic–CryptomathicprovidessecuritysolutionsforeBanking,PKI,ID,andePassport.Cypherix–Cypherixmarketsdrag-and-droppersonaldataencryptionsoftwareandnetworksecuritytools.DataLocker–Kansas-basedDataLockerincludesUSB-basedDLPprotectionsolutionswithdigitalrightsmanagement.east-tec–LocatedinRomania,east-tecoffersencryption-basedproductsincludingsecureerasureandothermeans.Echoworx–Echoworxoffersadvancedemailanddesktopencryptionproductstosecuredataatrest.EgoSecure–EgoSecureprovidesdataprotectionsolutionsbasedonencryption,control,filtering,andmanagement.Encryptics–Encrypticsprovidesadataprivacyandprotectionsoftwareplatformincludingencryption.Entrust–Entrustprovidesasuiteofauthentication,identity,PKI,certificate,andmobilesecuritysolutions.Fasoo–Fasoooffersawiderangeofcontinuousdataencryption,documentsecurity,andDRMsolutions.Futurex–Futurexoffersarangeofdataencryptionsolutionsincludehardwaresecuritymodules.Gazzang–NowpartofCloudera,GazzangoffersdataencryptionsolutionsforBigDatadeployments.Gemalto–ThroughacquisitionofSafeNet,thecompanyprovidesauthenticationandencryptiontechnologies.GigaTrust–GigaTrustprovidesenterpriserightsmanagementbuiltonMicrosoft’sRightsManagementServices.GlobalDataSentinel–Thecompanyprovidesanadvanceddatasecuritysolutionfortheenterprise.Guardtime–Guardtimeprovideskeylesssignatureinfrastructurethatenablesdataintegritythroughblockchain.HPE–TheacquisitionofVoltageprovidedHPEwithstrongcapabilityindataandemailencryptionmarketplace.InfoAssure–InfoAssuresupportsprotectingassetsthroughcryptographyandcontent-basedaccesscontrols.InterCrypto–Seattle-basedInterCryptoprovidesdataencryptiontoolsforfiles,disks,andmedia.InterTrust–InterTrustTechnologiesinvents,developsandlicensessoftwareandtechnologiesinDRMandcrypto.IonicSecurity–IonicSecurityprovidesacloudsecurityplatformfocusedondataprotection,singlesign-on,andanalytics.KrimmeniTechnologies–KrimmeniTechnologiesprovidessecurecommunicationsandkeymanagementforcloud.LinomaSoftware–LinomaSoftwarefocusesondatasecuritysolutionsincludingencryption,backup,andsecurefiletransfer.NetworkIntercept–NetworkInterceptprovidessecurityandkeystrokeencryptionproductsforPCs,Macs,andmobiles.PentaSecurity–PentaSecurityofferswebapplicationsecurity,databasesecurity,encryption,andsinglesign-onsolutions.PKWare–PKWareprovidesadataencryptionsolutionforsecuringdatafilesatrestandintransit.Porticor–Porticorprovidescloudsecurity,encryption,andkeymanagementforpublicandprivatecloudssuchasAWS.Protegrity–Protegritymarketscomprehensivedatasecurityincludingtokenization,encryption,andpolicyenforcement.QuintessenceLabs–QuintessenceLabsdevelopssecurityforcryptographicpurposesincludingquantumkeycryptography.RSA–Thisnameissynonymouswithpublickeyencryption,butthecompanyalsofocusesonotheraspectsofcybersecurity.SafeLogic–SafeLogicsupportsintegrationofSuiteBandFIPS140-2validatedencryptionintomobiledevices.SecureChannels–SecureChannelsprovidesarangeofdataencryptionsolutionsforvarioustypesofsystemsandapplications.Senetas–AustralianfirmSenetasprovidesdefense-gradeencryptionsolutionsforgovernmentandcommercialcustomers.Sophos–TheUK-basedsecurityfirmoffersencryptionsolutions,includingfulldiskencryption,foritscustomers.StrongAuth–StrongAuthoffersencryption,tokenization,andkeymanagementforcomplianceandsecurity.Symantec–Thelargetechnologyandcybersecuritycompanyincludesdataencryptionsolutionsforitscustomers.TecSec–TecSecprovidesinformationassuranceforaccesscontrolenforcedthroughencryptionandkeymanagement.Trustifier–Trustifierprovideskernel-levelsecurityprotectionsincludingmandatoryaccesscontrolsforUNIXsystems.Vaultive–VaultiveencryptsMicrosoftOffice365documentsandotherSaaSapplicationsincloud.Venafi–Venafisecuresthekeysandcertificatesrequiredforsecurestorageandcommunications.VirgilSecurity–VirgilSecurityprovidesdeveloperswithadvancedcryptographicsoftwareandservices.Vormetric–Vormetricdeployshighperformancedataencryptionforcloud,Bigdata,andotherenterpriseapplications.Wave–Massachusetts-basedWaveprovidesarangeofdatasecuritysolutionsfortheendpointincludingavirtualsmartcard.
whiteCryption–whiteCryptionprovidescodeintegrityprotectionforapps,aswellasawhite-boxcryptographylibrary.WinMagic–WinMagicprovidesfull-diskencryptionsoftwaretoprotectsensitiveinformationondesktopsandlaptops.WolfSSL–WolfSSLoffersitscustomersanadvancedandextensiveSSL/TLSlibraryforsoftwaredevelopers.Zettaset–ZettasetdevelopsenterpriseclassdataprotectionandencryptionforHadoopandotherBigDatadatabases.Zixcorp–ZixCorpprovidesarangeofemailencryption,BYOD,andDLPsolutionsforenterprisecustomers.Control39:DigitalForensicsDigitalForensicsinvolvesthepeople,processes,andtoolsrequiredtoinvestigatecomputinghardwareandsoftwareartifactstoanswerquestionsaboutpriorimproperormalicioususe,andtoperformdataorsystemrecoverytasksafterdamagemayhavebeencausedbyacrimeorotherintegrity-degradingaction.Digitalforensicstraditionallywasahumantaskwithweaktools,butisevolvingtowardamoreautomatedtaskwithpowerfultools.Thisuniquebranchofforensicsciencehasarangeofmotivationstoincludeinvestigationofabreachtorecoveringsystemsthatwereinnocentlydamaged.(Emphasisinthisreportisprimarilyonmaliciousscenarios.)Thebiggestchangeinrecentyearsthatwillintensifyinthenextdecadeisthatdigitalforensicsforenterprisemustbeincreasinglyperformedondatathatisundersomeoneelse’scontrol–usuallyacloudproviderorthird-partycompany.Thischangeincontrolcomplicatesthedigitalforensictaskinbothlegalandtechnicalmanners,withthetechnicalissuesstemmingfromthediversityofinfrastructurethatmustbeaddressedbytheforensicinvestigator.Thisisnotabigproblemifstandard,well-knowntechnologiesarebeingused;butitisanenormoustaskwhenproprietarysystemsmustbeanalyzed.Anaddedproblemisthatvirtuallyeverythingisbeingencrypted,soanykeymanagementoralgorithmicprotectionsmustbeunraveledaspartofthetask.Thiswasalwaystrue,butithasintensified.Lawenforcementissuestendtoweaveintothedigitalforensicindustry,simplybecausegovernmentinvestigatorsarelargeinfluencersinthetechnologydirectionofvendorsinthissegment.Manyformerlawenforcershavetendedtobecomesuccessfuldigitalforensicconsultantstoindustry.GeneralOutlookThegeneraloutlookfordigitalforensicssolutionsinvolvestransitionfromdataandsystemsbeinganalyzedunderlocalenterprisecontroltoonesscatteredacrossvirtualizedcloudworkloadsunderthecontrolofanexternalentity.AnadditionaltransitionisoccurringfromdigitalforensicsasanisolatedtaskbyahumanexpertundercontrolledconditionstoonethatintegrateswiththemodernnotionofSOC-basedhuntteam,usuallyfocusedonproactiveinvestigation.Thistransitionfromreactivetoproactiveinvestigationisagoodidea,becauseitallowsdigitalforensicstobeusedtodetectindicationsofmaliciousactivityinadvanceofmoreseriousconsequence.Firstgenerationdigitalforensicsfrom1998to2007involvedrudimentarytools,heavilyinfluencedbylawenforcementwithunevenadoptioninallbutthelargestenterprise.Digitalforensicswasauniqueskillduringthiseraand100%oftheactivitywasperformedaftersomethingbadhadhappened–oftenwiththegoalofrecoveringsomedamagedharddriveorcomputer.Secondgenerationdigitalforensicsfrom2007to2016involvedmorewidespreadadoptionofthetask,withlawenforcementstilldominatingtheskillset.Increasedenterpriseadoptionduringthiseraledtobetterforensictoolsandearlyproactivefocus.Thirdgenerationdigitalforensicsfrom2016to2025shouldexpecttoseemore
integrateddigitalforensicplatformswithincreasedfocusoninvestigativeactivityfordataorsystemsnolongerunderdirectenterprisecontrol.Heavyemphasiswillemergeforcloud-storeddata,andthedigitalforensictaskwillintegratewithSOCprocessesandhuntteamswhotendtohaveamoreproactivegoal.
Figure39.2018DigitalForensicsOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,sincethelikelihoodthatmostenterprisedatawillmigrateawayfromlocalcontrolisalmost100%.Thisdoesnotchangetheultimateresponsibilityforthebusinessassetsofanenterprise,becauseoutsourcingoroffloadingstorageorprocessingdoesnotshiftownership,unlessaspecialcontractualsituationisestablished.AdviceforEnterpriseSecurityTeamsIfyouarepartofalargeteam,thenyoualreadyhaveawell-developeddigitalforensicteam,andyoualreadyknowthatyourtoolsarebecomingmorepowerful.Whatyoumaybejustrealizingisthedegreetowhichyourpresentandfuturedataismigratingtodistributed,virtualizedsystemsscatteredacrosshybridcloudinfrastructure.Thiswillrequiresomeadjustment.Ifyouareasmallerteam,thentheextentofdigitalforensicsmightbethedesiretorecoverdamageddevicesorperformmoreisolatedforensictasksonmobiledevices.Suchemphasisonmobiledeviceforensicsisalsosomethingthatrequiresattention,butmostvendorsoffereffectivesolutionsinthisarea,sothisshouldnotbemuchofachallenge.Thebiggestmanagementchallengeiswhethertohireandmanagelocaldigitalforensicexpertsortooutsourcetoexpertconsultants.Thegoodnewsisthatmanyformerlawenforcementexpertswithdigitalforensicskillsareavailableforhireasconsultants.AdviceforSecurityTechnologyVendorsDigitalforensicsvendorsareexpandingtheirfocus,soifyouselltoolsorservicesinthisarea,beso-warned.Themostcommonexpansionisfromplatformsthatallowinvestigatorstoperformdigitalforensicsurgeryonsomedevicetofullendpointsecuritysolutionsthataremoreforensicandvirtualization-friendly.Theconsultingbusinessheremusttargetsolutionsforhybridcloud,withenterprisebuyerswonderinghowtoachieveforensicgoalswhenthedatatobe
investigatedorthemachinestobeanalyzedarevirtualandundersomeoneelse’scontrol.Internationalsupportisalsoacommonrequirement,soithelpstobeageo-politicalexpertifyouareperformingdigitalforensicconsultingforlargemultinationalcustomers.Thenaggingconcernforalldigitalforensicvendorsisthatthelowbarriertoentrycontinuestoresultinahugenumberofsmall,medium,andlargevendorsofferingsolutionsinthisarea.Expecttoseeconsolidation,butitisstillrelativelyeasytogetintothisbusinessasaconsultant.Oneadditionalmajorissuefordigitalforensicvendorsistheheavyfocussomanysolutionprovidershaveonlegalsupport.Thisisadjacenttothecybersecurityissue,sowedonotmaintainmuchfocusonlegaleDiscoveryinthisreport;butmostvendorscrossoverbetweencyberandlegal,whichiswhythelistofsupportvendorsbelowincludesmanyfirmswhoselltolawfirms.ListofSupportVendorsACEDataGroup–PhiladelphiafirmACEDataGroupprovidesdatarecoveryandforensicsservices.AccessData–AccessDataisanexpertproviderofeDiscovery,computer,andmobiledeviceforensics.AC-Forensics–KentuckyfirmAC-Forensicsprovidesarangeofdatarecoveryandforensicsservices.AdvancedDiscovery–NewYork-basedAdvancedDiscoverysupportslegaleDiscoveryforitscustomers.Altep–Altepofferscertifieddataforensicinvestigators,emergencyresponsetechnicians,anddataprivacyconsultants.AsgardGroup-AsgardGroupprovideswirelessRFandcommsecurityforcounterintelligenceandcyberinvestigations.ASR–ASRprovidesexperttechnicalsupportindigitalforensicsforcustomerswithLinux-basedsystems.AtlanticDataForensics–AtlanticDataForensicsoffersdigitalforensics,eDiscovery,andwitnessservices.Axiom–Axiomprovidesarangeofforensicaccounting,investigative,andexpertwitnessservices.AzorianCyberSecurity–AzorianCyberSecurityprovidesarangeofcybersecurityservicesforenterprisecustomers.BarristerDigital–BarristerDigitaloffersarangeoflitigationanddigitaldiscoverysupportservices. Belkasoft–BelkasoftdevelopstheitsEvidenceCenterforenterprisedigitalforensicinvestigativesupport.BIA–BIAoffersexpertdigitalforensics,eDiscovery,andwitnessservicesforenterprisecustomers.BinaryIntelligence–BinaryIntelligencespecializesinforensicsofcomputers,cellphones,andchips.BitSecGlobalForensics–Maine-basedBitSecGlobalForensicsprovidescomputerforensicsupport.BurgessForensics–SantaMonica-basedBurgessForensicsoffersdigitalforensics,eDiscovery,andwitnessservices.Caveon–Caveonincludesarangeofdataforensicssolutionsinitssuiteoffraudtestingandinvestigativeservices.CBLDataRecovery–CBLDatarecoveryprovidesarangeofdatarecoverycapabilitiesforfailedharddrives.Cellebrite–Cellebriteoffersmobileforensicsforanalysisandextractionsupportinglawenforcementandmilitaryusers.CraneEngineering–CraneEngineeringincludesdataforensicsinitssuiteoftechnicalandengineeringconsultingservices.CyberDiligence–CyberDiligenceprovidesprofessionalservicestocombatandinvestigatedigitalcrimes.CyberEvidence–CyberEvidencetrainscomputerinvestigatorsinartofdatarecoveryandanalysisofevidence.Cyfir–Cyfirprovidesitsenterprisecustomerswithanadvanceddigitalforensicsplatformtosupportinvestigation.DataRecoveryLabs–Florida-basedDataRecoveryLabsspecializesinexpertdatarecoveryforclients.DataForensicsGroup–DataForensicsGroupsupportsdataacquisition,datarecovery,forensicsanalysis,andeDiscovery.Datarecovery.com–Datarecovery.comsupportsarangeofexpertdatarecoveryservicesforcustomers.DataRescueLabs–Canadiancompanyprovidesdataandsystemrecoverysolutionsformobilesandcomputers.DataTriageTechnologies–DataTriageTechnologiesofferscomputerforensics,recovery,andeDiscoverycapabilities.DataTriangle–DataTriangleofferscomputerforensics,recovery,andeDiscoverycapabilitiesforlitigationsupport.DeedocConsulting–SmallRaleighcomputerrepaircompanyDeedocConsultingoffersrecoveryservices.D4eDiscovery–Rochester-basedD4eDiscoveryincludesarangeofmanagedeDiscoveryservices.DigitalDetectiveGroup(BLADE)–UKfirmDigitalDetectiveGroupdevelopsdigitalforensicsoftware.Discovia–DiscoviadeliversarangeofmanagedeDiscoveryservicestocompaniesandlawfirms.Disklabs–Disklabsisaproviderofcomputerforensicservicesforlegalfirms,lawenforcement,andenterprisegroups.DisputeSoft–DisputeSoftprovidesadvancedlitigationsupportandexperttestimonyinNewYork.Drivesavers–DatarecoveryfirmDrivesaverssupportrecoveryforharddrives,RAID,SSDs,andphones.D3Forensics–LocatedinAsia,D3Forensicsprovidesarangeofdataforensicsandlitigationsupport.DTI–DTIsupportsarangeofexpertlegaleDiscoveryprofessionalservicesforenterprisecustomers.EcoDataRecovery–Florida-basedEcoDataRecoveryoffersarangeofdataandsystemrecoveryservices.e-fense–Coloradofirme-fenseprovidesitscustomerwiththeHelixplatformfordigitalforensicanalysis.Elcomsoft–RussiancompanyElcomsoftfocusesonpasswordandsystemrecoverysoftwaresolutions.EliteForensicsInvestigators–EliteForensicsInvestigatorssupportsdigitalforensicsandpaperdiscovery.EnclaveForensics–EnclaveForensicsoffersexpertincidentresponseanddigitalforensicservices.
EpiqSystems–EpiqSystemsisapubliccompanythatsupportstechnologyservicesforthelegalprofession.ExpertDataForensics–SmallNevada-basedExpertDataForensicssupportsrecoveryandforensics.FlashbackData–FlashbackDataoffersarangeofdatarecoveryandcomputerforensicsforharddrives.ForensicDataServices–ForensicDataServicesofferscomputerforensics,recovery,andeDiscoverycapabilities.ForensicRiskAlliance–FRAisasecurityconsultancythatprovidesexpertiseinelectronicforensictasks.ForensicStrategyServices–ForensicStrategyServicessupportscollectionandpreparationofevidenceforlegalproof.4Discovery–4Discoveryofferscomputerforensics,computersecurity,andincidentresponsesolutions.FireEye–ThroughitsMandiantunit,FireEyeoffersincidentresponseandnetworkanalysistosupportforensics.FTI–GlobalbusinessadvisoryfirmFTIincludesarangeofdigitalforensicsservicesfortheenterprise.FulcrumDataForensics–UKfirmFulcrumDataForensicsofferscomputerforensics,recovery,andeDiscoverycapabilities.G-CPartners–G-CPartnersofferscomputerforensics,experttestimony,andeDiscoverycapabilities.GetDataForensics–GetDataForensicssupportsarangeofdatarecovery,emailrecovery,andfilerepairtasks.GlobalCompuSearchLLC–GlobalCompuSearchsupportscomputerforensics,computersecurity,andincidentresponse.GlobalDigitalForensics–GlobalDigitalForensicssupportsdataforensicinvestigationsincludingeDiscovery.Group-IB–Group-IBprovidescustomerwitharangeofexpertdataforensicandinvestigativecapabilities.GuidanceSoftware–GuidanceSoftwareisanindustry-leadingprovideroftheEncaseforensicandanalyticsolution.HackingTeam–ItalianfirmHackingTeamprovidesdigitalforensicsandinvestigativetoolsforoffense.HawaiiDataForensics–HawaiiDataForensicsspecializesininvestigationsofcomputerforensicsandnetworkintrusion.HeliosDataForensics–HeliosDataForensicsofferscomputerforensics,computersecurity,andincidentresponse.IDExperts–IDExpertssupportsrecoveryservicesincludingidentitytheftprotectionandcreditmonitoring.IrisDataServices–IrisDataServicesprovidesarangeofmanagedeDiscoveryservicesforcustomers.kCura–kCuradevelopsadvancedeDiscoverysoftwareforelectronicevidencecollectionbycustomers.KesslerInternational–Kessleroffersforensicaccounting,IPinvestigations,digitalforensics,andinvestigativeservicesKroll–Krollprovidesateamofcomputerforensicsexpertstoassistindigitalevidencecollectionandanalysis.K2Intelligence–K2IntelligenceisaninvestigativeandriskanalyticsconsultancyfoundedbyJeremyandJulesKroll.LarsonSecurity–LarsonSecurityprovidescybersecurityservicesincludingdigitalforensicsandincidentresponse.LighthouseeDiscovery–Seattle-basedfirmLighthouseeDiscoverysupportslegaleDiscoveryforclients.LIFARS–NewYorkCityfirmLIFARSprovidesarangeofdataforensicandinvestigativecapabilities.MagnetForensics–MagnetForensicsofferscomputerforensicandinvestigativetoolsforexaminers.Microforensics–Microforensicsofferscomputerforensics,computersecurity,andincidentresponse.NortheastOhioForensicDataRecovery–NortheastOhioForensicDataRecoverysupportsdigitalforensicsandlitigation.NowSecure–NowSecureincludesdigitalforensicsinitsadvancedsuiteofmobilesecuritycapabilities.NTIAssociates–NTIAssociatesofferscomputerforensics,computersecurity,andincidentresponsesupportinglitigation.Nuix–Nuixofferssearch,investigative,andinformationmanagementanalyticscapabilitiessupportingdigitalforensics.NuVida–Thecompanyoffersarangeofconsultation,digitalforensics,litigation,andexpertwitnessservices.OneconsultAG–OneconsultAGprovidesdataforensicandinvestigativecapabilitiesalongwithitstestingandauditingsuite.OptimoIT–OptimoITincludeslegalsupportservicesinitsrangeoftechnologyconsultationservices.OSForensics–OSForensicsoffersarangeofforensicsolutionsupportingdiscoveryandextractionTheOxmanGroup–Dallas-basedOxmanGroupincludesdataforensicandinvestigativecapabilitiesinitsresponseoffering.Paraben–Parabenprovidesarangeofmobiledataforensicandinvestigativecapabilitiesforcustomers.ParameterSecurity–Parameterprovidespentesting,audit,anddigitalforensicsspecializinginthefinancialindustry.PeakForensics–PeakForensicsofferscomputerforensics,eDiscovery,andexpertwitnessservices.PwCForensics–ConsultinggroupPwCForensicsincludessupportfordigitalforensicsdisputeandrelatedservices.ResponsiveDataSolutions–ResponsiveDataSolutionsprovideselectronicdiscoveryservicesandsoftwareforlawfirms.St.JohnsDataConsulting–St.JohnsDataConsultingoffersdigitalforensics,consulting,andexpertwitnessinJacksonvillearea.StrozFreidberg–NowpartofAon,StrozFreidbergofferscomputerforensics,investigations,andexpertwitness.Sylint–Sylintprovidesexpertservicesintheareasofdataforensics,eDiscovery,andcompliance.Symantec–Symantecsupportsawiderangeofdigitalforensicscapabilitiesacrossitsproductandservicesuite.TacticalNetworkSolutions–TacticalNetworkSolutionssupportsarangeofdigitalforensicsolutions.TCSForensics–WesternCanadafirmTCSForensicssupportseDiscovery,forensics,andriskmanagement.TechFusion–TechFusionisacertifiedexpertcomputerforensicsfirmlocatedinBoston,Massachusetts.Thumbtack–Thumbtackprovidesarangeofdatarecoveryanddigitalforensicsservicesforcustomers.Tri-StateDataRecoveryandForensics–Tri-StateDataRecoveryandForensicsprovidesRAIDandharddriverecovery.UnitedLex–UnitedLexprovideslegalandbusinessservicesthatintegrateconsultingandtechnology.USDataForensics–USDataForensicsprovidescomputerforensicexamination,fraudinvestigations,andlitigationsupport.Wetstone–Wetstone,nowpartofAllen,offersasuiteofforensictoolsincludingWiFiInvestigatorandStegoHunt.X-WaysSoftwareTechnologiesAG–X-Waysprovideshexfile,disk,andRAMeditorfordatarecoveryandcomputerforensics.
Control40:IdentityandAccessManagementIdentityandAccessManagement(IAM)involvesthepeople,processes,tools,infrastructure,andinterfacesrequiredtocontroltheprovisioning,maintenance,andoperationofuseridentitiesandtheassociatedsetofauthorizationsrequiredtoenforceaccesspoliciesinanenterprise.ThecasecanbemadethatIAMisthemostcomplexandchallengingcomponentofmostenterprisesecurityteamresponsibilities.Challengesincludethefollowing:
• UserManagement–IAMinfrastructuremusthandletheday-to-dayprovisioning,maintenance,andhelpdeskneedsofuserswhomighthaveseriousdeficienciesintheirunderstandingofaccessandauthorizationpolicies.
• SystemInterfaces–IAMinfrastructuremustincludeconnectorsandinterfacestothesystemsandapplicationsthatrequireauthorizationpolicy.HumanResources(HR)systemsaretypicalsuchapplications.
• PolicyComplexity–IAMpolicycanbecomplexanddrivenbyuniqueorganizationalstructureandassetprotectionneeds.ThisoftenleadstohighlycustomizedIAMcontrols.
• ApprovalWorkflow–Theday-to-dayauthorizationrequirementsforatypicalIAMsystemwillincludeworkflowsupportincludingemailapprovalsbysupervisorsforrequestedaccesses.
• ControlObligation–IAMisincreasinglychallengedwiththetaskofbeingprimarycontrolformanysecurityrequirementsframeworks,supplantingtheperimeterfirewallwiththisassignment.
• PerformanceRequirements–LargerIAMinstallationssupportingmanyusersperformingtime-sensitivetransactions,suchasnewproductlaunches,willneedtobeparticularlyattentivetoperformancerequirements.
• AuditResponsibility–AnyIAMprofessionalwillattestthatenterpriseauditsalmostalwayshaveIAMinfrastructurecontrolsintheircross-hairs.
InadditiontotheabovefamiliarchallengesforIAM,thecurrentissueinvolvestransitionfromenterprise-hostedIAMwithlinkstolocalapplicationsandsystemssuchasActiveDirectorytodistributed,virtualizedhybridcloudenvironmentsthatmightrequireextensivefederationofcredentialsandsinglesign-on(SSO)acrossheterogeneousenvironments.Thisiscomplexandevolving.Anadditionalchallenge,asifthereweren’tenoughalready,istheorganizationaldebatethatissocommonregardingwhetherIAMshouldbemanagedbysecurityteamsorIToperationsteams.Theinevitabletug-of-warsthatresultwillnotmakeitanyeasiertomanageIAMinfrastructurein2018andbeyond.GeneralOutlookThegeneraloutlookforidentityandaccessmanagementsolutionsinvolvestransitionfromcentralizedIAMdeploymentonanenterpriseLANtoadistributedIAMconfigurationsupportinghybridcloudservices.IAMinfrastructureisalsomovingfromhighlycomplex,
difficulttoadministerservicestogreatlysimplifiedservicesthataremucheasiertoadminister.FirstgenerationIAMinfrastructurefrom1998to2007wereenterprisehosted,highlycomplex,andgenerallytangledupincomplianceissuesthatrequiredavarietyofcomplicatedchangestosupport.ITteamalmostalwayshadsoleresponsibilityforIAMduringthisperiod.SecondgenerationIAMinfrastructurefrom2007to2016includedearlysupportforcloud,butcontinuedcomplexityandcomplianceissues.IAMsolutionsduringthiserabegantoaddressIoTandM2Minfrastructure,andbegantoevolvetowardenterprisesecurityteamresponsibility.ThirdgenerationIAMinfrastructurefrom2016to2025shouldexpecttoseeatransitiontodistributed,virtualizedsupportembeddedacrosshybridcloudservicesandintegratedintoCASBsandmicrosegments.IntroductionofstrongidentitycredentialfederationoriginatinginTEE-basedcomputingwillbeanothermajoradvance.
Figure40.2018IdentityandAccessManagementOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookismoderate,onlybecauseIAMhasbeensuchamessyaspectofenterprisesecuritytodate,andisthusdifficulttopredict.ThebiggestchallengetoproperevolutiontocloudforIAMisthatsomanyimportantsupportsystemssuchasActiveDirectoryremainontheenterpriseLAN.ThisresultsinIAMservicesconstantlyreachingbackontotheenterpriseLANforinformationrequiredtoproperlymanageIAMandauthorizationworkflow.Asthesesupportservicesmigratetocloud–aswithMicrosoftvirtualizingActiveDirectorytocloudinfrastructure,thiseffectwillwane.AdviceforEnterpriseSecurityTeamsSomanydifferentlocalissueswilltendtoexistacrossaspectsoftheIAMspectrumthatitisespeciallyhardtogivebroad,generaladvicetoenterpriseteamsaboutthisarea.OnecommonsuggestionistoworkhardforclarityofIAMresponsibilitywithIToperationsstaff.Toooften,confusionaroundIAMresponsibilityresultsinweakaction,andthiscanbefatalforcompaniesmovingtohybridcloud.Inaddition,enterpriseteamsshoulddemandroadmapsfromtheirexistingIAMvendorsonhowthetransitiontomobility-enabledcloudservicescanbehandled.NewentrantsintheCASBandcloudsecurityspacecanofferIAMservices,socompetitionwillemergefromthesepreviouslynon-existentvendors.IfthereisonerallyingcryforenterpriseteamsregardingIAMoverthenextdecade,itwouldbetoreducecomplexity.Moreislessin
IAM,andnewfeaturesarelessattractivethenstreamlinedoperation.Payspecialattentiontocomplexfederationschemesthatsomevendorswillofferacrossheterogeneouscloudservices,resultinginaweirdpass-the-buckarrangementforidentities.AdviceforSecurityTechnologyVendorsIAMvendorsrangefromsmallconsultantstomonster-sizedcompaniesofferingfull-featuredenterprisesolutions.Inallcases,however,thetransitiontomobility-enabledhybridcloudwillchangethenatureofIAMsolutionofferings.ItthusstandstoreasonthatyouwillneedtodevelopamigrationplantosupportvirtualdatacenterandSDN-hostedinfrastructure,includingpubliccloud.Youwillresistthistransitionatyourperil,andexcusessuchasActiveDirectoryandlegacyHRapplicationsremaininginsidetheperimeterwillnotserveyouwellinthelongrun.Committocloudimmediately.Inaddition,theadviceofferedabovetoenterpriseteamstoseeklesscomplexsolutionsforIAMextendstovendorsaswell.Morefeaturesarelessimpressivethanstreamlined,simplifiedmanagementandoperation.LessreallyismoreinIAM,andthebestvendorswillinternalizethisintotheirdesigns.ListofSupportVendorsAegisIdentity–AegisIdentityoffersanidentitymanagementsolutionfocusedontheeducationmarket.AlertEnterprise–AlertEnterpriseprovidesinfrastructureprotectionthroughGRCmanagementandmonitoringAmazonWebServices–AWSincludesIAMcapabilityforsecurelycontrollingaccesstoitscloudservicesandresources.Atos–AtosofferstheDirXportfolioofadvancedidentityandaccessmanagementproductsolutions.AujasNetworks–AujasNetworksprovidessecuritysolutionsinvulnerabilitymanagement,dataprotection,andIAM.Auth0–Auth0providesaproductthatallowsdeveloperstoaddidentityfederationtotheirapps.Avatier–AvatierautomatesIToperationsandcomplianceofuserprovisioning,accessmanagement,andrelatedfunctions.Avecto–AvectofocusesonprovidingWindows-basedprivilegemanagementfordesktopsandservers.Axiomatics–Axiomaticssupportsattribute-basedaccesscontrolanddynamicauthorizationbasedonXACML3.0.BeyondTrust–BeyondTrustsupportsprivilegeandidentitymanagementforserversandotherITsoftware.Bitium–Bitiumprovidesacloud-basedplatformformanagingpasswords,users,andSaaSapplicationaccess.CA–CAoffersitsIdentitySuite,PrivilegedAccessManager,IdentityManager,andIdentityGovernancesolutions.Centrify–CentrifyoffersanidentityandcloudmanagementplatformsupportingIdentity-as-a-Servicesolutions.CertifiedSecuritySolutions(CSS)–CertifiedprovidessolutionsintheareasofPKI,encryption,andidentityforIoTCoreblox–Corebloxisapremierproviderofidentityandaccessmanagementforenterprise,federation,andcloud.CoreSecurity–FormerlyCourion,CoresupportsIAMwithself-servicepasswordmanagementandautomatedaccessreviews.Covisint–Originallyfocusedonconnectedvehicle,CovisinthasexpandedtosecureIoT,supplychain,andIAM.CrossMatchTechnologies–CrossMatchtechnologiesprovidesIAMandbiometricidentityverificationsolutions.CyberArk–CyberArkfocusesonlockingdownprivilegedaccountstoreducesecurityriskandadvancedpersistentthreats.Daon–Daonoffersplatforms,tools,andappsfocusedonidentityassuranceandbiometrics.DeepIdentity–LocatedinSingapore,India,andtheUK,DeepIdentitysupportsidentityanddatagovernance.DeepnetSecurity–DeepnetSecurityprovidesmulti-factorauthenticationandidentityandaccessmanagementsolutions.DellSoftware–Dellprovidesasuiteofidentitygovernance,accessmanagement,andprivilegedmanagementforenterprise.DirectRM–DirectRMprovidesstrongauthenticationandaccessmanagementsolutionssupportingBYOD.Ellucian–Ellucianprovidesrangeofeducationindustrysoftwarewithidentityandaccessmanagementconsultingservices.Equifax–Equifaxsupportscreditreportingviaidentityassuranceforpersonal,smallbusiness,andlargerbusinessapplications.Evidian–EvidiansupportsIAMforsinglesign-on,userprovisioning,andrelatedfunctionsforenterpriseandcloud.Exostar–Exostaroffersarangeofidentityandaccessmanagementandcloudcollaborationsolutions.Experian–Experiansupportsidentityandcreditaccess,aswellasrelateddatamanagementsolutions.FischerInternational–FischeroffersIAMsoftwareforoutsourcedandonpremiseenvironmentsforhighereducation.ForgeRock–ForgeRockprovidesidentityandaccessmanagementforcloud,mobile,andenterprise.FoxT–FoxTprovidesasuiteofnetworksecurityandaccessmanagementsolutionsfortheenterprise.Gluu–Gluuprovidesanopensourceorondemand,standards-basedidentityandaccessmanagementcapabilityforenterprise.Google–GoogleoffersidentityservicesthatfederateGooglelogintoothercloudidentityandaccessappsandservices.HIDGlobal–HIDGlobalprovidesidentityandaccesssolutionsincludingsmartcards,readers,RFIDtags,andsoftware.Hitachi-ID–Hitachi-ISprovidesidentityandaccessmanagementincludingsupportforgovernanceandpasswordmanagement.
HPE–HPEoffersitsCloudIdentityServicesupportingsecureidentityandaccessmanagementfortheHelionPublicCloud.IBM–IBMofferscapabilitiesbasedonearlyacquisitionofTivoliforidentityandaccessmanagement.Identacor–Identacorenablessecure,one-clickaccesstocorporateapplicationsviaSaaSidentitymanagementandSSO.Identia–Identiaprovidesnext-generationidentityandaccessfocusedonclouduseandintegratedwithPKItechnologies.Identicard–ThecompanymanufacturesID,access,andsecuritycardsandaccessoriesinsupportofIAM.Identigral–Identigraloffersconsultingservicesandsolutionsforclientsworkingonidentityandaccessmanagement.Identiv–Identivoffersarangeofidentitysolutionssupportingpremisesaccess,dataaccess,andcredentialmanagement.Identropy–Identropyprovidesarangeofinformation,resources,andservicesinsupportofIAM.i-SprintInnovations–i-SprintInnovationsprovidesidentity,credential,andaccessmanagementsolutions.iWelcome–iWelcomesupportsidentityandaccessmanagementforEuropeangovernmentapplications.JerichoSystems–JerichoSystemsprovidessupportforaccessmanagementwithemphasisonXACMLimplementation.LiebermanSecurity–Liebermanincludesarangeofproductsrelatedtoidentity,passwords,andprivilegemanagement.Mycroft–NowpartofEY,MycroftprovidesarangeofmanagedandprofessionalservicesinIAM.NetIQ–NetIQ,offeredbyMicroFocus,includesfull-featuredIAMandsecuritymanagementsolutions.NextLabs–Inadditiontodataandrightssecurity,NextLabsoffersXACAMLpolicyserversolutions.neXusGroup–neXusGroupsupportsidentitymanagement,certificateandkeymanagement,andauthentication.9Star–ThecompanyofferscustomersitsElasticSSOsoftwaresolutionforfederatedaccesstechnology.Okta–Oktaofferscustomersacloud-basedsolutionforidentityandaccessmanagementservices.OnWire–OnWireincludesaFedRAMP,multi-factorauthenticationplatformwithcloudbasedIAM.Omada–Omadaofferssolutionsforidentitymanagement,governance,compliance,anduserprovisioning.OneID–OneIDfocusesonthemanagementofon-lineidentitieswithouttheneedforpasswords.OneLogin–OneLoginsupportscloud-basedIAMwithsecureaccesstocloudapplicationsfrommobiledevices.Oracle–Oracleprovidesafullfeatured,industry-leadingcapabilitywithlargeandsmallcustomers.Osirium–Osiriumprovidesprivilegeduseraccountmanagementandprotectionsolutionsfortheenterprise.PerfectCloud–PerfectCloudoffersrangeofcloudsecuritysolutionsincludingSmartSigninwithSSOandfederatedIAM.PingIdentity–PingIdentitysupportsenterpriseidentityandaccessmanagementforinternalandSaaSapplications.ProtectedNetworks–ProtectedNetworksisaGermancompanythatprovidesserveraccessrightsmanagementsolutions.RadiantLogic–RadiantLogicsupportsidentity,federation,anddirectoryservicesthroughvirtualizationandcloud.RSA–RSAoffersarangeofIAMsolutionsbuildingontheAveksaacquisitionandtheindustry-leadingRSAtokenfor2FA.Sailpoint–Sailpointofferson-premiseandcloud-basedidentityandaccessmanagementplatform.SalesforceIdentity–SalesforceIdentityincludesextensiveIAMfunctionstoprovideSaaSprotectionsforSalesforce.Saviynt–Saviyntprovidescloudaccessgovernanceandintelligencefordataprotection,privacy,andregulatoryrequirements.SecureAuth–SecureAuthprovidesanIAMsolutionsupportingSSOand2FAformobile,web,andcloudapplications.SecureKey–SecureKeyoffersidentityandauthenticationsolutionsforonlineconsumerserviceproviders.SecZetta–SecZettaprovidesservicesspecializinginIAMimplementationandprivilegedaccountmanagement.Simeio–ThecompanyofferstheSimeioIdentityOrchestratorplatformandIdentityIntelligenceCentersolution.Soffid–Soffidoffersanopen-sourceidentityandaccessmanagementsolutionwithsupportforSSO.Stormpath–StormpathprovidesausermanagementAPIthatallowsdeveloperstointegrateauthenticationforusersandroles.SurePassID–SurePassIDprovidescloud-basedidentityandaccessmanagementformobileandhybridclouduse.Syntegrity–Syntegrityprovidessecurityproductsandservicesincludingsupportforidentityandaccessmanagement.Tools4Ever–Tools4Everoffersidentitygovernanceandadministrativetoolsandenterprisesolutions.Transunion–Transunionprovidesfraud,identity,andcredit-relatedservices.TransunionacquiredTrustevin2015.2Keys–2Keysprovidesmanagedandprofessionalserviceswithemphasisonuserauthenticationandidentityattributes.UnboundID–UnboundIDoffersidentityandpreferencemanagementthroughtheUnboundIDplatform.WhiteCloudSecurity–2Keysprovidesmanagedandprofessionalservicesforuserauthenticationandidentityattributes.Control41:SecurityComplianceSecuritycomplianceinvolvesthelifecycleactivitiesrequiredtoprovidesufficientevidencethatanorganizationmeetstherequirementsofadesiredcontrolframework.Inindustry,thedominantsuchframeworktodatehasbeenthePaymentCardIndustry(PCI)DataSecurityStandard(DSS)whichsupportsmerchantsaroundtheworldwhoarehandlingcreditcards.Manyotherframeworksexist–infact,thesituationhasgrownalmostabsurdwiththeenormityofsecuritycomplianceobligationsfororganizationsofeverysizeandscope,andin
everysector.PCIDSSishighlightedheresimplybecausesuchalargeprofessionalserviceindustryexistsforQualifiedSecurityAssessors(GSAs)whoarecertifiedtobesufficientlycompetenttoworkwithclients.Buttherealityisthatthisindustryisburgeoningtothepointwhereenterprisecybersecurityteamsinsectorssuchasbankingmightdirectroughly75%oftheirtime,energy,andbudgettocomplianceactivities.Perversely,thisobsessionisoftendrivenlessbyanysinceredesireforsecurityprogramquality,andmorebytheneedtoavoidrepercussionsbyfinancialregulatorsorotherlargeorganizationssuchascreditcardcompanies.Mostbusinessbeingdonebysecurityvendorsinthisareafocusesonprofessionalservices,butadjacencieswithGRCplatformsareobvious.Theadvicefrommanypundits(includinghere)hasbeenanurgentpleaformorestreamlinedsecuritycompliancerequirementsincyber,withlocalselectionofonegoodframeworkthatcouldsupportasingle,properlydonecomplianceassessment.Federationorexportofthoseresultsshouldbesufficient.Nevertheless,theglobalindustryappearstobeheadedintheotherdirection,whichisexcellentnewsforcomplianceconsultants,butterriblenewsforCISOs.Thenextdecadeisasimpossibletopredictasanelection,butwewillbeoptimistichere–andwillmaintainthehopethattheneedsoftheworkingenterprisesecuritypractitionerwillprevail,andthatcompliancewillbecomeasaneractivityinthecomingdecade.Suchsanitywouldinvolvedoingcomplianceproperlyonce–eveninthefaceofmanymorecomplianceframeworks,andusingtheresultstosupportawidervarietyofneedsbybusinesspartnersandregulators.Theresultwouldbeagraduallyimprovingqualityofsecuritycomplianceoverthenextdecade,withtherateofimprovementsgrowingatafasterclipthanhasbeenseentodate.Improvedautomationsupportwillcontributetothisaccelerationofqualityaswell–andthatisgoodnewsforCISOteams.GeneralOutlookThegeneraloutlookforsecuritycompliancesolutionofferings,especiallyinsupportofPCIDSS,involvestransitionfromasmallnumberofframeworksinthelate90’stotheinevitablecontinuedgrowthinthenumberofapplicablecomplianceframeworks.Thehope,however,isthatevenwiththisincreasednumberofframeworks–newonesemerging,forexample,invariousUSStates–thatCISOteamswillbeabletoselectandchoosethecorrectonesandfederatetheresultstodifferentcontexts.Transitionwillalsocontinuefrommostlymanual,overlayprocessesforcompliancetoautomatedandembeddedcomplianceprograms.Firstgenerationsecuritycomplianceprogramsfrom1998to2007wereusedaspenaltiesbyregulators.Mostmanualprocesseswereusedwithlotsofpaperworktosupportagrowingnumberofframeworks.Thequalityofcomplianceprogramsremainedlowduringthisperiod.Secondgenerationsecuritycomplianceprogramsfrom2007to2016improvedsomewhatasGRCautomationstreamlinedwhatwasstilltoomuchpaperwork.Regulatorscontinuedtousecomplianceasthebasisforpenaltyandthenumberofframeworkscontinuedtogrow.Thebesteffectduringthisperiodwasthegrowingrecognitionthatcomplianceandsecurityweredifferentobjectives.Thirdgenerationsecuritycompliancefrom2016to2025shouldexpecttoseeanacceleratedrateofqualityimprovementforcompliancewithbetterautomationandfewerapplicableframeworks(notethatapplicableisdifferentthanavailable.)Duringthisperiod,everyonewillcometorecognizecomplianceasclearlyseparatefromsecurity,andthis
willresultinmuchimprovedinterpretationofresultsandlessreactionarymanagementplans,especiallyfromBoards.
Figure41.2018SecurityComplianceOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookismoderate,becausecomplianceinvolvespoliticsandpower,neitherofwhichareeasyforgearheadcybersecurityanalyststofactorintotheirpredictions.Sufficeittosay,wechoosetobepositiveandtopredictimprovedcompliancequality,regardlessofhowthismightbeachievedinpractice.AdviceforEnterpriseSecurityTeamsEnterprisesecurityteamsaretypicallyfrustratedwhenitcomestocomplianceprograms–albeitwithacaveat:Somelargerteamshaveseeninternalgroupsandstaffmembersgrowcomfortablewiththeircompliancejobs.Somehavespentnearlytheirentireprofessionalcareer,perhapsoverdecades,workinginsecuritycompliance.Thisleadstocomplacencyandthecommonbeliefthatwhatisfamiliarandnormalisalsooptimal–whichissad,becausethetimeandeffortspenttodateoncompliancehashadlittleimpactonthesecurityofourindustry.VirtuallyallretailcompanieshackedinthepastdecadewerePCIDSScompliant.Theonlyreasontherateofsecurityhackinghaswanedisthatthefunctionalweaknessofunencryptedcardswipemachineswasreplacedwithbetterprotectionattheretailcounter.CISOsthusshouldfocusonthreethings:(1)Coachyourteamstodogreatcompliance,buttoremainskepticalthatthisshouldbesodominantinyourbudgetandattentionplanning;(2)Drivetothehighestlevelsofautomationpossibletostreamlinegapanalysisandtominimizetheawfulpaperworksotypicalofcompliancework;and(3)Developgoodrelationshipswithworld-classcomplianceconsultantswhocanhelpbridgethegapbetweendifferentframeworks.AdviceforSecurityTechnologyVendorsIfyousellsolutionsinthisarea–andwedifferentiateherewithGRCplatforms,whichareconsideredaseparatecontrolarea,thenyouaremorethanlikelysellingprofessionalservicestoyourclients.Thegoodnewsisthatbusinesswillcontinuetogrowforyou,butthewarninghereisthatcustomerswilldemandthatyouspeakmultiplecompliancelanguages.Theyare
goingtobelookingmoreandmoreforconsultantsthatcanhelpthemestablishPCIDSS,whileatthesametimehelpingthemdealwithcustomerswhowantbetterNISTFrameworkdependency.Theseareeasycross-oversforconsultants,sothisshouldnotbeabigdeal.Thecompetitionisfierceincomplianceconsulting,sodon’texpectyoursmallconsultancytodevelopintothenextDeloitteunlessyoucomeupwithamajorbreak-throughinautomationsupport.Perhapsdeeplearningtoolsforcompliancewouldbesomethingtolookat(andweareonlypartiallykiddinghere).ListofSupportVendorsAboveSecurity–AboveSecurityincludesPCIDSSandcomplianceconsultinginitsmanagedsecurityandauditofferings.ANX–ANXisaglobalproviderofmanagedpayment,compliance,andsecurityservicesforcustomers.AT&T–AT&TincludesawiderangeofexpertcomplianceandPCIDSSQSAsupportinitglobalconsultingoffering.AtherTechnology–TradingasCiannaTechnologies,AtheristheonlyPCIDSSregisteredintheKingdomofSaudiArabia.AttackResearch–AttackResearchisaPCI-QSAcertifiedconsultinggrouplocatedinLosAlamos.Avnet–AvnetisaprofessionalconsultingfirminIsraelincludesrangeofcomplianceandPCIservices.BAESystems–BAEacquiredSilverSky,whichoffersamanaged,GSA-approvedPCIcompliancesolution.BellCanada–BellCanadaincludesarangeofsecuritycomplianceandPCIconsultingaspartofitsservices.Blackfoot–BlackfootisaUKfirmofferingawiderangeofPCIandcomplianceconsultingservices.CadenceGroup–CadenceGroupisanadvisoryandcomplianceconsultingfirmofferssupportforPCIandotherframeworks.CadreInformationSecurity–CadreInformationSecurityconsultingfirminCincinnatiprovidescomplianceandPCIassessments.TheCISOGroup–TheCISOgroupoffersinformationsecurityconsultingwithanemphasisonPCIDSScomplianceissues.Clone–CloneSystemsisanMSSPthatfocusesoncontinuousmonitoring,securecloud,securityscanning,andconsulting.CNSGroup–UKconsultingfirmCNSGroupoffersinformationassurance,ITsecurityandcompliancesolutions.Coalfire–Coalfireprovidescyberriskmanagementandcomplianceservicesforenterpriseandgovernmentorganizations.CompassITCompliance–CompassprovidesITcompliance,security,andauditprofessionalservices.CompliancePoint–APossibleNOWCompany,CompliancePointoffersinformationsecurityconsulting.ComsecConsulting–ComsecConsultingoffersserviceswithemphasisonriskmanagementandcompliance.ContentSecurity–ContentSecurityincludesarangeofPCIDSSconsultinginitsprofessionalservicesuite.ContextualSecurity–ContextualSecurityoffersITsecurityservicesincludingPCIandHIPAAconsulting.ContinuumSecuritySolutions–InformationsecurityfirmContinuumisengagedincompliance,assessments,andgovernance.ControlCase–ControlCaseisaninformationtechnology,GRC,managedcompliancesoftware,andservicescompany.ControlGap–ControlGapisanapprovedCanadianQSAcompanyforPCIDSSsecuritycompliance.ControlScan–ControlScanprovidesawiderangeofPCIcomplianceandself-assessmentservices.CrimsonSecurity–CrimsonSecurityincludescomplianceservicesforPCIDSS,ISO27002,NIST800-53,GLBA,andHIPAA.CrossbowLabs–CrossbowLabsprovidesenterprise-consultingservicesforPCIDSSsecuritycompliance.CybercomGroup–CybercomGroupisaSwedishconsultingfirmthatincludescomplianceservices.DaraSecurity–DaraisasecurityfirmofadvisorsandethicalhackerswithexperienceinPCIDSSandotherstandards.Deloitte–DeloitteservesasanapprovedQualifiedSecurityAssessor(QSA)foritsglobalenterpriseclients.DimensionData–DimensionDataisaNewZealandgroupsupportingPCIbasedonitsSecurityAssessmentacquisition.DirectDefense–DirectDefenseoffersarangeofsecurityconsultingservicesincludingcomplianceandPCIDSS.ECSC–UKfirmECSCoffersmanagedsolutionsforcustomersincludingPCIservicesandconsultancy.EnterpriseRiskManagement–SecurityconsultingfirmEnterpriseRiskManagementincludescompliancemanagementservices.Espion–BasedinDublin,EspionprovidesarangeofsecurityconsultingandPCIDSSprofessionalservices.GalixNetworking–SouthAfricaninformationsecurityfirmGalixNetworkingincludesPCIcomplianceinitsspecialties.Geobridge–Geobridgefocusesonsecurity,compliance,andpaymentservices,whichisfundamentaltothePCIDSSprocess.GrantThornton–AccountingfirmGrantThorntonincludesarangeofenterprisePCIDSSQSAconsultingservices.GRC360–GRC360isaconsultancywithPCIDSScapabilityoperatingintheMiddleEastregionandUK.GroundLabs–GroundLabsprovidessecurityandauditingsoftwareinsupportofPCIDSScompliance.GRSeeConsulting–GRSeeConsultingisanIsraeliconsultingfirmthatincludesPCIDSSassessments.HalockSecurityLabs–HalockSecurityLabsincludescomplianceservicesalongwithpenetrationtestingandriskassessment.TheHerjavecGroup–TheHerjavecgroupoffersQSAservicesandPCI-compliantmanagedservices.IBM–IBM’sglobalenterpriseconsultantsareavailabletosupportPCIDSSassessmentsforcustomers.IntersecWorldwide–NewportBeachfirmIntersecWorldwidespecializesinPCIcomplianceprofessionalservices.IRM–IRMisaUK-basedfirmthatprovidesarangeofsecurityconsultingservicesincludingPCIDSS.KPMG–KPMGincludesPCIcomplianceandQSAconsultingservicesintheirprofessionalserviceofferings.LazarusAlliance–ArizonafirmLazarusAllianceprovidessecurity,riskmanagement,audit,andcompliance.
Megaplan-IT–Megaplan-IToffersaPCIconsultancy,includinganon-sitepre-PCIgapassessmentservice.Nettitude–Nettitudeofferspenetrationtesting,riskmanagement,andPCIconsultancyservices.NetWorksGroup–NetWorksgroupincludescomplianceservicesforPCI,HIPAA,andotherframeworks.nGuard–nGuardisasecurityconsultingandtestingvendorthatalsoservesasaPCIQSAvendor.Novacoast–NovacoastincludescomplianceservicesforPCI,FISMA,HIPAA,andotherframeworks.NTTCommunications–NTTComSecurityincludesPCIDSSinitsrangeofconsultingandmanagedsecurityservices.NTTSecurity–OperatinginIrelandandItaly,NTTSecurityofferstheZeroRiskPCIportalforPCIcompliance.Optiv–SecuritysolutionsproviderOptivincludesPCIsupportaspartofitsprofessionalservices.OrangeConsulting–OrangeConsultingincludesfocusongovernance,risk,andcomplianceassessments.Paladion–InformationriskmanagementfirmPaladionoffersprofessionalservicesincludingcompliance.PanaceaInfosec–IndianfirmPanaceaInfosecprovidesinformationsecurityservicesincludingPCIDSScertification.ParameterSecurity–Parametersecurityincludescomplianceauditsinitsrangeofprofessionalservices.PentestPartnersCompliance–PentestPartnersComplianceoffersQSAandPCIforensicsservices.Pondurance–Ponduranceisaninformationsecurityfirmthatincludessecuritycomplianceservices.Praetorian–Praetorianofferscustomersarangeofriskconsultingandcomplianceadvisoryservices.Protiviti–ProtivitiprovidescustomerswithPCIplanning,readiness,andcompliancecapabilities.PwC–PwCincludesPCIprofessionalservicesinitssuiteofglobaltechnologyandconsultationofferings.RavenEye–RavenEyeprovidessecurityconsultingincludingethicalhacking,PCIDSSQSAservices,andpenetrationtesting.RedhawkNetworkSecurity–RedhawkNetworkSecurityspecializesininformationsecuritywithPCIQSAservices.RedIsland–UK-basedconsultingfirmRedIslandoffersinformationsecurityandgovernancewithPCI.SecureState–SecureStateincludescomplianceinitssuiteofinformationsecurityprofessionalservices.SecurityMetrics–SecurityMetricsprovidesPCIDSS,HIPAA,anddatasecuritycomplianceassessments.SecurityRiskAdvisors–SecurityRiskAdvisorsincludescomplianceinitssuiteofinformationsecurityconsulting.Sera-Brynn–Sera-BrynnservesasaPCIQSAandincludescomplianceinitssuiteofinformationsecurityservices.SISA–SISAisapaymentssecurityspecialistfirmlocatedinIndiawithprofessionalservicecapabilityinPCIDSS.Solutionary–PartofNTTGroup,Solutionaryincludescybersecuritycomplianceconsultingservices.StickmanConsulting–StickmanConsultingincludescompliance,penetrationtesting,andinformationsecurityservices.Sunera–SuneraaddressesHIPAAandothercompliancesuitesinitssuiteofinformationsecurityconsulting.Sword&Shield–Sword&ShieldincludesPCIassessmentsinitssuiteofsecurityprofessionalservices.Sylint–SylintofferscustomersarangeofcustomizedservicesforPCI,HIPAA,NIST,andISOcomplianceandaudit.Sysnet–SysnetprovidesawiderangeofPCI,cybersecurity,andcompliancesolutionsforbusiness.TBGSecurity–TBGSecurityprovidessecurityconsultingforcomplianceinHIPAA,PCI,andrelatedframeworks.Tevora–Tevoraprovidessecurityconsulting,riskmanagement,andcompliancesolutionsforenterprisecustomers.TrueDigitalSecurity–TrueDigitalprovidesnetworksecurity,appsecurity,andcompliance/auditservicesforcustomers.TrustedSec–InformationsecurityconsultingfirmTrustedSec,locatedinOhio,offersPCIQSAservices.Trustwave–PartofSingtel,TrustwaveoffersPCIDSSprofessionalservices.Truvantis–TruvantisoffersarangeofauthorizedPCIQSAservicesaspartofitsprofessionalservicessuite.2-sec–2-secprovidesarangeofsecurityconsultingoffersincludingpenetrationtestingandPCIDSSservices.VerisGroup–VerisGroupservesasaPCIQSAforcustomersaspartofitsGRCassessmentandadvisoryservices.Verizon–Verizonincludescomplianceinitssuiteofmanagedandinformationsecurityconsultingservices.WestnetConsultingServices–WestnetConsultingServicesoffersITnetworksecurity,compliance,andPCIQSAservices. Control42:VulnerabilityManagementVulnerabilitymanagementinvolvestheprocesses,tools,andplatformsinvolvedinmaintaininganaccurateinventoryandawarenessofcurrentandpotentialsecurityweaknessesinanenterprise.Suchweaknessescanincludeunpatchedsystems,known(butunfixed)vulnerabilities,andunknown(butsuspected)exploitableholes.Anironyisthatalthoughvulnerabilitymanagementhasbeenacomponentofeveryenterprisesecurityteamprogramfordecades,itremainsoneofthemorepoorlyunderstoodandweaklyattendedtoaspectsofmoderncybersecurity.OnereasonforthisisthestrongdependencyofvulnerabilitymanagementonaccurateITsysteminventories,whichmostsecurityprofessionalshavecometorecognizeastypicallylacking.Goodnewsinvulnerabilitymanagementinvolvesrecent
advancesinautomatedplatformsthatingestlivedata,pullfeedsfromITsystems,andcombinecollectedinformationintolive,situationally-awareviewsoftheenterprise.Suchautomationisclearlythefutureofvulnerabilitymanagement,andcloud-basedthreatintelligenceplaysastrong,complementaryrole.Regardlessofthesizeofagivenenterprise,thisfunctionisessentialtostoppingcyberattacks,andvendorsworkinginvulnerabilitymanagementshouldexpectconsiderablegrowthinsectorssuchasSMBthathavetraditionallynotpaidenoughattentioninthisarea.GeneralOutlookThegeneraloutlookforvulnerabilitymanagementsolutionsinvolvestransitionfromisolatedearlyfocusonsoftwarepatchingtomorecomprehensivefocusonafullrangeofexploitablevulnerabilities.Thistransitionalsohasinvolvedtheshiftfromsimplemanualtoolstointelligentautomatedplatforms.Firstgenerationvulnerabilitymanagementfrom1998to2007involvedearlypatchmanagementtoolspoweredbyweakintelligencecomingmostlyfromthelocalenterprise.Secondgenerationvulnerabilitymanagementfrom2007to2016improveditsfocustoamorecomprehensiveview,usingcloud-basedintelligencetoimprovetheprocess.Hybridcloudandthird-partyriskemergedasclearcomponentsofvulnerabilitymanagementprograms,buttheworkremainedmostlynon-real-timeduringthisperiod.Thirdgenerationvulnerabilitymanagementfrom2016to2025shouldexpecttoseeanevenbroaderfocusareaofapplicableexploitsandweaknessestomanage,poweredbylivethreatfeedsfromall-sourceintelligenceservices.Automationwillintroducelearningalgorithmstoimprovesupportforriskmitigationfromtheseplatforms.
Figure42.2018VulnerabilityManagementOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,sincethisisawell-understandcapability–albeitunder-attendedintoomanyenvironments.Theclearshifttoautomationisexcellentnewssincethebiggestchallengetomanagingvulnerabilitieshasalwaysbeentryingtokeeptrackofeverythingrelevant.(Computersandsoftwarehavealwaysbeenbetterthanpeopleatdoingthosesortsoftasks.)AdviceforEnterpriseSecurityTeams
Enterpriseteamsshouldbeworkinghardonintegratinganautomatedvulnerabilitymanagementplatformintotheiremerginghybridcloudenvironment.Increasingly,relevantvulnerabilitieswillemergeinsystemsmanagedbythirdpartiesandserviceproviders,sofederationsupportandAPI-connectivityofvulnerabilitymanagementplatformswillbesomethingtoincludeinRFPs.Don’texpectsoftwarequalitytoimprovesoonenoughtoreachbug-freecodeinyourlifetime.Dev/Opsandrelatedprocessesaredesignedtocompensateforrushedsoftwarelifecycles,ratherthanfixthem–soyoushouldexpectahealthybarrageofcontinuedsoftware-basedbugsthatneedtobepatched,mitigated,andeventuallyremoved.Vulnerabilitymanagementteamswillremainbusyinthecomingyears,somakesuretoaccountforthisinheadcountandbudgetplanning.AdviceforSecurityTechnologyVendorsExpectlotsofgrowthinmarketneedforautomatedvulnerabilitymanagementsupportinenterprise,butalsoexpecttoseeadjacentsecuritytoolssuchasSIEMsincreasinglycoveringthisfunction.So,thecompetitionforvulnerabilitymanagementfunctionalsupportwillincrease.Also,thelargecloudandserviceproviderswillalmostcertainlyembedmoreextensivevulnerabilitymanagementtoolsintotheirofferings,sothiscouldhavetheeffectofdisintermediatingsecurityvendorsfromanyhybridcloudarchitecture.Vendorsshouldbediscussingpartnershipopportunitieswiththelargerprovidersinadvanceofthisinevitableshift.Asdiscussedabove,automationisthemostessentialcomponentofvulnerabilitymanagement,andwiththiscomestheobligationofAPIsupport,codequality,andflexiblelicensing.ListofSupportVendorsAcunetix–AcunetixprovidesavulnerabilitymanagementsolutionforWebsitesandWebapplications.Allgress–Allgressprovidessolutionsfocusedongovernance,risk,andcompliance(GRC)andvulnerabilitymanagement.AuditSquare–AuditSquareprovidesaMicrosoftWindowssecurity,configuration,andaudittoolsfordesktopsandservers.AujasNetworks–AujasNetworksprovidessolutionsinvulnerabilitymanagement,dataprotection,andIAM.BeyondSecurity–BeyondSecurityofferstheAVDSautomatedsecuritytestsuitefordetectingweaknesses.BugurooOffensiveSecurity–Buguroooffersarangeofplatformsandsolutionsincludingvulnerabilitymanagement.ContrastSecurity–ContrastSecurityprovidescontinuousapplicationtodetectvulnerabilitiesandensurecompliance.CoreSecurity–CoreSecurityprovidesasolutionforconsolidatingandprioritizingvulnerabilitydata.DefenceIntelligence–DefenceIntelligence(Defintel)providesadvancedmalwaresolutionsforcustomers.Detectify–DetectifyperformsWebvulnerabilityscansthroughcloud-basedtoolsthatauditsitesecurity.DigitalDefense–Thecompanysupportsvulnerabilitymanagementviaaworld-classautomatedplatform.ElevenPaths–ElevenPathsprovidesarangeofsecuritysolutionsincludingauthenticationandvulnerabilitydetection.enSilo–enSiloprovidesdataexfiltrationdetectionsolutionsforenterprisecustomersexperiencingabreach.eSentire–eSentireprovidessecuritythreatprotectionsolutionsincludingscanning,logcentralization,andtrafficcapture.Firebind–Firebindprovidesapassive,continuousnetworksecurityandperformance-monitoringtool.FireMon–FireMonprovidesntelligencecapabilitiesforenterprise,government,andserviceproviders.GamaSec–GamaSecprovidesmalwaredetectionandWebvulnerabilitysolutionsviatheGamaScanplatform.Grendel-Scan–Grendel-Scanoffersanopen-sourcedownloadabletoolforsupportingautomatedtesting.GroundLabs–GroundLabsprovidessoftwaretoolsforsensitivedatadiscoverytosupportcomplianceandavoidbreaches.HPE–HPEoffersdynamicanalysissecurityforvulnerabilitydiscoveryandmanagementinWebapplications.IBM–IBMofferstheAppScantool,whichtestsWebandmobileapplicationsforvulnerabilities.Indusface–IndusfacesupportssecuritytestingofWeb,applications,mobile,andenterprisesoftware.Infocyte–Infocyteprovidesasolutionthatscansnetworksforevidenceofexploitablevulnerabilities.Intel–Intelcontinuestosupportexistingcustomerbasewithlegacyscanningsolutionsastheyapproachend-of-life.ISARR–ISARRprovidesaWeb-basedplatformformanagingrisk,resilience,response,andsecurityintelligence.iScanOnline–iScanOnlinescansanddetectsvulnerabilitiesonenterpriseendpointandmobiledevices.ITrust–Luxembourg-basedinformationsecuritycompanyITrustoffersanonlinemulti-anti-virusscannerplatform.Kenna–FormerlyknownasRiskI/O,thecompanyprovidesariskintelligenceandvulnerabilitymanagementplatform.
Lumension–Lumensionsupportspatching,vulnerabilitymanagement,andapplicationwhitelisting.Lumeta–Lumetasupportsacombinationofvulnerabilitydiscoverymethodswithvisualization.Lunarline–LunarlineofferscybersecurityandvulnerabilitymanagementincludingSOCoperation,pentesting,andprivacy.MavitunaSecurity–MavitunaSecurityofferstheNetsparkertoolforautomaticallydetectingvulnerabilitiesandsecurityflaws.TheMediaTrustCompany–ThecompanyprovidesmediasecurityscanningforWebsites,advertisements,andmobile.MileScan–MileScanprovidesanintelligentscannerthatsimulateshackerattacksandidentifiessecurityrisks.MyAppSecurity–MyAppSecurityprovidesriskmanagementsolutionsfordesignersanddevelopersviathreatmodelingtools.NETpeas–NETpeasprovidesSaaSsupportwithapaymentfront-endtosecuritysolutionsincludingvulnerabilitymanagement.Nikto–NiktoconsistsofanopensourceWebscannerfordetectingsecurityvulnerabilitiesinservers.NopSec–Nopsecprovidesunifiedvulnerabilityriskmanagementsolutioncollectsandmanagesscanningoutput.NRISecure–NRISecureofferscustomerstheautomatedGR360Websitesecurityscanningsolution.N-Stalker–N-StalkerprovidesaWeb-applicationsecurityscannerthatincludesafreedownloadableedition.Onapsis–Onapsisprovidesabehavioral-basedapproachtodetectinganomalieswithemphasisonSAP.OPSWAT–OPSWATprovidesITsecurityproductsthatprotectdevices,andtrackdataflowsviamalwarescanning.Orvant–Orvantusesmultipleproprietaryandopensourcescanningtoolstodetectvulnerabilities.Outpost24–OutlierSecurityprovidesagentlesscybersecurityanalyticsasaserviceforendpoints.PwnieExpress–PwnieExpressprovidesarangeofpenetrationtesting,securitytesting,assetdiscovery,andvulnerability.Qualys–Qualysprovidesavulnerabilitymanagementplatformwiththeoriginalvirtualized,cloud-basedsolution.Rapid7–Rapid7offersAppSpiderandintegrateshackingtalentontheteamwithitsproductsandservices.RiskIQ–RiskIQscanstheWebtoensuresecurityoutsidethefirewall-protectedenterprise,includingon-lineadvertisements.RiskSense–RiskSenseprovidesavulnerabilitymanagementplatformalongwitharangeofsecurityservices.SAINT–SAINToffersarangeofvulnerabilitymanagement,penetrationtesting,andcompliancesolutions.SAVANTURE–SAVANTUREprovidesMSSandconsultingincludingSIEM,logmanagement,andvulnerabilitymanagement.SecludIT–SecludITprovidescontinuousvulnerabilitydetectionandmanagementsolutionsforenterprise.SecPoint–SecPointprovidesITsecurityproductsincludingavulnerabilityscanner,UTMfirewall,andWebscanner.Secunia–NowpartofFlexera,thecompanyprovidesavulnerabilitymanagementplatformforenterprise.SecurityScorecard–SecurityScorecardprovidesathreatmanagementforcollectingsecurity-relatedinformation.Shavlik–Shavlikprovidespatchmanagementsolutionsforoperatingsystems,virtualsystems,andapplications.6Scan–6ScanprovidesautomatedvulnerabilitydetectionandmitigationofmalwareonWebsites.Skybox–Skyboxcollectsdatafromallnetworkdevicesandsystemsandcreatesamodelforanalysisandresponse.SolarWinds–Inadditiontoperformance,application,anddatabasemonitoring,SolarWindsoffersITsecurityandcompliance.Solutionary(NTT)–Solutionary,anNTTCompany,providesMSSandconsultingusingitscloud-basedActiveGuardplatform.Sucuri–SucuriprovidesprotectionsolutionsforWebsites,malwareremoval,andnetworkassetsecurity.Symantec–SymantecofferscustomerstheControlComplianceSuitevulnerabilitymanagementsolution.TaaSera–TaaSerabuildruntimebehaviordetectionsolutionstoproactivelyidentifyvulnerabilities.Tenable–TenableprovidestheNessusvulnerabilityscannerforadvanceddetectionofweaknesses.TinfoilSecurity–TinfoilSecurityoffersadeveloper-friendlyserviceforscanningawebsitetodetectvulnerabilities.Tripwire–Oneoftheoriginalsecuritycompaniesinthescanningbusiness,TripwireoffersWebApp360fortheenterprise.TrustWave–TrustWaveoffersabehavior-basedscanningtechnologyacquiredviaCenzicin2014.Control43:IndustryAnalysisIndustryanalysisinvolvesresearchfromthirdpartyexpertanalyststhatprovidestechnicalandmarketingsupportfortheselectionofvendortoolsandsecurityarchitecturaldecisions.Surprisingly,thisimportantaspectofeveryCISOteam’sday-to-dayworkisneverincludedinanysecurityframework–probablybecausemostframeworksarenotdevelopedbypresentorformerCISOs!Bywayofanalogy,imagineaframeworkforfinancialservicesthatdidnotincludetheimportanttaskofreadingandinternalizingresearchontheeconomy,businessconditions,andgeopoliticalfactors.Leavingthistypeofindustryanalyticsupportfromacybersecurityframeworkisjustasconsequential.Thebadnewshereisthatmostindustryanalysisoncybersecurityisterrible.Quadrantsandwavesfromthelargeranalystcompaniesarepurepay-for-playactivities,andleaveoutsmallercompanies(oronesthatwillnotpay).Magazineand
Internetarticlesarebumpyanduneveninquality,andsometimeshavesomanyadvertisingpop-upsthatit’simpossibletothinkstraightwhilereading.WiththeTAGCyberSecurityAnnual,whichyouarereadingnow,thegoalwastodemocratizegreatindustrialresearchsothateveryonehasaccesstothebestguidance.Largercompaniescanhireconsultants,butthatinvolvesonlyaveryfeworganizations.Thetrendhere,onehopes,isthatexcellent,open-source,readilyavailableresearchonthecybersecurityindustrywillbeavailabletoeveryorganizationintheworld.Thisreport,hopefully,willspurthattrend.GeneralOutlookThegeneraloutlookforindustryanalysissolutionsincybersecurityinvolvestransitionfromweakrecognitionofquadrantsandwavesinthelate90’s,throughaperiodthatinvolvedsignificantgrowthinthesereviewstructures,butnowtoacomingperiodwheresuchdependencywillwaneconsiderably.Thetransitionalsoinvolvedashiftfrominexperiencedgeneralanalyststomoreexperiencedanalystswithdomainexpertise.Firstgenerationindustryanalysisforcybersecurityfrom1998to2007involvedearlymagazinearticles,pay-for-playquadrantsandwaves,resultinginlowerqualityanalysisandguidancethanwasneeded.Mostpeopleduringthistimelearnedinsteadfrombooks,talks,andcourses.Secondgenerationindustryanalysisin2007to2016involvedadramaticgrowthintheavailabilityofbumpyinformationontheweb,andmassivegrowthininfluenceofpay-for-playquadrantsandwaves.Muchavailableinformationduringthisperiodwasjustterribleandinaccurate.Infact,theperimetermodelwasspurredalongbyanalystsduringthisperiodthatdidnotunderstandthepowerofdistributedsystems,virtualization,andSDN.Thirdgenerationindustryanalysisfrom2016to2025shouldexpecttoseemoreprofessionalanalysisfromdomainexpertswithlessfocusonquadrantsandwaves.Morehonest,democratizedcybersecurityanalysiswillbemadeavailablefromexpertsforalltouse.
Figure43.2018IndustryAnalysisOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,especiallysinceourowninvolvementatTAGCyberwillhopefullyspurthistrendalong.Strongoppositionfromacoupleoflargeanalystcompanieswillpushbackheavilyontheideaoffreelyavailableresearch,but
thewave(ahem)willbetoostrongtostop.Inthecomingyears,democratizedanalysiswillbethenorm.AdviceforEnterpriseSecurityTeamsTheadvicehereistobecarefulwhatyoureadandabsorb.Stickwithsourcesyouknowandmaterialsthataredevelopedfromapointofviewthatisconsistentwithyourownviewoftheindustry.Forexample,vendormaterialisoftenhelpfulinestablishingthespecificsoftheirdesign–andtheyareinthebestpositiontoprovidethatdata.IfyouarebuyingaSIEM,forexample,thendemandgooddesigndescriptionsofthatproduct.ButtheideathatyourSIEMprovidershouldofferguidanceontheday-to-dayneedsoftheCISOseemssilly;thatisnotwhattheydo,andyou’llgetajadedview.Academiaisincreasinglyprovidingexcellentmaterialsforlearning,andthisshouldbeusedtodevelopanunderstandingoftheunderlyingfundamentalslikecryptographyandvirtualization.Governmentthink-tankshavealsobeengood,andtheDepartmentofHomelandSecurityhasdevelopedsomeexcellentmaterials.Thisisgoodnews.Enterprisesecurityteamsshouldbeespeciallycarefulinwhattheyabsorb–andthisisparticularlyimportantforSMBcompanies.Wemustallagreetonotpayattentionanymoretoquadrantsandwaves.Theydamageourindustry.AdviceforSecurityTechnologyVendorsIfyouareinthebusinessofprovidingindustryanalysisforcybersecurityandyouarereadingthisreportnow,thenmysuspicionisthatyoudonotlikemyworkmuchatall.Theadvicehereistoadjustyourmodel:Vendorsshouldnotpayasmallfortunetobelistedinthetoprightofsomequadrant.Thatbusinessmodelwillwane.Thecompetitionwillbeopensource,freelyavailablematerialfromdomainexperts.Adjust.ListofSupportVendorsCSIS–CSISisathinktankandpolicyresearchinstitutionwithrespectedandexperiencedexperts.CybersecurityVentures–CybersecurityVenturesprovidesamarketreport,includingtheCybersecurity500list.451Alliance–451Allianceoffersresearchreportingonthetechnology,telecommunications,andsecurityindustries.Forrester–ForresterprovidestheForresterWave,includingaspectsofcybersecurity.Gartner–GartnerprovidestheMagicQuadrant,includingaspectsofcybersecurity.HfSResearch–HfSResearchoffersreportsandresearchthatfocusontheas-a-servicemarketintechnologyandbusiness.HMGStrategy–HMGStrategysponsorsseminars,industryreports,andlearningeventsforsecurityteams.IDC–IDCincludesexpertanalystswhoprovideresearch,commentary,andanalysisontechnology,includingcybersecurity.LightReading–Theteamofanalysts,writers,andexpertsatLightReadingprovidereportingtothecybersecuritycommunity.MarketsandMarkets–MarketsandMarketssellsitsCyberSecurityMarketGlobalForecastasadownloadontheInternet.Radicati–TheRadicatiGroupisatechnologymarketresearchfirmthatpublishesamarketquadrantreportoncybersecurity.Securosis–SecurosisisanindependentresearchandadvisoryfirmofferinginsightsintoWeb2.0,APT,andsecurityinvestment.TAGCyberLLC–TAGCyberprovidesthe2017TAGCyberSecurityAnnualasafree,opensourcereferenceguidetoCISOteams.TechSciResearch–TechSciResearchisanindependentresearchfirmthatoffersawideassortmentofmarketresearch.Control44:InformationAssuranceInformationassuranceisadesignationusedtodescribeaspecialtypeofsecurityservicethatwasdevelopedprimarilytodealwithFederalgovernmentcyberriskchallenges.Thetermwasinventedasthelogical(andmorepositive)countertoinformationwarfare,whichbecamea
popularreferencetooffensiveactionagainstnationsintheearly2000’s.Today,informationassuranceisalsousedtoreferencegovernment-relatedoriginofservicesthataremadeavailabletogenerallylargercommercialbuyers.Largesystemintegratorswithdefensesolutionbusinessesarethemostlikelytohaveaninformationassuranceoffering.Usually,suchofferingsinvolvethreatintelligence,integratedprotectionarchitecture,securityoperationsandfusioncenters,andreal-timesituationalawareness–allcommoninaneffectivenationalcyberdefense.Thecommercializationofinformationassuranceisawelcometrendsincecivildefenseofcriticalinfrastructureisperformedbycommercialgroups,andtheycanallbenefitfromthedisciplineandreal-timepostureorientationofgovernmentdefenders.GeneralOutlookThegeneraloutlookforinformationassurancesolutionsinvolvestransitionfrompuregovernmentfocustoacombinedfocusofbothgovernmentandcommercialconcernsandrisk.Thetransitionalsoinvolvesshiftfromsimple,reactivecyberdefenseprogramsandtoolstocomprehensiveandintegratedcybersecuritysolutionsthataremoreproactive.Firstgenerationinformationassurancefrom1998to2007involvedearlyintrusiondetectiontoolorientationbylargeintegratorsastheprimarygovernmentresponsetoinformationwarfare.Secondgenerationinformationassurancefrom2007to2016involvedearlysecurityoperationscentersbeingdevelopedwithsomecommercialinfluenceandexpendedusebeyondsimpleIDS,ifonlytoaddressthemuchmoreseriousriskofadvancepersistentthreats.ItisworthmentioningthattheAPTactorsweremuchmoresuccessfulthantheAPTdefendersduringtheera,sothecombinedsolutionshadtherightidea,butlargelydidnotwork.Thirdgenerationinformationassurancesolutionsfrom2016to2025shouldexpecttoseefullgovernmentandcommercialintegration,withanexpandedrangeofproactiveofferings.Marketcollisionwithmanagedsecurityserviceproviderswillbeobvious,asbuyersmighthavetroubledifferentiatingthetwosolutiontypes.Ingeneral,though,amoreintenseapproachtoreal-timecybersecurityfromgroupswiththeirheritageinFederalgovernmentdefensewillbeagoodinfluenceontheoverallcybersecuritycommunityandshouldthusbewelcomed.
Figure44.2018InformationAssuranceOutlook
TheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,sincerecognitionthatcybersecurityofcriticalinfrastructureisbasicallynationalcivildefense.Severallargeintegratorsinmanycountries(USandIsraelaretheleaders)havealreadyspunoffunitsthatfocusoninformationassurancesolutionsforcommercialbuyers.Asalludedtoabove,thisisawelcometrend.AdviceforEnterpriseSecurityTeamsIfyouarealargerenterprisesecurityteam,thenyou’veprobablyalreadybeenapproachedbyadefenseintegratorofferingtheirinformationassuranceservices.Ifyouhavenotalreadyengaged,itmightbeworthrevisitingtheseservices,becausetherigorandintensitythatcomefromtheirlegacyareworthintegratingintoyourownsolutionapproach.Cybersecurityiscivildefense,soweallmightaswellbeginlearningfromthosewho’vebeenprotectingnationalassetsforthelongesttime.Ifyouareasmallerenterprisesecurityteam,thenkeepaneyeonthismarketforinformationassurancesolutionstargetingSMB-typebudgets.Thisisnotabigtrendtodate,simplybecauseinformationassuranceteamsselllargeprojectstogovernment,sotheynaturallygravitatetowardcommercialbuyerswhocanswallowalargeeffort.AdviceforSecurityTechnologyVendorsInformationassurancevendorsarealmostalwayspatriotswhohaveexperiencedefendingtheirnationfromcyberrisk.Whenyouengagewiththem,theirinitialmarketinginstinctistotellyouabouttheirloyalserviceaswarriors.Thisistobeexpected,butyou’llneedtoscratchdeepertoseeiftheyaretherealdeal.Theywillneedtoincludeareasonable,well-designedcollectionofenhancementstotheirservicetodealwiththeday-to-dayneedsofacommercialorganization.Industryrunsdifferentlythangovernment,soinformationassurancevendorsarewisetorecognizethisfactandadjust.Partneringwithanexperiencedcommercialteammightbethebestapproach.Movingdown-markettoSMBmightbeshockingwhenyouseethetinysizeofmonthlyinvoices,sobecarefulbeforeyoucommittosuchaction.ListofSupportVendorsAccenture–Accentureprovidesglobalprofessionalservices,consulting,andoutsourcedservices,includingcybersecurity.AirbusDefence/Space–Airbusisalargeaerospacecompanythatincludesawiderangeofinformationassurancesolutions.AirPatrol–AirPatrol,partofSysorex,providesplatformsforenterprisedeliveryofsoftwareandwirelessprotection.AppliedPhysicsLab–Thenon-profitgroup,affiliatedwithJohnsHopkins,providesIAservicestotheFederalGovernment.ApplyLogic–McLean-basedApplyLogicspecializesincybersecurityandinformationassurancesolutions.Assevero–Asseveroisauniquevirtualcompanyofferinginformationassuranceservicestothegovernment.AssurIT–AssurITisaninformationtechnology(IT)servicesandsolutionsproviderthatspecializesincybersecurity.AT&T–AT&TincludesaGovernmentSolutionsunitthatprovidesinformationassuranceandcybersecurity.AxxumTechnologies–AxxumTechnologiesisaminorityandwomanownedfirmprovidingITsecurityandIAsolutions.BAE–BAEisalargeBritishaerospacecompanythatincludesarangeofinformationassurancesolutions.Boeing–LargeAmericanaerospacecompanyBoeingincludesarangeofinformationassurancesolutions.BoozAllenHamilton–TraditionalprofessionalservicescompanyBAHoffersinformationassurancecapabilitiestoitsclients.CACI–CCIisadefensecontractorthatprovidesavarietyoftechnologyandinformationassurancesolutions.Carahsoft–CarahsoftprovidesvalueaddedsolutionsincludingsecurityandinformationassurancefortheFederalGovernment.CGI–CGIprovidesglobalITconsulting,systemsintegration,andoutsourcing,includingapracticeincybersecurity.CSC–CSCisatraditionaltechnologyandprofessionalservicescompanythatoffersinformationassurancecapabilities.C3IA–UK-basedsmallenterprisefirmC3IAspecializesinsecuritysolutionsfordefenceapplications.CyberDefenseAgency–SamiSaydjari’sconsultingfirmincludesinformationassuranceforgovernment.CyberDefenses–ConsultingfirmCyberDefensesincludesarangeofinformationassurancecapabilities.CyberNetForceTechnologies–CNFprovidesoperationsandengineeringsolutionsfornetworkdefenseandattackdetection.
CyberPointInternational–ConsultingfirmCyberPointInternationalincludesarangeofinformationassurancecapabilities.Cybersalus–CybersalusisaconsultingfirminRestonthatincludesarangeofinformationassurancecapabilities.ChertoffGroup–MichaelChertoff’sconsultingfirmincludesarangeofinformationassurancecapabilities.CSRA–CSRAformedfrom(CSGovandSRA)providesavarietyoftechnologyandinformationassurancesolutions.Cyberbit–SpunofffromElbit,theIsraelicompanyprovidesarangeofinformationassurancesolutionsforcommercialbuyers.DecisiveAnalytics–DecisionAnalyticsisanemployee-ownedengineeringfirmofferinginformationassurancecapabilities.DeltaRisk–DeltaRiskisaconsultingfirmthatincludesarangeofinformationassurancecapabilities.EmeSec–ConsultingfirmEmeSecincludesarangeofinformationassurancecapabilitiesforgovernmentcustomers.EWA-Canada–CanadianconsultingfirmEWA-Canadaincludesarangeofinformationassurancecapabilities.FidelisCybersecurity–FidelisCybersecurityprovidesinformationassuranceforenterprisecustomers.4Secure–Datadiodefirm4Secureoffersinformationassurance-relatedsolutionforUK-basedcustomers.GeneralDynamics–DefensecontractorGeneralDynamicsprovidestechnologyandinformationassurancesolutions.GoodHarbor–RichardClarke’sconsultingfirmincludesarangeofinformationassurancecapabilities.Harris–DefensecontractorHarrisprovidesavarietyoftechnologyandinformationassurancesolutions.HexSecurity–HexSecurityprovidesinformationassuranceconsultationtowardbothstrategicandcomplianceobjectives.IBM–IBMisalargetechnologyandprofessionalservicescompanythatoffersinformationassurancecapabilities.InfoDefense–InfoDefenseprovidessecurityconsultationfocusedoncompliance,informationassurance,andresponse.InformationAssuranceSolutions–InformationAssuranceSolutionsisaconsultancyprovidinginformationassurancesolutions.KEYW–HexisCyber,formedbyKEYWthroughacquisitionofSensage,providesinformationassurancesolutions.Kroll–Krollprovidesinvestigations,risk,andcybersecurityconsultingservicesforbusinessclients.Leidos–Leidosofferssolutionsinnationalsecurity,health,andengineeringincludingcybersecurity.LockheedMartin–LockheedMartinprovidesaportfolioofinformationassurancesolutionsincludingsupportforECS.Lunarline–Arlington-basedfirmLunarlineoffersproductsandserviceswithinformationassurancecapabilities.MagalS3–DefensecontractorMagalS3providesavarietyoftechnologyandinformationassurancesolutions.MandalorianSecurity–MandalorianSecurityprovidesinformationassuranceservicesinEMEAandAsiaPacific.ManTech–Mantechincludesarangeofinformationassurancecapabilities,includingactivegatewaytrafficanalysis.MerlinInternational–MerlinInternationalisaproviderofITandcybersecuritysolutionsforFederalGovernment.MITRE–MITREisaFederally-fundedResearchandDevelopmentCenterwithstronginformationassurancecapabilities.NCCGroup–NCCGroupofferssecuritytestingandinformationassuranceincludingescrow,consulting,anddomainservices.NetwarDefense–NetwarDefenseisanSBAproviderinMarylandofITandcybersecuritysolutionsforFederalGovernment.NetworkSecuritySystemsPlus–NetworkSecuritySystemsPlusprovidesinformationassurancefocusedonGovernment.NewberryGroup–NewberryGroupisaproviderofITandcybersecuritysolutionsforFederalGovernment.NEXOR–NEXORprovidessecuritysolutionsforinformationexchangeandinformationassurance.NJVC–Virginia-basedNJVCisaproviderofITandcybersecuritysolutionsforFederalGovernment.NorthropGrumman–DefensecontractorNorthrupGrummanprovidestechnologyandinformationassurancesolutions.NorthstarGroup–NorthstarGroupisaproviderofITandcybersecuritysolutionsforFederalGovernment.Patriot–Patriotprovidesinformationassurancesolutionsincludinginfrastructureprotectionandmobilesecuritysolutions.PivotPointSecurity–PivotPointSecurityprovidesinformationassuranceincludingpenetrationtestingandethicalhacking.QinetiQ–BritishdefensecontractorQinetiQprovidesavarietyoftechnologyandinformationassurancesolutions.Raytheon–DefensecontractorRaytheonprovidesavarietyoftechnologyandinformationassurancesolutions.Referentia–Referentiaprovidesinformationassuranceandmanagedsolutionswithemphasisongovernmentcustomers.RenaissanceSystems–RSIsupportsinformationassurance,cloudintegration,networkdesign,andotherservices.SAIC–DefensecontractorSAICprovidesavarietyoftechnologyandinformationassurancesolutions.SecureNation–SecureNationprovidesITsecurityandinformationassurancethroughpartnershipswithtechnologyvendors.SecureWorx–SecureWorxprovidessecuredatacentresolutionsforAustraliangovernmentcustomers.SoteraDefenseSolutions–DefensecontractorSoteraprovidesavarietyoftechnologyandinformationassurancesolutions.SphereCom–SphereComprovidesavarietyoftechnologyandinformationassurancesolutions.StrategicCyberSolutions–StrategicCyberSolutionsprovidesUSGovernmentwithcyberintelligenceandclouddataanalytics.SwainTechs–SwainTechsprovidesengineering,managedservices,andinformationassuranceconsultingservices.TangibleSecurity–TangibleSecurityprovidessecurityconsultingincludingassessmentsandvirtualCISOforgovernment.TASC–DefensecontractorTASCprovidesavarietyoftechnologyandinformationassurancesolutions.TDI–SecurityconsultingfirmTDIprovidesavarietyoftechnologyandinformationassurancesolutions.TechGuardSecurity–ITservicesfirmTechGuardprovidesavarietyoftechnologyandinformationassurancesolutions.TecSec–TecSecprovidesinformationassuranceforaccesscontrolenforcedthroughencryptionandkeymanagement.Telos–CybersecuritysolutionsandsecuremobilityfirmTelosoffersinformationassurancesolutions.TemplarShield–TemplarShieldprovidesarangeofsecurityconsulting,managedsecurity,andrecruitingservices.TenacitySolutions–Reston-basedITservicesfirmTenacitySolutionsoffersinformationassurancesolutions.Thales–TheThalesGroupisaFrenchmultinationaldefenseandspacecontractorthatofferscybersecuritysolutions.
Unisys–Unisysisatechnologycompanythatincludescybersecuritysolutionsforenterprisecustomersandgovernment.VanDykeTechnologyGroup–VanDykeTechnologyGroupisaconsultingfirmthatoffersinformationassurancesolutions.VariQ–VariQisaWashington-basedITandcybersecurityconsultingfirmthatoffersinformationassurancesolutions.VencoreLabs–FormerlyknownasACS,thisdivisionofVencorefocusesonR&Dprojectsincludinginformationassurance.VerisGroup–VerisGroupprovidesinformationassuranceconsultingwithemphasisonFederalGovernmentcustomers.Verizon–VerizonincludesinformationassurancesolutionsforFederalGovernmentcustomersinitsportfolio.Vistronix–VistronixspecializesinBigDataanalysissolutionsincludingaspecializedfocusoncyberspaceandSIGINToperations.Widepoint–Widepointprovidescybersecurityservicesforenterpriseandgovernmentwithemphasisonidentitymanagement.ZRA–LeeZeichner’sconsultingfirmincludesinformationassuranceservicesforFederalGovernmentandcommercialclients.Control45:ManagedSecurityServicesManagedsecurityservices(MSS)involvethestaff,tools,resources,capabilities,andsupportinginfrastructurerequiredforasolutionvendortoacceptoutsourcedresponsibilitiesfordesignated,day-to-daycyberprotectionfunctionalityforacustomer.MSSbeganwithremotemanagementoffirewalls,andhassinceburgeonedintoamultibillion-dollarindustrywithawiderangeofsolutionsofferedtocustomers.Thecanonicalset-upinvolvesabusinessmakingthedecisionthattheadministration,care,operation,andresponsefunctionsforasubsetofitssecurityinfrastructurewouldbebetterservedbyanexternalMSSentity.DecidingwhichsubsettooutsourcetoanMSSislargelyadhocdecision,drivenasmuchbywhatisbeingofferedbymanagedprovidersasbyanylogicalanalysisofinsourcingversusoutsourcing.Thegoodnewsisthatcloud-basedarchitecturesanddistributed,virtualizedsystemswillchangeallofthis,simplybecausecomputingandnetworkingaremovingtowardanoutsourcemodel.SuchtransitionisacceleratedbytheInternetserviceproviderswhoaredevelopingandnowofferingsoftwaredefinednetwork(SDN)services,whichlendwelltoservicechainingofvirtualsecurityappliancefunctionality.TheresultisthatMSSwillshiftfromtraditionalhardwaremanagementtoavirtualizedoperationembeddedinhybridcloudarchitecturesandpoweredbySDNservices.Thiswilladvantagethelargercloud,Internet,andmobileserviceproviderssincetheywillpossesstheunderlyinginfrastructure,andlayeringsecuritycapabilitiesasadd-onsshouldbestraightforward.ExpecttobepointingandclickingsoononanISPorcloudserviceprovider’sportalasthenewprovisioningmechanismforobtainingamanagedsecuritysolution.GeneralOutlookThegeneraloutlookformanagedsecurityservicesinvolvestransitionfromhardwaredeployedmanuallytoacustomerDMZforremotemanagementtovirtualizedinfrastructurewithself-supportedautomation.Thetransitionwillalsoinvolveashiftfromearly,reactiveup-downmanagementofdevicestomodern,situationallyawareandvirtuallycontrolledsoftwaredeployment.FirstgenerationMSSfrom1998to2007involvedearlyIDSandfirewallmanagementservices,performedremotelyfromaphysicalcentertothecustomerperimeterwithhumanMSSanalyststryingtomakesenseofthesecurityalarmandlogs(andmostlyfailing).SecondgenerationMSSfrom2007to2016involvedcontinuedattemptstoimprovefirstgenerationservices,butneverfullyrealizingthegoalofremoteperimeterprotectionforonemainreason:Perimetersdon’twork.MSSteamstriedhardduringthisperiodtoautomatetheirservicestowardmorereal-timefocus,andtheydeservecreditforimprovingtheirabilitytostopattacksmoreproactively.Duringthelatterportionofthisperiod,earlyhybridcloud
architectureswithreduceemphasisonhardwarebegantoinfluenceMSSdesign.Thegradualdissolutionoftheperimeterbecameevidentduringthisperiodaswell.ThirdgenerationMSSfrom2016to2025willexperiencetwodramaticallydifferentshifts.First,thetraditionalhardware-basedmanagementofperimeterdeviceswillfinallysunset.MSSteamswhostubbornlyholdontorevenuefrommanagedfirewalldealssignedadecadeearlierwillcometoregretthisdecision.Second,virtualizedMSSsolutionsbuiltonSDNinfrastructurewillseemassive,exponentialgrowth.Withthisvirtualizationwillcomethereal-time,automatedcontrolofvirtualworkloadsinthecloudthatMSSteamsweretryingsohardtoachievewithhardware-basedmanualconfigurations.ExpecttoseeintegrationofthesevirtualMSSsolutionswithcloud-basedsecuritysuchasmicro-segmentationandCASBs.
Figure45.2018ManagedSecurityServicesOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,becausetheunderlyinginvestmentsincloudandSDNfromthelargeprovidesiswell-underway.ThisprovidesanattractivebaseonwhichvirtualsecuritycanbedeployedforMSSsolutions.ItispossiblethatmostsecuritycapabilitiesinfuturevirtualenterprisenetworkswillbedeployedviaportalandcontrolledbyautomatedMSStoolsfromyourcloudorserviceprovider.Thiswillhavesubstantiveimplicationsonhowfuturesecuritycapabilitiesaredeliveredtocustomers.AdviceforEnterpriseSecurityTeamsThisisagoodtimetotakeinventorywithyourITandnetworkpartnersofyourtransitionprogresstowardadistributed,virtualizedinfrastructure.Assumingthisisunderway–andifyou’vemovedsomefunctionstocloud,thenitisunderway–thenyoushouldbedevelopingasecurityarchitectureroadmapforsuchshift.MSSprovidersarepotentiallyexcellentpartnerstohelpyouachievethisobjective.SitdownwithyourISPandcloudserviceprovidersandaskthemtoeducateyourteamonhowfuturevirtualizedMSSwillwork.Youwillfindthatsomepowerfulcapabilitiesareavailabletoday.RegardingexistingperimeterMSSdeals,myadviceistoeitherplantotransitionfromyourexistingperimeter,or(ifyouarestubborn)atleastnegotiateabetterdealthanyouhavenow.Expectpricesforperimeterhardwaremanagementtoincreaseasfewercompanieschoosethisoption,soyoumightaswelllockinagooddealifyouexpecttoremainonthisTitanicdeckforseveralmoreyears.
AdviceforSecurityTechnologyVendorsIfyouprovideMSSsolutionstoday,thenyouhavetheunenviableproblemofoldrevenuefromahardwarebasethatwillbesoonreplacedwithnewrevenuefromasoftwarebase.Whethertheformerislargerorsmallerthanthelatterwillbebasedonhowcleverlyyounavigatethisshift.Thetruthisthatlargerproviders,especiallyISPs,haveahugeadvantagewiththeirexistinginfrastructure.Itistemptingtosaythatlight,virtualcapabilitiesmightallowsmaller,morenimbleoperatorstogetintotheMSSindustry–andsomeofthisistrue.ButtheabilitytoprovisionsecurityappliancesintothenorthboundinterfaceofISPSDNcontrollers,forexample,seemsthesimplest,easiestwaytoofferfullMSS.Cloudprovidersalsohaveahugeadvantagewiththeirabilitytolightlydeploysecurityappliancesintolocalrun-timeenvironmentsthatcanbemanagedwithautomatedtools.CreativeentrepreneursinterestedinMSSsolutionswouldbeadvisedtofocusongreattechnologyandadvancedsolutions,andtoperhapsconsiderpartneringwiththeISPsandcloudproviders.Ifthereisanysilverliningforthesmallervendors,itisthattheISPsandcloudproviderswillremainopenandeagertoembed,integrate,andacquireclevertechnologyfrommorenimblestart-ups.So,thereiscertainlyroomfornewMSSofferingstofindawaytothriveandgrow.ListofSupportVendorsAboveSecurity–AboveSecuritydeliversmanagedandITsecurityservicesincludingNIDS,HIDS,andloganalysis.Accenture–AccentureOperationsoffersmanagedcyberdefense,managedidentity,andmanagedcompliance.AlertEnterprise–AlertEnterpriseprovidesinfrastructureprotectionthroughGRCmanagementandcontinuousmonitoring.AlertLogic–AlertLogicoffers24by7monitoringandaresearchteamaspartofitsmanagedcloudsecurityservices.Allstream–Allstreamoffersarangeofvoice,IP,andunifiedcommunications,includingmanagedsecurityservices.Arcon–Brazilianfirm,Arcon,isamanagedsecurityservicesproviderservingenterprisecustomersinLatinAmerica.AT&T–AT&Tprovidesmanagedsecurityincludingnetwork-basedandSDN-residentprotectionsforbusinessandgovernment.AuraInformationSecurity–AuraInformationSecurityofferssecurityconsultingandmanagedsecurityservicesinNewZealand.BAESystems–BAESystemsprovidescloud-basedenterprisemanagedsecurityservicesincludingsecure,hostedemail.BellCanada–BellCanadamarketsmanagednetworkprotectionservicesforWeb,email,DDOS,andidentity.BinarySEC–FrenchfirmBinarySEC,providesamanagedsecuritysolutiontoreducethethreatofattackstoWebsites.BT–BTManagedsecurityincludesDDOS,cloud,firewall,andeventmonitoring.CenturyLink–CenturyLinkBusinessprovidesmanagedfirewallservicesandmorecomprehensiveemailandURLsecurity.ChinaTelecom–ChinaTelecomisastate-ownedproviderofphone,Internet,mobile,andmanagedsecurity.Clone–CloneSystemsisanMSSPofferingcontinuousmonitoring,securecloud,scanning,andsecurityconsulting.ControlScan–ControlScanprovidesarangeofmanagedsecurityservicesandcompliancesupportsolutions.CSC–CSCsupportsmanagedsecurityservicesfordatacenter,endpoint,network,andapps.CyberEngineeringServices–CyberEngineeringServicesprovidesmanageddataprotectionservicesforSMBDarkMatter–DarkMatteroffersprofessionalandmanagedsecurityservicesandsolutionsinAbuDhabi.Datapipe–Datapipeoffersmanaged,hosting,andcloudservices,includingmanagedsecurity,compliance,andresaleservices.Deloitte–Deloittefocusesonaudit,finance,tax,andconsulting,includingriskandcomplianceservices,aswellasMSSDeutscheTelecom–DeutscheTelekomoffersarangeofmanagedandnetwork-basedsecurityservices.DMXTechnologies-Inadditiontomedia,ICT,andmobileSaaS,HongKong-basedDMXoffersMSSandconsulting.Earthlink–EarthlinkprovidesInternetservicesincludingsecurityservicesforresidentialandbusinesscustomersintheUS.EWA-Canada–EWA-CanadaprovidesinformationassuranceinCanadaincludingmanagedsecurityservices.ForegroundSecurity–ForegroundSecurity,nowpartofRaytheon,providesvirtualSOC,MSS,andthreatintelligence.GBprotect–GBprotectisanMSSPofferingsecurityoperationsandapplicationsmanagementaswellasconsulting.TheHerjavecGroup–TheHerjavecGroupspecializesinnetworksecuritymanagedservicesandconsulting.IBM–IBMoffersarangeofMSSaccessibletocustomersthroughacommonSecurityOperationsPortal.IglooSecurity–IglooisaKoreancompanythatprovidesmanagedsecurityservicesincludingSIEMmanagement.Kernel–Kernelprovidesmanagedandnetworksecurityaswellaspenetrationtestingandsecurityaudit.Level3–Colorado-basedtelecommunicationsfirmLevel3offersarangeoftraditionalmanagedsecurityservices.Masergy–Plano-basedMasergyprovidesarangeofenterprisenetworkingsolutionsincludingadvancedmanagedsecurity.
MegaPath–MegaPathprovidesvoice,data,andbroadbandtelecommunicationsincludingmanagedsecurityservices.MyDigitalShield–MyDigitalShieldprovidesnetworksecurityservicesforsmallandmedium-sizedbusinessmarket.Netsurion–Netsurionprovidesmanagedsecurityservices,mobileaccess,andcompliancesolutionsforenterprisecustomers.NTTCommunications–JapanesetelecommunicationsfirmNTTCommunicationsprovidesarangeofmanagedsecurityservices.OrangeBusinessServices–HeadquarteredinFrance,OrangeBusinessServicesincludesamanagedsecurityserviceoffering.Paladion–LocatedinIndia,PaladionoffersMSSandarangeofriskmanagement-basedconsultingservices.Proficio–Proficiooffersadvancedcloud-basedmanagedsecurityserviceswithSIEMandSOC-as-a-service.QuadrantInformationSecurity–Quadrantprovidessecurityconsulting,MSS,andenterprisesecuritymanagement.RookSecurity–RookSecurityprovidesadvisoryservices,managedsecurityservices,andsolutionintegration.SAVANTURE–SAVANTUREprovidesMSSandconsultingincludingSIEM,vulnerabilitymanagement,andauthentication.SecureWorks–SecureWorks,whichhasbeenintheMSSbusinesssince1999,basesitsservicesonitsCounterThreatPlatform.SecurityonDemand–SanDiego-basedSecurityonDemandoffersmanagedsecuritysolutionsforenterpriseandcloud.Sentor–ThecompanyprovidesITsecurityincludingnetworkprotection,logmanagement,andvulnerabilitymonitoring.Solutionary–Nebraska-basedSolutionaryoperatesasaseparatesubsidiaryofNTT,offeringmanagedsecurityservices.Sword&Shield–Sword&Shieldprovidesarangeofmanagedandprofessionalcybersecurityservices.Symantec–Symantecincludesarangeofmanagedsecurityservicesinitsextensivesecurityportfolio.TaTaCommunications–TaTaisanoutsourcingandtechnologyfirmthatincludesmanagedsecurityservices.TechMahindra–TechMahindraisanoutsourcingandservicescompanythatincludesaninformationsecurityservicespractice.Telefonica–TelefonicaisaSpanishtelecommunicationscompanythatincludesamanagedsecurityservicesoffering.TELUS–TELUSisaglobaltelecommunicationscompanyinCanadathatoffersarangeofmanagedsecurityservices.TrustWave–TrustWaveisasecuritycompliancefirmthatincludesmanagedsecurityservicesincludingsupportforSMB.2Keys–2Keysprovidesarangeofmanagedandprofessionalserviceswithuserauthenticationandidentityattributes.Verizon–LargeUS-basedtelecommunicationsfirmVerizonincludesatraditionalrangeofmanagedsecurityservicesoffers.Vigilant–Vigilantprovidescybersecurityservicesincludingmanagednetworksecurity,managedendpoint,andconsulting.VijilanSecurity–Vijilanoffersarangeofmanagedsecurityservicesincludingmonitoringandincidentresponse.Wipro–OutsourcingandtechnologyfirmWiproincludesawiderangeofmanagedsecurityservices.XOCommunications–XOCommunicationsisatelecommunicationsfirmthatoffersarangeofmanagedsecurityservices.Control46:SecurityConsultingSecurityconsultinginvolvesprofessionalservicesdeliveredfromexpertstoenterprisecustomerswhorequireguidance,assistance,advice,orstaffingoftheircyberprotection-relatedworkactivities.Securityconsultingservicesaredeliveredinasmanywaysasconsultantsandpotentialcustomerscaninvent,sotherearenotrulycompletetaxonomiestocaptureallformsofthesetailoredengagements.If,forexample,youhavesomespecialskillincybersecurityandsomeoneiswillingtopayforit,thenyoucanserveasasecurityconsultant.Similarly,evenifyouhaveweakcybersecurityskills,butyoucancompensatebybeinghelpful,organized,andcheap,thenyoucanalsobeasecurityconsultant.Itisawide-openfield,whichisgoodnewsforbuddingconsultants,butterriblenewsforthebuyingenterprise.Onebroadviewofthesecurityconsultingindustrymightbedepictedasfollows:
• High-LevelExecutiveAdvice–Thisisdeliveredbythemostdistinguishedexpertstoseniorleadershipandusuallyinvolvesadviceandguidanceonthebusinessimplicationsofcyberrisk.RiskpresentationstoboardsorstrategicsecurityplansforCEOsareexampledeliverableinthiscategory.
• Mid-LevelStrategicDelivery–Thisinvolvesprojectworkbyexpertsforenterprisesecurityteamswithspecificneedsinsomeaspectoftheirday-to-daycybersecuritywork.WritingsecuritypolicyrequirementsorreviewingGRCplansareexampledeliverablesinthiscategory.
• Low-LevelTacticalSupport–Thisinvolvestemporaryorday-to-daycybersecuritysupportfromavailablestafftoaugmentexistingprojectteamsanddeliversometacticalresult.ProvidingstafftoperformatediousinventorytaskortoaugmentaCISOteamwithentry-levelworkersareexampledeliverablesinthiscategory.
Securityconsultingwillgrowsteadilyinthecomingyearswithmoreintenserecognitionofrisk,sothatisgoodnewsfortheindustry.ThegrowthshouldbespreadevenlyamongstlargerconsultingteamswhowillbenefitfromBoardsandC-suiteattention,andsmallerconsultingteamswhowillbenefitfromSMBneedsinthisarea.Domainexpertisewillalsocommandapremiuminthecomingyears.GeneralOutlookThegeneraloutlookforsecurityconsultingsolutionsinvolvestransitionfrommostlygeneralized,high-levelconsultantswithbroadskillsetstotheavailabilityofmoredomain-knowledgeableconsultantswhocanhelpclientsdealwithsecurityrequirementsinIoT,ICS,mobility,cloud,Dev/Ops,andotherdomain-specificareas.Firstgenerationsecurityconsultingfrom1998to2007involvedsimple,basicassessmentssuchasscansandtestsfromavarietyofavailablesourcesincluding(sadly)manynon-expertsofferingweakadvicethatwasconsistentwithnobestpracticestandards.Secondgenerationsecurityconsultingfrom2007to2016involvedimprovedassessmentsofhigherqualityfocusedondiscoveringandmakingvisiblesecurityissues.Adviceduringthisperiodwasmuchbetterasexpertsemergedinthefield,butnocommongenerally-acceptedbeststandardsforconsultingservicesemergedotherthanthosedrivenbyframeworkssuchasPCIDSSorNIST.Thirdgenerationsecurityconsultingfrom2016to2025willseemuchimprovedserviceswithdomainexpertiseavailableincloud,mobile,andvirtualinfrastructure.Moreexpertswillbeavailable,andhopefully,moreprofessionalstandardsandgenerallyacceptedpracticeswillemerge.
Figure46.2018SecurityConsultingOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,sincetheexpectationhereisjustacontinuationofwhat’sbeenanon-goingtrendnowforyears:Namely,agradual
increaseinthequalityanddomain-specificityofconsultingfromagrowingnumberofavailableexperts.AdviceforEnterpriseSecurityTeamsTheadvicehereistoselectyoursecurityconsultantscarefully,sincerelevantexperience,domainexpertise,andhighintegrityarethemostimportant,yetdifficulttodetermine,characteristicsofagoodconsultant.Askaroundbeforeengaginganyconsultant.Hundredsofmillionsofdollarsarewastedeveryyearonconsultantswhohavenoideawhattheyaredoing,andmightbetrainingtheirteamonyournickel.Itisalsodifficulttogradeanycompanyontheirconsultingprowess,becauseyoucouldbeassignedaweakrookiefromagreatfirmoranexperiencedveteranfromatinyboutiquestart-up.Hiretheconsultant,ifpossible,ratherthanthefirm–andyou’llendupwiththebestresults.AdviceforSecurityTechnologyVendorsIncreasingly,thenon-technicalattributeofhavinghighintegrityismorevaluableinconsultingthananyotherpersonalcharacteristic.Whatthismeansisthatinhiring,training,orcoachingyourconsultants,focusondevelopingstrongcharacter,honesty,anddependabilitymorethananythingelse.You’llfindthattechnicalcyberskillswillbeinmuchgreatersupplyinthecomingyears(contrarytoallthepublishedreportsontheInternetaboutgapsinskills).Youwillhavethushavelesstroublethanyouhavenowinfindinggoodconsultantsforyourteam.Whatthismeansisthatintegritywillbethemaindifferentiatorinestablishingasuccessfulconsultingteam.Establishareputationasanhonestfirmthatoffersgoodservicesdeliveredontimeatreasonableprices–andyouwillbeatopcybersecurityconsultinghouse.Andyes,Iknowthisisgeneraladvice,butsecurityconsultingisanewsectorandthecharlatansstilllurk.ListofSupportVendorsABR-PROM–ABR-PROMprovidesvalueaddedreseller(VAR)securitysolutionsandIToutsourcingtocustomersinPoland.AccellisTechnologyGroup–TheCleveland-basedfirmoffersmanagedIT,legalconsulting,andcybersecurity/compliance.Accenture–Accentureprovidesglobalprofessionalservices,consulting,andoutsourcedservices,includingcybersecurity.ACROSSecurity–ACROSSecurityisaSlovenianproviderofpenetrationtestingandsecurity,assessment,andresearchservices.AdventIM–LocatedintheUK,AdventIMoffersarangeofcyberandphysicalsecurityconsultingservices.AnchorTechnologies–BusinessmanagementconsultingfirmAnchorTechnologiesislocatedinAnnapolis.ANX–ANXprovidesmanagedcomplianceandcollaborationservicesincludingPCIDSScomplianceandsecureconnectivity.Aon–Aonprovidesriskmanagementandinsurance,includingcyber.AonrecentlyacquiredStrozFreidberg.Ascentor–UK-basedAscentoroffersitscustomersarangeofinformationriskmanagementconsultingservices.AssureTechnical–AssureTechnicalprovidescyberandphysicalsecurityconsultingservicesincludingtraining.Assuria–AssuriaprovidessecuritysolutionsandmanagedSIEMsupportingsecurityoperationsandenterprisesecurityneeds.AsTechConsulting–AsTechprovidessecurityconsultingindiscovery,remediation,softwaredevelopment,andtraining.AtredisPartners–AtredisPartnersprovidessoftwaresecurityresearch,embeddedsecurity,andpenetrationtestingservices.Atsec–Austin-basedatsecprovidesarangeoflaboratoryandconsultingservicesininformationsecurity.AT&T–LargetelecommunicationsfirmAT&TincludesateamofexpertsecurityconsultantstocomplementMSSoffering.AttackResearch–AttackResearchprovidesarangeofsecurityconsulting,assessment,andtrainingservices.AujasNetworks–AujasNetworksprovidesriskandvulnerabilitymanagement,dataprotection,andIAMservices.AuraInformationSecurity–AuraInformationSecurity,partofKordia,offerssecurityconsultingandMSS.AuroraInformationSecurity&Risk–Auroraprovidesarangeofsecurityconsultingsolutionsforenterprisecustomers.AVeS–AVeSprovidesarangeofITconsultingfocusedondigitalinformationandinformationsecurity.Avnet–Avnetprovidessecurityconsultingserviceswithemphasisonhelpingcompaniessecuretheirdatabases.AxisTechnology–SecurityconsultingfirmAxistechnologyfocusesongovernance,entitlement,andbusinessrisk.AxxumTechnologies–AxxumTechnologiesisanITsecurityservicesandsolutionscompanyfocusedongovernmentcustomers.Azorian–AzorianCyberSecurityprovidesarangeofcybersecurityservicesforenterprisecustomers.
Bambenek–Illinois-basedBambenekoffersarangeofcybersecurityinvestigationsandconsultingservices.BanffCyber–BanffCyberprovidesasolutionforWebdefacementalongwithcomplementarysecurityconsultingoffers.BDOConsulting–AccountingandtaxfirmBDOConsultingincludesinformationsecurityandcomplianceservices.BHCLaboratory–BHCLaboratoryprovidesindependentsecurityconsultationandadviceforbusinesscustomers.BHConsulting–Ireland-basedBHConsultingoffersarangeofinformationsecurityconsultingservices.BishopFox–BishopFoxprovidescybersecurityconsulting,assessment,andtestingservicestoenterprisecustomers.Bitcrack–Bitcrackprovidesarangeofsecurityconsultingservicesforbusinesscustomersincludingpenetrationtesting.BitshieldSecurity–BitshieldsecurityprovidesITsecurityconsultingandtrainingforcustomersinthePhilippines.BitSight–BitSightprovidesasecuritypostureassessmentandratingfororganizationsbasedontheirvisiblebehavior.Blackfoot–Blackfootprovidesarangeofsecurityconsultantsincludingrisk,PCI,securityawareness,andotherareas.BoozAllenHamilton–TechnologyservicesandconsultingfirmBAHincludescybersecurityandinformationassurance.BugSec–LocatedinIsrael,BugSecoffersarangeofcyberandinformationsecuritytechnicalservices.BurnsandMcDonnell–BurnsandMcDonnellsupportsengineeringservicesincludingintegratedsecurity.CaliberSecurityPartners–CaliberSecurityPartnersprovidessecuritytechnicalandstrategicstaffingservices.CapstoneSecurity–CapstoneSecurityoffersservicesinapplicationsecurity,regulatorycompliance,andsecurityassessments.CarveSystems–CarveSystemsprovidessecurityconsultingandpenetrationtestingservicesforIoTdevices.CertifiedSecuritySolutions–CSSprovidessecuritysolutionsinPKI,encryption,andidentity,withemphasisonsecuringIoT.CGI–CGIprovidesglobalITconsulting,systemsintegration,andoutsourcing,includingapracticeincybersecurity.ChertoffGroup–MichaelChertoff’sconsultingandadvisoryservicesfirmoffershighendservicesincludingadviceonM&A.Cigital–Cigitalprovidesconsultinginapplicationandsoftwaresecuritydesign,development,andmaintenance.Cirosec–cirosecprovidessecurityconsultingandinformationsecuritysupportforenterprisecustomersinGermany.TheCISOGroup–TheCISOgroupoffersinformationsecurityconsultingwithanemphasisonPCIDSScomplianceissues.CMT–CMT,nowDataEndure,providessecurity,compliance,andarchivingforprotectingbusinesssensitiveinformation.Coblue–Coblueoffersasecuritybenchmarkplatformthatallowsorganizationstoassesssecurityposture.Comda–ComdaprovidesITsecurityservicesincludingbiometrics,accesscontrol,consulting,andVARintegration.CompliancePoint–CompliancePointprovidesarangeofcomplianceassessments,consulting,andmanagedIT.ComsecConsulting–ComsecConsultingprovidesarangeofsecurityprofessionalservicesforbusinesscustomers.ContentSecurity–ContentSecurityprovidessecurityconsultingandprofessionalservicesforenterprisecustomers.ContextIS–Context,partofBabcock,providessecurityconsultingandprofessionalservicesforbusinessclients.ContextualSecuritySolutions–ContextualSecuritySolutionsprovidesITsecurityandcomplianceconsulting.CriticalStart–CriticalStartprovidesinformationsecurityservicesaswellasresaleofselectsecurityproducts.CryptoNet–CryptoNetincludessecurityconsultingsolutionsforItaliancustomers.CSC–TechnologyservicesandoutsourcingsolutionsfirmCSCincludesarangeofcybersecurityofferings.CyberAlphaSecurityBV–CyberAlphaSecurityprovidesarangeofsecurityconsultingservicesincludingethicalhacking.CyberDefenseAgency–SamiSaydjari’sconsultingfirmCyberDefenseAgencyoffersarangeofsecurityprofessionalservices.CyberDefenseLabs–CyberDefenseLabsoffersvulnerabilityassessments,penetrationtesting,andcyberforensics.CyberInt–CyberIntsupportsintelligence,monitoring,andconsultingfocusedoninformationsecurityandcyberwarfare.Cyberis–Cyberisprovidesinformationsecurity,riskmanagement,andassuranceconsultingservicesandsolutions.CyberPointInternational–CyberPointInternationalprovidessecurityservicesandinformationassurance.CyberSecurityAgency–TheCyberSecurityAgencyofferssecurityconsultantswithethicalhackingexperience.CyberShieldConsulting–InformationtechnologyfirmCyberShieldConsultingofferscybersecurityconsulting.DarkMatter–DarkMatterprovidesarangeofprofessionalandmanagedsecurityservicesandsolutions.Datashield–DatashieldprovidessecurityconsultingandmanagedserviceswithemphasisonRSA/EMCproducts.DayZeroSecurity–DayZeroSecurityprovidessecurityservicesrangingfromresidentialuserstopoliceservices.DéjàvuSecurity–DéjàvuSecurityprovidesinformationsecurityresearchandconsultingservicesforenterprisecustomers.Deloitte–DeloitteincludescybersecurityofferingssuchasPCIDSSpre-audits.DeltaRisk–DeltaRiskprovidesstrategicadvice,consulting,andriskmanagementtogovernmentandbusinessclients.Delphiis–Delphiisprovidesanapplicationandservicessuiteforenterprise,includingriskmanagementasaservice.DepthSecurity–DepthSecurityprovidespenetrationtesting,Webapplicationsecurity,andnetworkaccesscontrol.DeutscheTelecom–DeutscheTelekomoffersarangeofmanagedandnetwork-basedsecurityservices.DigitalDefense–DigitalDefenseInc.(DDI)providesmanagedandSaaSriskassessment,aswellassecurityconsulting.Digivera–Digiveraprovidesinformationsecurity,managedservices,andtechnologyconsultingservices.DMXTechnologies–Inadditiontodigitalmedia,ICT,andmobile,DMXofferssecurityconsultingservices.EmaginedSecurity–EmaginedSecurityprovidesprofessionalconsultingservicesforinformationsecurityandcompliance.Enet1Group–Enet1GroupprovidessecurityservicesintheareasofSCADAandcriticalinfrastructure,andmobility.EnterpriseRiskManagement–EnterpriseRiskManagementprovidessecurityconsultingandtrainingservices.Espion–Espionprovidessecurityconsultingservicesincludinginformationgovernance,forensicsandeDiscovery,training.EWA-Canada–EWA-CanadaprovidesinformationassuranceinCanadaincludingriskmanagementandsecurityservices.
EY–EYincludesarangeofcybersecurity,audit,andcyberadvisoryservicesforclients.EYacquiredMycroftin2015.Fortalice–Fortegoprovidessecurityconsultationandtrainingservicesforbusinessandgovernment.4Secure–4SecureprovidessecurityconsultingandtrainingservicestocorporateandpublicsectorclientsacrossEurope.TFoxIT–Fox-ITcombineshumanintelligencewithtechnologytoprovidesecuritysolutionsandtrainingforcustomers.FRSecure–CybersecurityconsultingfirmFRSecurespecializesincompliance,standards,andregulatorysolutions.FTIConsulting–FTIisaglobalbusinessadvisorycompanywithapracticeinforensicconsultingandeDiscoveryservices.Galois–ExpertteamGaloisusesmathematicsandcomputersciencetosolveproblemsintechnologyandcybersecurity.GeneralDynamics–GeneralDynamicsisadefensecontractorwithcybersecurityandinformationassurancecapability.GlobalCyberRisk–GlobalCyberRisk(GCR)providesadvisorytobusinessandgovernmentinprivacyandsecurity.GoodHarbor–RichardClarke’sconsultingandadvisoryfirmGoodHarboroffershigherendservicesincludingM&A.GoSecure–CanadianfirmGoSecureprovidesarangeofsecurityconsultingandmanagedsecurityservices.GrantThornton–LargeaccountingfirmGrantThorntonoffersprofessionalservicesincludingcyberandcompliance.GuidepostSolutions–GuidepostSolutionsprovidesconsultingservicesincludinginvestigation,compliance,andmonitoring.HalockSecurityLabs–HalockSecurityLabsprovidessecurityconsultingincludingpenetrationtestingandassessment.H-BarCyberSolutions–H-BarCyberSolutionsprovidessecurityconsulting,compliance,andsecuritytrainingservices.TheHerjavecGroup–TheHerjavecGroupspecializesinnetworksecuritymanagedservicesandconsulting.HexSecurity–HexSecurityprovidessecurityconsultationservicestowardbothstrategicandcomplianceobjectives.HoldSecurity–HoldSecurityprovidesconsultingservicesandthreatintelligenceforbusinessclients.IBM–IBMofferscybersecurityconsultingsolutionsinitssuiteofproductsandservices.ImagineCyberSecurity–InformationsecurityassessmentsareavailablefromImagineCyberSecurity,foundedin2014.Immunity–Florida-basedImmunityprovidessecurityconsultingservicesincludingassessmentsandpenetrationtesting.IncludeSecurity–IncludeSecurityoffersinformationandapplicationsecurityassessment,advisory,andconsultingservices.InfoDefense–InfoDefenseprovidessecurityconsultationinregulatorycompliance,informationassurance,andresponse.InfoGuard–InfoGuardprovidesICTsecurityproducts,professionalservices,andmanagedsecurityforbusinesscustomers.infoLock–infoLockprovidesinformationsecurityconsulting,integration,andvalueaddedresale(VAR)services.Infosys–InfosysprovidesITconsulting,technologyandoutsourcingservicesincludingarangeofinformationsecuritysolutions.InfoWatch–InfoWatchincludesinternationalcompanies,InfoWatch,Kribrum,EgoSecure,andAppercut.InGuardians–InGuardiansisasecurityconsultancyofferingaudit,penetrationtesting,andrelatedservices.IntellectSecurity–IntellectSecurityprovidesdatasecurityandencryptionforenterpriseandcloudusinganetworkofpartners.Interhack–Interhackprovidesarangeofcomputer-relatedprofessionalserviceswithemphasisonsecurityassessments.Intrinium–Intriniumoffersarangeofcybersecurityconsultingandmanagedsecurityservices.IOActive–ResearchgroupIOActivefocusesonofferingservicesrelatedtohardware,software,andsystemssecurity.IPVSecurity–IPVSecurityprovidessecurityconsultingservicesfocusedoncompliance,monitoring,management,andaudit.IRM–IRMisaUK-basedfirmofferingarangeofsecurityconsultingandriskmanagementservices.ITsecSecurityServices–ITsecSecurityServicesprovidesITsecurity-relatedconsultationservicesintheNetherlands.ITSecurityExperts–ITSecurityExpertsisaUK-basedsecurityconsultingorganizationfocusedonauditsandtraining.Jacadis–Ohio-basedJacadisprovidesarangeofcybersecurityconsultingservicestobusinessclients.justASC–justASCprovidessecurityconsultingfocusedonthreatmanagement,securearchitectureandincidentresponse.Kindus–KindusisaninformationsecurityandservicesconsultingfirmlocatedintheUnitedKingdom.KLCConsulting–KLCConsultantsofferssecurityassessments,third-partyriskmanagement,andsecurityengineering.KnoxCorps–TheKnoxCorpsprovidesconsultingsolutionswithemphasisonregulatorycompliance.KoreLogic–KoreLogicprovidespenetrationtesting,applicationsecurityassessment,andthreatmodeling.KPMG–KPMGprovidesawiderangeofprofessionalservicestobusinessclients,includinginformationsecurity.Kroll–Krolloffersarangeofinformation,physical,andinvestigativesecurityprofessionalservices.K2Intelligence–K2Intelligenceprovidesinvestigative,integrity,andanalyticconsultingincludingforensics.LarsonSecurity–LarsonSecurityprovidescybersecurityservicesincludingdigitalforensicsandincidentresponse.LBMC–LBMCInformationSecurityoffersarangeofsecurityconsultingservicesincludingpenetrationtesting.Leidos–FormerlypartofSAIC,Leidosoffersarangeofinformationassuranceandcybersecurityservices.LeviathanSecurityGroup–LeviathanSecurityGroupisaninformationsecurityandriskmanagementconsultingfirm.LondonCyberSecurity(LCS)–CybersecurityconsultancyfirmLondonCyberSecurityservesglobalinsurancemarkets.MandalorianSecurity–MandalorianprovidesinformationassuranceandadvisoryservicesinEMEAandAsiaPacific.Marsh–Marshprovidesinsuranceproductsandrelatedprofessionalservicesincludingseveralcybersecurityofferings.MavenSecurity–MavenSecurityprovidessecurityconsultingservicesincludingWebandnetworksecurityassessments.McKinsey–McKinseyofferstechnologyandbusinessadvisoryservicesincludingenterpriseandITsecurityriskconsulting.MindedSecurity–MindedSecurityprovidessoftwaresecurityconsultingaswellasapplicationsecuritytestingtools.MindPoint–Virginia-basedMindPointoffersarangeofinformationsecurityconsultingandengineeringservices.MKA–MKAprovidessecurityconsultingservicesincludingSOCandvSOCcapabilitiesforpublicandprivatesectorcustomers.Navixia–Navixiaprovidesarangeofsecuritytechnicalandadvisoryservicesincludingauditandtraining.
NCCGroup–NCCGroupistheparentcompanyofseveralcybersecurityfirmsincludingiSecPartners.NetSPI–NetSPIprovidessecurityprofessionalservicesandpenetrationtestingforitscustomers.nGuard–nGuardprovidesarangeofprofessionalservicesincludingpenetrationtestingandsecurityassessment.NisosGroup–NisosGroupprovidespenetrationtesting,riskadvisory,andcybersecurityconsultingservices.NorthcrossGroup–NorthcrossGroupprovidesmanagementandtechnologyconsultingincludingcybersecurity.NTTSecurity–NTTSecurityprovidesPCIQSAservices,securesoftwareconsulting,andcompliancesupport.NuHarbor–NuHarborisacyberandinformationsecurityconsultingservicesfirmlocatedinBurlington,Vermont.ObsidianAnalysis–Obsidianprovidesmanagementconsultingandprofessionalservicesinhomelandsecurityandintelligence.OneWorldLabs–OneWorldLabsprovidesthreatintelligenceandrelatedsecurityserviceswithemphasisonbrandprotection.OptimalRiskManagement–Optimalprovidesriskandsecurityconsultingservicesforbusinessandgovernmentclients.Optiv–ValueaddedresellersecuritysolutionsproviderOptivincludessecurityadvisoryconsultingservices.Orange–OrangeBusinessServicesisaglobalintegratorofcommunicationssolutionsincludingcybersecurityservices.TheOxmanGroup–TheOxmanGroupprovidescybersecuritymanagementconsultinganddataforensics.PAConsulting–LondonfirmPAConsultingspecializesinconsulting,technology,andinnovation.Paladion–RiskadvisoryandconsultingfirmPaladionprovidesintegratedSOCmanagement,risk,andcompliance.PaloAltoNetworks–ConsultingfromPANincludetraining,testing,proofofconcepttesting,andconfigurationaudits.ParameterSecurity–ParameterSecurityisatechnicalsecurityauditandethicalhackingfirmspecializinginfinancialservices.PatchAdvisor–PatchAdvisorprovidessecurityconsultingservices,includingpenetrationtesting,toenterprisecustomers.PatriotTechnologies–Frederick-basedPatriotTechnologiesprovidesinformationandnetworksecurityservices.Pentura–Pentura,nowpartofInteliSecure,providespenetrationtesting,managedservices,andGRCservices.Phirelight–PhirelightoffersasuiteofITsecurityconsultingandcybersecurityprotectionsolutions.PhishLabs–PhishLabsprovidesarangeofsecurityservicesfocusedondetectingandpreventingphishing-relatedthreats.PhoenixDataSecurity–PhoenixDataSecurityprovidessecurityconsultingserviceswithfocusondatalossprevention.PivotPointSecurity–PivotPointSecurityprovidessecurityconsultingservicesincludingpenetrationtestingandethicalhacking.Portcullis–Portcullissecurityconsultingservicesincludingpenetrationtestingandthreatanalysis-basedresponse.Praetorian–Praetorianofferssecurityconsultingservicesfocusedonapplications,mobile,andnetwork.Prevalent–Prevalentprovidessecurityconsultingsolutionsincludingcomplianceandthird-partyvendorriskmanagement.ProactiveRisk–ProactiveRiskprovidescybersecurityservicesincludingsecuritytestingandresponseplanning.ProfitStars–ProfitStarsprovidesprofessionalservicesincludinginformationsecurityandriskmanagementconsulting.Protiviti–ProtivitiprovidesbusinessconsultingservicesincludedGRC,audit,andriskmanagement.Provensec–Provensecprovidessecurityconsultingandpenetrationtestingservicesformid-sizedbusinesses.PUNCH–PUNCHisaboutiquecyberconsultingfirmofferingsecurityanalyticsupportforthreatmanagement.PwC–PwCisamultinationalprofessionalservicescompanythatincludesacybersecurityconsultingoffering.QuadrantInformationSecurity–Quadrantprovidessecurityconsulting,managedsecurity,andsecuritymanagement.RANE–RANEconnectssubjectmatterexperts,includingincybersecurity,withsubscribersrequiringassistance.RavenEye–RavenEyeprovidessecurityconsultingincludingethicalhacking,PCIDSSQSAservices,andpenetrationtesting.RazorpointSecurityTechnologies–Razorpointprovidessecurityconsulting,professional,andmanagedservices.ReactionInformationSecurity–Reactionprovidessecurityconsultingserviceswithemphasisonpenetrationtesting.Redspin–Redspin,nowpartofAuxilio,providespenetrationtesting,applicationsecurity,andauditservices.RedTigerSecurity–RedTigerSecurityofferssecurityconsultingandtrainingserviceswithemphasisonICS/SCADAsecurity.ReliaQuest–ReliaQuestoffersarangeofsecurityconsultingservicesfocusedonassessment,protection,andmanagement.RhinoSecurityLabs–RhinoSecurityLabsprovidessecurityconsultingservicesincludingpenetrationtesting.RidgeGlobal–RidgeGlobalprovidessecurityprofessionalservicesincludingcyberinsuranceprotectionforbusiness.Risk-BasedSecurity–RiskBasedSecurityprovidesvulnerabilityintelligence,training,andcyberriskanalytics.RiskSense–RiskSenseprovidesavulnerabilitymanagementplatformalongwitharangeofsecurityservices.Rofori–RoforiprovidesacapabilityformanagingcyberriskconsistentwiththeNISTCybersecurityFramework.RokaSecurity–RokaSecurityprovidesnetworkreviews,vulnerabilityassessments,andsupportforincidentresponse.RookSecurity–RookSecurityisasecurityandadvisoryconsultingfirmwithmanagedsecurityservicesandsolutionintegration.Root9b–root9bprovidesadvancedcybersecuritytrainingandconsultingalongwithregulatoryriskmitigationservices.SafeCipher–SafeCipheroffersarangeofsecurityconsultingservicesincludingPKIsolutions,PCIservices,andencryption.SageData–ConsultingfirmSageDataoffersitsnDiscoveryLogAnalysisserviceforenterprisecustomers.sandSecurity–sandSecurityoffersarangeofsecurityconsultingservicesincludingassessmentsandriskmitigation.Seccuris–Seccuris,nowpartofAboveSecurity,providesconsulting,MSS,andsecurityeducationalservices.SecureAnchor–SecureAnchorprovidesvulnerabilityassessment,penetrationtesting,andforensics.SecureDigitalSolutions–SecureDigitalSolutionsprovidesarangeofITsecurityandGRCconsultingservicesSecureIdeas–SecureIdeasprovidesarangeofsecurityconsultingsolutionsincludingpenetrationtesting.SecureState–ConsultingfirmSecureStatespecializesincompliance,informationsecurity,andincident/breaches.SecureWorx–SecureWorxprovidessecurityconsultingsolutionswithemphasisontheAustralianGovernment.
Securicon–SecuriconprovidessecuritysolutionsincludingassessmentsofSCADA,processcontrol,andotherareas.SecurityArt–SecurityArtprovidesarangeofcybersecurityconsultingservicesincludingredteamexercises.SecurityAuditSystems–SecurityAuditSystemsprovidesarangeofsecurityconsultingservicesincludingpenetrationtesting.SecurityCompass–SecurityCompassprovidesapplicationsecurityassessmentandsecuredevelopmentadvisory.SecurityManagementPartners–SecurityManagementPartnersprovidessecurityandITassurance-consultingservices.SecurityMetrics–SecurityMetricsprovidesPCIDSS,HIPAA,anddatasecuritycomplianceassessments.SecurityRiskSolutions–SecurityRiskSolutionsprovidesinformationsecurityandcomplianceconsultingservices.Secur1ty–Secur1typrovidesasocialplatformforconnectingcustomerswithsecurityexpertsondemand.SenseofSecurity–InformationsecurityservicesproviderSenseofSecurityislocatedinAustralia.Sentor–SentorprovidesITsecurityservicesincludingnetworkprotection,logmanagement,andvulnerabilitymonitoring.Sera-Brynn–Sera-BrynnprovidesPCIDSSQSAservicesaswellassecurityriskmanagementconsulting.7Safe–7Safeprovidesinformationsecurityconsulting,penetrationtesting,training,andrelatedservices.SingularSecurity–SingularSecurityprovidesarangeofriskanalysis,vulnerabilityassessment,andcybersecurityservices.Spohn–Spohnofferssecurityauditandassessmentservicesinadditiontotelecommunicationsandtraining.Spyders–SpydersisaCanadianfirmprovidingITandnetworksecurityconsultingandadvisoryservices.StealthEntry–StealthEntryoffersanexperiencedcybersecurityandnetworkassessmentteaminColumbus,Ohio.StickmanConsulting–StickmanConsultingisasecurityconsultingfirmthatspecializesinPCIDSScompliance.STIGroup–STIGroupprovidesarangeofstrategicandtacticalinformationsecurityservicesforclients.StratumSecurity–Washington-basedStratumoffersarangeofinformationsecurityconsultingservices.StrozFriedberg–NowpartofAon,StrozFreidbergprovidesinvestigationandresponse-basedconsultationservices.S21sec–S21secisamultinationalfirmthatprovidesarangeofcybersecurityservicesandtechnologyacrossmanyindustries.Sunera–SuneraprovidesITandriskadvisory,informationsecurity,andcorporate/regulatorygovernanceconsultingservices.Sword&Shield–Sword&Shieldprovidesarangeofmanagedandprofessionalcybersecurityservices.Symosis–Symosissupportssecureapps,mobile,andcloudplatformsthroughassessments,gapanalysis,andduediligence.Syndis–Syndisisasecuritythinktankofferingarangeofcybersecurityservicesincludingpenetrationtesting.Synercomm–SynercommisanIT,mobility,infrastructure,audit,testing,andsecurityconsultingfirm.SystemExperts–SystemExpertsisaboutiqueproviderofITcomplianceandsecurityconsultingservices.TAGCyber–TheTAGCyberteamprovidesexpertconsulting,assessment,andtrainingincybersecurity.TainoConsultingGroup–Boston-basedfirmTainoConsultingGroupspecializesinsecurityriskmanagement.TangibleSecurity–TangibleprovidessecurityconsultingincludingassessmentsandvirtualCISOforgovernment.TBGSecurity–TBGSecurityprovidessecurityconsultingtoassistwithcomplianceinHIPAA,PCI,andrelatedframeworks.TDI–TDIprovidesarangeofsecuritytechnology,policycompliance,andauditconsultingservices.TechMahindra–LargeIndianoutsourcingandtechnologyfirmTechMahindraincludescybersecurityconsulting.Telos–Telosprovidesarangeofcybersecurity,securemobility,andidentitymanagementsolutions.TemplarShield–TemplarShieldprovidesarangeofsecurityconsulting,managedsecurity,andrecruitingservices.Tevora–Tevoraprovidessecurityconsulting,riskmanagement,andcompliancesolutionsforenterprisecustomers.360CyberSecure–Texas-based360Secureprovidesarangeofsecurityconsultingandassessmentservices.TigerSecurity–TigerSecurityprovidessecurityconsultingservicesincludingoffensive,investigation,andintelligence.TiroSecurity–TiroSecurityprovidesstaffingandconsultingserviceswithemphasisonsecurityassessmentsandvirtualCISO.TopgallantPartners–TopgallantPartnersprovidessecurityconsultingservicesincludingassessment,audit,andriskanalysis.TorusTechnologies–TorusTechnologiesprovidesvaluedaddedresalesecurityincludingconsultingofferings.TrojanHorseSecurity–TrojanHorseSecurityprovidespenetrationtestingandcomplianceassessments.TruSecConsulting–TruSecprovidessecurityconsultingservicesincludingITcomplianceassuranceandITriskmanagement.TrustedSec–TrustedSecprovidesarangeofsecurityconsultingservicesincludingpenetrationtesting.TrustWave–CybersecurityfirmTrustWaveincludesPCIDSS,managedsecurity,andsecurityconsulting.TSGSolutions–TSGSolutionsoffersinfrastructuresecurityandtechnologysolutionsincludingriskmanagement.TwelveDot–TwelveDotprovidesarangeofsecurityconsultingwithemphasisonmobileandcloud.2BSecure–2BSecureprovidesarangeofvalueaddedresellersolutionsininformationsecurity.2-sec–2-secprovidesarangeofsecurityconsultingoffersincludingpenetrationtestingandPCIDSSservices.UrbaneSecurity–UrbaneSecurityprovidesinformationsecurityconsultingservices.ValueMentorConsulting–ValueMentorConsultingprovidessecurityconsultingincludingcomplianceandassessments.VariQ–SecurityconsultingcompanyVariQcoversIT,cybersecurity,andsoftwaredevelopment.Varutra–Varutraoffersarangeofinformationsecurityconsultingandtrainingservicesforenterprisecustomers.VerisGroup–CybersecuritycompanyVerisGroupoffersarangeofcybersecurityconsultingservices.Verizon–Verizonofferscybersecurityconsultingaspartofitsportfolioforenterprise.Vigilant–Vigilantprovidessecurityservicesincludingmanagednetworksecurity,managedendpoint,andconsulting.VigiTrust–VigiTrustprovidessecuritytraining,compliancereadiness,GRC,andrelatedsecurityprofessionalservices.VoodooSecurity–Voodooofferssecurity-relatedprofessionalservicesforenterpriseandsecuritytechnologyvendors.
Wipro–WiproprovidesITservices,consulting,andoutsourcing,includingapracticeinITsecurityservices.WizlynxGroup–WizlynxGroupprovidesarangeofITsecurityservicesbasedonitsInformationSecurityCompetenceCenter.Xyone–Xyoneprovidessecurityconsultingincludingpenetrationtesting,compliance,incidentresponse,andtraining.Yarix–Yarixprovidessecurityconsultingservicesincludingpenetrationtesting,forensicanalysis,andaudit.Control47:SecurityRecruitingSecurityrecruitinginvolvestheon-goingattentionandfocusrequiredbyenterprisesecuritymanagerstoproperlynurture,improve,andgrowtheirpresentandfuturestaff,oftenwiththeassistanceofthird-partyexecutivesearchspecialists.Sinceenterprisesecurityissuchagrowingfield,muchofthisrecruitingfunctioninvolvesfindingthebestqualifiedcandidatestofillessentialroles–whichadmittedlycanbearewardingandevenexcitingactivity.ToomanyCISOsdonottakethetimetonurturetrustedrelationshipswithexecutivesearchfirms,andthisleadstorushedengagementswhenexternalsearchassistanceisrequired.AstheCISOpositioncontinuestoevolvetoafully-recognizedexecutiveappointment,onecanonlyhopethatmoreattentionisplacedinthisarea.SearchfirmsalsobearsomeoftheresponsibilityforlessthanstellarrelationshipswithCISOstodate.NotrecognizingtheuniqueaspectsoftheCISOrole,manysearchfirmsthrustgeneralsolutionstostaffingproblemsatthesecurityteam,onlytoproduceconfusionanddistrust.Thecomingyears,wemusthope,willbringanewsetofcloser,moretrustedrelationshipsbetweensearchfirmsandsecurityexecutives.Itisworthnotingthatthistrustisineveryone’sinterestasCISOsseektostafftheirlocalteams–oralternatively,seektofindtheirownpotentialnewopportunities.GeneralOutlookThegeneraloutlookforsecurityrecruitingsolutionsinvolvestransitionfromisolatedfocusonjobsearchopportunitiestoamoreholisticfocusoncareermanagementforCISOsandtheirteams.Thetransitionalsoinvolvesashiftfromtransactionalretainedsearchtoamorerelationship-basedpartnershipoveralongerperiod.Firstgenerationsecurityrecruitingfrom1998to207involvedaheadhuntermentalitywithabuckshotapproachtofindingcandidates,oftenwithhighfeesbeingpaidbyallparticipants.Secondgenerationsecurityrecruitingfrom2007to2016involvedincreasedpartnershipbetweensearchfirmsandmoreinformedCISObuyersdoingabetterjobworkingwithsearchfirms.Duringthisperiod,therateofexecutivemovesattheCISOlevelreachedfeverpitch,especiallyinfinancialservices,whereCISOsseemedtoshiftjobseveryfewmonths(perhapsformoremoney).Alsoduringthisperiod,manynewcollegehiresweremadebasedonthegraduate’sabilitytoperformcybersecuritychores.Thirdgenerationsecurityrecruitingfrom2016to2025islikelytocontinuethetrendtowardamoreprofessionalapproach,basedonrelationshipsandholisticcareermanagement.Therangeofsearch,recruit,andhireoptionswillincrease,andmoreexecutivesearchfirmswillmoveinthedirectionofusingsearchasafree,loss-leadertowardmorepotentiallylucrativeconsultingengagements.
Figure47.2018SecurityRecruitingOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,sincerecruitingandsearchfirmsarealreadymovinginthedirectionofmoreextensiveconsultativeroleswiththeirbusinessclients.AlsoexpecttoseeaburgeoningofvirtualCISOswhohelpclientsgettheirprogramsupandrunning,sometimeshelpingtoselectandhireamorepermanententerprisesecuritymanagementteam.AdviceforEnterpriseSecurityTeamsThisadviceismostlyforCISOs:Takeamomenttoreflectonallthoseemailoffersyougeteachdayfromexecutivesearchfirmssuggestingthatyougettogethertomeet.IfyouarelikeyourCISOpeers,thenyoudeletetheseoffersfromyourin-box,perhapsgrimacinginangerasyoudoso.Aspainfulasthismightseem,especiallyifyouareatypicallyintrovertedCISO,youshouldtakesomeofthesecallsandsetupsomeoftheseappointments.Buildingarelationshipwithasolid,trustworthyexecutivesearchfirmwillpaydividendsinthefuture,andwillfutureproofyoufromthatawfulfeelingwhenanewprojectpopsupthatrequirestennewstaffimmediately,orwhenyouneedanewincidentresponsemanageryesterday.Youshouldalsotakethetimetobelessintrovertedandtrytoattendmoredinners,cocktailparties,andothereventswithyourpeers.Theseactivitiesextendyourreachandwillhelpyouidentifygreatcandidateswhentheneedarises.AdviceforSecurityTechnologyVendorsIfyouareanexecutivesearchfirm,thenretainedsearchremainsthestapleofyourrevenuestream–andthisisfinefortheforeseeablefuture.Butyoushouldopenyourselftothepossibilitythatyourservicesarebetterviewedasconsulting,andthatyouhaveauniquevantagepointtohelpdecisionmakerswithbusinessissueswellbeyondtherecruitingofnewmanagersorstaff.FocusonbuildingrelationshipswithCISOsandtheirreports,andtrytoextendyourrangeofprofessionalservicesbeyondretainedsearch,becauseifyoudonot,thentheenormousnumbersofsecurityconsultantsoutpeddlingtheirwaresmightdopreciselythattoyou.ListofSupportVendors
Acumin–AcuminispartofRedSnapperGroupwithexecutivesearchreachacrosstheUK(headquartered),Europe,andtheUS.AllianceResourceNetwork–AlliancehasofficesinNY/NJwithfocusonbroadsetofC-suitepositionsincludingcybersecurity.AltaAssociates–BoutiquesearchagencyAltaAssociatesfocusesoninformationsecurity,riskmanagement,GRC,andprivacy.AshtonSearchGroup–AshtonSearchGroupoffersengineeringandtechnicalrecruitingincludingcybersecurity.Assevero–Asseverooffersarangeofcybersecurityservicesforbusinesscustomersincludingsecurityrecruiting.Barclay-Simpson–SearchfirmBarclay-Simpson,locatedintheUK,specializesinITsecurityandauditpositions.BeecherMadden–UK-basedBeecherMaddenisasearchandselectionbusinessprovidingcorporatepositionsincludingcyber.BenchmarkExecutiveSearch–Benchmarkincludesapracticeincybersecurityandsecurecommunications.BlackmereConsulting–Blackmereoffersspecializedrecruitingserviceswithafocusoninformationsecurityandenterpriserisk.BrandonBecker–BrandonBeckerfocusesonplacementinnetworking,cloud,security,andvirtualization.BridgenGroup–ExecutivesearchfirmBridgenGroupspecializesinseniortoC-levelpositionsandcyberresponse.CaliberSecurityPartners–Caliberprovidessecuritytechnicalandadvisoryservices,aswellasstaffing,forenterprise.CyberSearchWest–CyberSearchWestisasearchfirmspecializinginthemanagedsecurityservicessector.CyberSecurityRecruiters–CyberSecurityRecruitersperformsrecruitingforsecurityprofessionalsfromCISOtoanalyst.CyberSN–BoutiquerecruitingcompanyCyberSNspecializesincybersecuritytalentincompaniesaroundtheworld.Cyber360Solutions–Cyber360Solutionsprovidesinformationsecuritysearchandrecruitingservices.DirectRecruiters–RecruitingfirmDirectRecruitershasmanyareasofstaffspecializationincludinganITSecuritypractice.EgonZehnder–MajorglobalexecutivesearchfirmEgonZehnderfocusesonC-suiteandboardlevelpositions.ExecRank–ExecRankprovidesanon-linemarketplaceforexecutiveandboardsearchandconnections.FirstArrowExecutiveSearch–FirstArrowExecutiveSearchfocusesontheintelligence,DoD,andFederalmarketplace.GlenmontGroup–GlenmontGroupoffersexecutivesearchwithemphasisonlegalandlitigationsupportpositions.RobertHalf–RobertHalfoffersstaffingfocusedinaccounting,technology&IT,administrative,creative,andlegal.HammerConsulting–HammerConsultingfocusesonstaffingpositionsrelatedtosalesteamsfortechnologycompanies.Heidrick&Struggles–Heidrick&StrugglesfocusesonexecutiveandseniorleadershippositionsincludingCISOandCSO.IntelligentExecutiveSearch–IntelligentExecutiveSearchprovidesexecutivecareerdevelopmentportalservices.KornFerry–MajorexecutivesearchfirmKornFerryhasexpertiseinfinance,industrial,technology,andlifesciences.KreamerSearchPartners–KreamerSearchPartnersisasearchfirmsupportingplacementinnetworkandcybersecurity.Leathwaite–GlobalsearchfirmLeathwaiteisfocusedonexecutivepositionswithinthefinancialservicesindustry.KenLeinerAssociates–KenLeinerAssociatesisasearchfirmfocusedonVP,operations,marketing,andengineeringpositions.LenznerGroup–LenznerGroupisanexecutivesearchgroupfocusedonsecurity,riskmanagement,andcyberintelligence.LJKushnerandAssociates–LJKushnerandAssociatesisanexecutivesearchfirmfocusedoninformationsecurity.MantaSecurityManagementRecruiters–Florida-basedrecruitingfirmMantaSecurityfocusesonsecuritymanagement.McIntyreAssociates–BoutiquesearchfirmMcIntyreAssociatesfocusesoncybersecuritypositions.MomentumSecurityRecruitment–MomentumspecializesinrecruitingacrosstheUK,Europe,MiddleEast,andAfrica.Nclav–NclavisaplatformfromJonathanMartinezforconnectinghiringcompanieswithsecuritypractitioners.NicholsonSearch–NicholsonSearchfocusesonbusinessintelligence,CRM,ITmanagement,andcloudcomputingpositions.121SiliconValley–121SiliconValleyprovidesexecutivesearchandrecruitingservicesforsoftwarecompanies.PinnaclePlacements–SanFranciscofirmPinnaclePlacementsaddressessecurityindustryrecruitingandsearchopportunities.PotomacRecruiting–PotomacRecruitingservesconsulting,ITservices,healthcare,andgovernmentsectorsaroundtheworld.Reflik–Reflikisasocialrecruitingplatformforobtainingreferralsoftoptalentinvariousindustries.Romack–Romackprovidesarangeofprofessionalstaffingservicesinvariousareasoftechnology.RussellReynolds–RussellReynoldsspecializesinseniorexecutiveandboard-levelopportunitiesaroundtheworld.SabatGroup–NewJersey-basedrecruitingfirmSabatGroupfocusesonplacinginformationsecurityprofessionals.SecureRecruitingInternational–Tampa-basedSecureRecruitinghasfocusedoncybersecurityindustryrecruitingsince1997.SecurityHeadhunter–FloridasearchfirmSecurityHeadhunterfocusesoninformationsecurityrecruitment.SecurityRecruiter–SecurityRecruiterprovidesrecruiting,education,andcareercoachingforinformationsecurityprofessionals.Secur1ty–Secur1typrovidesasocialplatformforconnectingcustomerswithsecurityexpertsondemand.Silverbull–Connecticut-basedSilverbullspecializesincybersecurity,IT,andrelatedtechnologysearchandrecruiting.SoftwarePlacementGroup–SoftwarePlacementGroupprovidesrecruitingservicesfocusedonsoftwareandsalespositions.SpencerStuart–SpencerStuarthasemphasisonplacingseniorexecutiveandboard-levelpositions.SRPCareers–SRPCareersisaPhoenix-basedagencywitharangeoffocusincludingtechnologyjobs.SSRPersonnel–SSRPersonnelfocusesmostlyonfire,safety,andphysicalsecuritypositionsglobally.StanleyReid&Company–StanleyReid&Companyfocusesontechnicalrecruitingforcyberandcomputernetworkoperations.Syndicus–SyndicusplacesITstaffingandconsultingservicepositionsincludingemphasisinhealthandlifesciences.TemplarShield–CybersecurityconsultingandstaffingfirmTemplarShieldoffersprofessionalrecruitmentservices.TiroSecurity–TiroSecurityisacybersecurityconsultingfirmwithstaffingandexecutivesearchservices.TopDogRecruiting–TopDogprovidesmidandseniorlevelrecruitingservicesinIT,engineering,healthcare,andITsecurity.Toptal–Toptalisauniqueservicethatprovidesmeansforcompaniestohireexpertfree-lancersinvarioustechnologyareas.
Tri-Secure–Tri-Secureofferscybersecurity,telecom,anddatacenterrecruitmentservicesinLondon.ViaResource–ViaResourceofferssearchandrecruitmentservicesfocusingoninformationsecurityandriskmanagement.ZRGPartners,LLC–ZRGPartnersofferscybersecurityrecruitingandrelatedsupportservices.Control48:SecurityR&DSecurityResearchandDevelopment(R&D)involvestheforward-lookinginvestigationandcorrespondingresultsthatstemfrompureandappliedresearchincybersecurityalgorithms,technology,andarchitecture.PreciousfewenterprisesecurityteamshavethecapacitytosponsorinternalsecurityR&D,andifso,thenitismorethanlikelybeingdonebyaFortune50company–andwithonlyacoupleofexceptions,isnotlikelytobemuchgood.Thatsaid,companiesofallsizesandshapescanlearntoconsumesecurityR&D,andbythis,wemeanmorethanjustdetailedinformationonthelatestmalwarebeingreportedonCNN.Instead,wemeanabsorbingusefulresultsbeingreportedbycomputerscientistsspecializinginthisarea.CybersecurityR&Dpriortothemid-1990’swasavibrantcomponentofthecommunity(gobackandlookattheconferenceproceedingagendasfromthetime),butseemedtobecomedepressedwiththeinventionofthewebduringthatera,anditsattendantbusinessopportunities.Sincethen,securityR&Dhasbeenmostlyfocusedondevelopingdeeperunderstandingofmalware,andcreatingmorelethalmeansforoffensiveattack.Whileacademicsatuniversitiesandgovernment-fundedresearchcentersdotheirbesttodaytomakeimportantresearchcontributions,therealityisthatcybersecurityR&Dislargelyirrelevanttotheenterpriselevel,andabsolutelynothingfromtheresearchcommunityhasbeenhelpfulinstoppingtheworldwidejailbreakofmalwareexploits,dataloss,andavailabilityattacks.IfyouaskthetypicalCISO,forexample,whatsortofresearchtheyreadandfollow,you’llhearthattheyscanBrianKrebs’website–orsomethinglikethat.Recently,however,theembryonicbeginningsofsomeexcellentsecurityR&Darefinallystartingtoresultincreativenewapproachessuchasdeeplearningandartificialintelligence-basedsolutions.Vendorshavebeenthefirsttojumponthesebandwagons,butCISOteamsareadvisetolearntoreadandunderstandthisresearch,ifonlytobecomebetterbuyersoftheattendanttechnologyproducts.ThebottomlineisthatwithoutvibrantcybersecurityR&Dfundedatalllevelsofindustry,academia,andgovernment,thepremisethatanenterprisecanstopnation-stateattackersisfatallyflawed.Theoffensecontinuestoinnovateatarapidpace,sothedefensemustdosoaswell.TheviewhereisthatR&Dresultswillbeasimportanttoenterprisecyberdefenseinthecomingdecadeasnewtools,techniques,andprocesses.Weinthedefensivecommunitymustsimplyupourgameandbecomesmarter.GeneralOutlookThegeneraloutlookforsecurityR&Dsolutionsinvolvestransitionfrompractical,business-orientedresultsinthelate90’ssuchassignaturesofattacktomoreholistic,threat-orientedR&Dsolutionsaddressingfoundationalissues.ThisR&Dtransitionisalsobeginningtomovefrompureoffensetoabroaderperspectiveonbothoffenseanddefense–andthismeansmorethanjustacademicresearchincryptography.FirstgenerationsecurityR&Dfrom1998to2007involvedmostlyoffensiveR&Dincludingsignatures.SomebusinessesbegantofundR&D,
butonlythelargest.Focusonscienceandtheorydriedupalmostcompletelyduringthiseraamidstthedot-comgoldrush.SecondgenerationsecurityR&Dfrom2007to2016involvedtheearlybeginningsofsomedefensiveR&Dfocusedonthreats,andacademicsdiscoveredthatcybersecuritywouldhelpthemgetgrantsandgaintenure–whichresultedinsomeunevencontributions.Aslightreturntoscientificandtheoreticalresultsoccurredduringthisera,oftenfromgovernmentorganizations.ThirdgenerationsecurityR&Dfrom2016to2025shouldexpecttoseedramaticallyimprovedresultsthatareapplicabletotheenterprisefrommanydifferentsourcesinacademiaandgovernment.EnterpriseteamswillcontinuetomostlyconsumeR&D,ratherthanfundit.ThebestenterpriseteamswiththehighestsuccessratesinstoppingadvancedattackswillattributepartoftheirexcellentresultstoasteadyingestofgreatsecurityR&Dideas,techniques,andresults.
Figure48.2018SecurityR&DOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookismoderate,sincealmostnoCISOteamsconsidersecurityR&Dtobepartoftheirprogramtoday.Instead,theyinvitevendorstocomeintotheirconferenceroomstotouttheirlatestmachinelearningadvance.ThisisnotaningestofR&Dbyenterprise,andthefactthatitremainstheonlylifelinetotheresearchcommunitytodayintroducesrisktotheoutlookpredictioninthisarea.Perhapsasmorestudentsgraduatefromacademiccybersecurityprogramswithdegreesandcertificates,thehabitofreadingandusingsecurityR&Dwillincrease.AdviceforEnterpriseSecurityTeamsGetyourteamtogethertodayanddiscussthisissue.Tobeapropercyberdefender,youwillneedtobeconsistentlyknowledgeableofthebestavailableresearchresultsincyber.Startaweeklylunchandlearn,forexample,withyourteam,whereeachweek,someonereportsonapapertheyhaveread.Selectmaterialsfromthebestresearchersatgreatinstitutionssuchasuniversities,federallyfundedresearchinstitutes,andevenlargecompanies.Becarefultonotconfusevendormarketingwithresearchresults.Someofthelargervendorsdooffersomeusefultutorials,butthesearemorethanlikelydesignedtoleadthehorsetowater(sotospeak).OfallthesecuritycontrolsintheTAGCyberSecurityAnnual,thismightbethemostdifficulttoconsistentlysupport,simplybecausesomanyCISOsandtheirteammembersdidnot
comefromtheresearchcommunity.Butthisisnoexcuse:YoumuststarttodaytoconsumearegulardietofsecurityR&Dandyouwillseehowpowerfulthiscanbeindesigningthebestprotectionofyourassets.AdviceforSecurityTechnologyVendorsVendorshavealreadyfiguredoutthatsecurityR&Disanimportantdifferentiatorintheirproductmarketing.TheproblemisthatmostofthisR&Dhasbeenfocusedonmalwareandthreatidentification.Security“research”isusuallyconnectedtofindingreportedvulnerabilitiesorstolencreditcardsonthedarkweb,andthisisnotwhatismeantherebyR&D.Therecentintroductionofmachinelearning,deeplearning,andartificialintelligenceresearchisabetterexampleofthesortofthingthebestvendorsinthecomingdecadewillbedoing.Here’sanidea:WhynotgetouttheretodayandstartsponsoringboothsatIEEE,ACM,andsimilarlyresearch-orientedconferences.Thepapersaretentimesbetterthanthebigmammothconferences(whichhavebecometerrible,bytheway),andthepeopleyouwillmeetwillbeinteresting,capable,andpotentialbuyersofyoursolution.Asabonus,theboothfeesarelower.ListofSupportVendorsAdventiumLabs–Adventiumsolveshardproblemsincybersecurityresearchanddevelopment(R&D)withemphasisonautomatedreasoning.AppliedPhysicsLaboratory(APL)–PartofJohnsHopkins,APLincludesanR&Dprogramfocusedonvariousaspectsofcybersecurity,mostlyfordefensepurposes.AT&T–AT&Tmaintainsagroupofsecurityresearchersfocusedoninnovationandforwardlookingsolutionsformobilityandvirtualizationsecurity.BlueRISC–BlueRISCprovideshardware-assistedendpointsecurityforanti-tamperandcyberprotection.BrookingsInstitute–BrookingsisathinktankinWashingtonthatoffersforward-lookingviewsoncybersecurityandrelatedissues.CSIS–CSISisaDC-basedorganizationthatincludesmanymajorretiredandformerofficialsfromgovernmentandindustrywithauniqueinsightintofuturetrendsincybersecurity.ERNW–ERNWisanindependentITsecurityservicesandconsultationcompanyspecializinginknowledgetransfer.Galois–Aspartofitscomputerscienceandmathematicsservices,GaloisprovidesR&Dinseveralareasofcomputersecurity.Google–Googleincludesacybersecurityresearchteamfocusedoninnovationinvariousaspectsofsecurityandprivacy.HPESecurityResearch–HPEoperatesamajorcorporatecybersecurityresearchgroupwithalong-standingtraditioninsupportingR&Dobjectives.IBM–TheWatsonResearchgroupatIBMcontinuestoprovideexcellentR&Doutputinsomanydifferentareasincludingcybersecurityresearchanddevelopment.IOActive–IOActiveprovidesarangeofsecurityhardwareandsoftwareassessmentsandresearchservices.Kyrus–Kyrusfocusesonsecurityresearch,reverseengineering,computerforensics,andsecuresoftwaredevelopment.LincolnLaboratory–LincolnLaboratoryisaFederallyfundedresearchinstituteconnectedwithMIT.MarylandCybersecurityCenter–ConnectedtotheUniversityofMaryland,theMarylandCybersecurityCentersupportsresearch,education,andoutreach.McAfee–TheMcAfeeteamcontinuestoprovideadvancedresearchinmalwaretechniquesandstructures.MicrosoftResearch–Microsoftcontinuestomaintainoneoftheleadingcorporate-fundedresearchteams.MITRE–MITREisaUSFederally-fundedorganizationfocusedonavarietyofresearchanddevelopmentsolutionsincludingcybersecurity.NavalResearchLaboratory–NRLisoneoftheoriginalresearchlaboratoriesincybersecuritywithcapabilityinformalmethods.NSSLabs–NSSLabsprovidesexpertcybersecurityresearchandanalysisservicesforenterprisecustomers,withemphasisonpractical,hands-onexperienceandtestwithsecurityproducts.NYUTandonEngineering–SeveralresearchactivitiesaresupportedatNYUledbyNasirMemon.OxfordUniversity–Oxfordprovidescybersecurityandprivacyresearchwithfocusonformalmethods.RANDCorporation–RANDconductsresearchincyberspaceandcybersecuritywithemphasisongovernment-relatedissues.ReservoirLabs–ReservoirLabsprovidesarangeofscientificandtechnicalresearchinareassuchasnetworktechnologyandsecurity.
SandiaNationalLaboratories–SandiaisaFederallyfundednationallaboratoryincludescybersecurityprogram.SecDevGroup–SecDevGroupisacyberresearchthinktankthatprovidesopenintelligencetoimproveawarenessincybersecurityandrelatedareas.Securosis–SecurosisisanindependentsecurityresearchandadvisoryfirmofferinginsightsintoWeb2.0,APTprotection,andsecurityinvestment.SRIInternational–SRIisanon-profitresearchinstitutethathaspioneeredmanyareasofcybersecurityincludingintrusiondetection.Symantec–Aspartofitsendpointsolutions,Symantecprovidesadvancedresearchinmalwaretechniquesandstructures.Syndis–SyndisisasecuritythinktankinIcelandofferingarangeofservicesincludingpenetrationtesting.TechGuard–TechGuardprovidesarangeofcybersecurityandinformationassurancesolutionsforcommercialandgovernmentcustomersincludingsecurityR&D.TelAvivUniversity–TelAvivUniversitysupportscybersecurityresearchandsponsorsCyberWeekeachyear.UniversityCollegeLondon–UniversityCollegeLondonincludesaninformationsecurityresearchgroupfocusedoncryptography,anonymity,authentication,andotherareas.USArmyResearchLaboratory–TheUSArmy’sresearchlabincludesprogramsincybersecurityresearchandinformationassurance.WapackLabs–WapackLabsprovidescyberthreatanalysis,securityresearch,andintelligenceservices.Control49:SecurityTrainingandAwarenessSecuritytrainingandawarenessprogramsinvolvetheeducation,teaching,andmessagingrequiredtoimprovethecyberskillsofsecurityexperts,ITprofessionals,seniorexecutives,andeverydaysupportstaff.Asyouwouldexpect,thiswiderangeoftrainingtargetsbegsacommensuratewiderangeofeducationapproaches.Cybersecurityexperts,forexample,requirespecializedfocusinaspectsoftheirdisciplinesuchasfirewalladministration,vulnerabilitymanagement,andcomplianceautomation.ITprofessionals,incontrast,needmorebasicintroductionstocybersecurity,butinwaysthatdonotinsulttheirtechnicalbackgroundsandknowledge.Seniorexecutivesmightbethemostdifficultforsecuritytrainingandawarenessprogramsbecausetheytendtobeentrenchedinworldviewsbasedonexperiencethatmightbeatoddswithcybersecurityconcepts.Forexample,seniorexecutivesdemandattributionandmotivationexplanationsafteranattack,onlytobeannoyedwhentheyaretaughtthatthesearenoteasilyobtained–orfranklyevenrelevanttoprotectioninitiatives.Day-to-daysupportstaffareusuallysubjectedtoawarenessprogramsdesignedtoreducethelikelihoodthattheywilldosomethingincrediblystupidfromasecurityperspective.Suchprogramstraditionallyhavebeenterrible,withlongboringemails,poorlyproducedvideos,andtritebrochuresthatwouldinsulttheintelligenceofeventhemostardentLuddite.Thetrendinsecuritytrainingandawarenessispositive,however,withorganizationsnowrealizingthatlearningprogramsareintendedtoinspire,motivate,anddrivepeopletoaction.Accordingly,betteruseofprofessionallydevelopedcontent,improvedintegrationwithsocialnetworks,andmoreappropriatemessagingareallattributesofmodernenterprisesecuritytrainingandawarenessprograms.Thistrendwillcontinue,andinfact,accelerate,especiallyforday-to-daysupportstaffawareness.Expectvideotobetheprimarydeliverymechanism,whichsurprisinglymakesYouTube(ofallthings)avitalcomponentofthetypicalenterprisecybersecurityinfrastructure.GeneralOutlook
Thegeneraloutlookforsecuritytrainingandawarenessinvolvestransitionfromgeneraleducationtomoredomain-specifictraining,especiallyforexperts.Thetransitionalsoinvolvesshiftfromconventional(translation:boring)InfoSecsessionsforstafftomuch-improvedexperiencesusingsocial,video,andviralmeansfordelivery.Firstgenerationsecuritytrainingandawarenessprogramsfrom1998to2007involvedunevenquality,lackofmuchcreativity,andmostlyineffectiveprogramsleadingtopoorresults.Secondgenerationsecuritytrainingandawarenessprogramsfrom2007to2016introducedearlyvideousewithimprovedquality,morecreativity,andon-linelearning.Theresultsremainedlargelyineffective,asevidencedbythejailbreakofincidents,break-ins,anddatalossexperiencedbybusinessandgovernmentduringthisperiod.Thirdgenerationsecuritytrainingandawarenessprogramsfrom2016to2025shouldexpecttoseehighlyprofessionalprogramsofhighqualitywithemphasisonvideoandsocialnetworks.Moredomain-specificoptionswillbeavailableforexpertsinareassuchasICS,IoT,mobile,virtualization,andcloud.On-lineoptionswillimproveaswell,withmassiveopenon-linecourses(MOOC)beingofferedonworld-classplatformsatlowcost.
Figure49.2018SecurityTrainingandAwarenessOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,sincethetrendshavealreadybeguntoshifttomuchhigherqualitytrainingandawarenessprograms.MOOCofferingsfromthemorepopularon-linelearningplatformcompaniesarenowexcellent,oftenprovidedbysomeofthegreatestuniversitiesintheworld.AdviceforEnterpriseSecurityTeamsRethinkyourtrainingandawarenessprogramifyouarestillsendingbadsecuritywarningemailswiththetitle:“Attention:AllStaff.”Thisisnotthewaytoinspireyourstafftowardimprovedsecuritydecision-making.Lookforvendorswhocanprovideyouworld-classtrainingcontentvideos,oftenonasubscriptionbasis.Also,recognizethattrainingexpertsandmakingstaffawarearetwoseparateactivitiesthatshouldbemanagedandbudgetedseparately.Toomanycompaniesforgetthatexpertsrequirecontinuedtraining,especiallyinafieldasdynamicandchangingascybersecurity.AdviceforSecurityTechnologyVendors
Ifyouprovidesecurityawarenessandtrainingcourse,thenyoudon’tneedtohearitherethatyouarebusy.Thegoodnewsisthatwillcontinuesolongasyoufocusoninspiringandengagingyourlearners.Donotrestonold,traditionaltrainingmethods:Becreative.IfyouprovidetrainingsuchasPhishtesting,orotheractivemeansforteachingstafftomakebettersecuritydecisions,thenyouarealsobusy.Butyoumustalsorecognizetheneedtocontinuallyimproveyourmeansfordeliveringlearningmessages.JustbecauseyousoldtenPhishtestslastyeardoesn’tmeanthatCISOswillcometotheviewthattheycangethackedjustaseasilywithyouaswithout.Ifyoutrainexperts,thenmakesureyouofferlotsofdomain-specificoptions.Thishasnotbeenanissueforthecompaniesofferinglearningeventsandmini-conferences.Theseareexcellentresourcesforexperts.Onelastpointisthatifyourunconferences,thenpleasetrytoimprovethecontent.Securityconferencesaredevolvingintosocialeventswithvacuousinformationfromspeakersandpanels.ListofSupportVendorsAboveSecurity–AboveSecurityincludestrainingaspartofalargeportfolioofmanagedandconsultingservices.Accumuli–TrainingisincludedaspartoflargersetofserviceofferingsfromAccumuli,whichispartoftheNCCGroup.AdventIM–AdventIMprovidesknowledge-basedconsultingandtrainingservicesforenterprisecustomersintheUK.AppSecLabs–AppSecLabsprovidesapplicationsecurityservicesincludingdesign,analysis,training,andassurance.AspectSecurity–AspectSecurityincludestrainingaspartofitsapplicationsecurityservicesuite.Ataata–Thesecuritytrainingstart-upoffersoriginally-producedvideocontenttoimprovecyberawarenessintheenterprise.AttackResearch–AttackResearchprovidesarangeofsecurityconsulting,assessment,andtrainingservices.BHCLaboratory–BHCLaboratoryprovidesindependentsecurityconsultationandadviceforbusinesscustomers.BillingtonCyberSecurity–TomBillingtonprovidesworld-classcybersecurityseminarsoncyberpolicyandtechnology.BitSec–BitSecGlobalForensicsoffersconsultingandtrainingtogovernmentandlawenforcement.BitshieldSecurity–BitshieldsecurityprovidesITsecurityconsultingandprofessionaltrainingforcustomersinthePhilippines.BugSec–BugSecoffersarangeofinformationsecurityservicesandproductsforenterprisecustomers.CIS–TheCenterforInternetSecurity(CIS)includesarangeoftrainingandawarenessresourcesinsupportoftheCISControls.CompliancePoint–CompliancePointprovidesarangeofcomplianceassessments,consulting,andmanagedIT.CyberCrocodile–CyberCrocodileoffersinformationtechnologyeducationspecializingininformationsecurity.CyberDiligence–CyberDiligenceisaforensicsfirmthatprovidesarangeofcomputercrimeandinvestigativetraining.CyberGym–CyberGymoffersreal-worldcyberdefense-trainingarenaforcriticalinfrastructureorganizationsinIsrael.DenimGroup–DenimGroupprovidessecuresoftware,includingappdevelopment,assessment,training,andconsulting.Fortalice–Fortaliceprovidessecurityconsultationandtrainingservicesforbusinessandgovernment.FoxIT–Fox-ITcombineshumanintelligencewithtechnologytoprovidesecuritysolutionsandtrainingforcustomers.GlobalLearningSystems–GlobalLearningSystemsisaMaryland-basedcompanyofferingsecurityawarenesstraining.TheGRCGroup–TheGRCGroupprovidesGRCtraining,certification,andresourcesforenterpriseprofessionals.GRC20/20Research–GRC20/20Researchprovidesresearch,workshops,andconsultingsupportinGRCforenterprise.Grid32Security–Grid32providesarangeofsecurityservicesincludingpenetrationtestingandvulnerabilityassessment.HackLabs–HackLabsprovidesarangeofsecurityconsultingandtrainingservicesincludingpenetrationtesting.H-BarCyberSolutions–H-BarCyberSolutionsprovidesarageofsecurityconsulting,compliance,andsecuritytrainingservices.IANS–IANSoffersseminarswithexpertcoordinatorsfocusedonavarietyofpracticalcybersecuritytopics.Infinigate–InfinigateisaUK-basedvalueaddedresellerthatincludessecuritytrainingandconsultingservices.InfoSecInstitute–InformationsecuritytrainingfromInfoSecInstituteincludeshands-onandbootcampofferings.InfoSecSkills–InfoSecSkillsofferstrainingcoursesintheUKandAustraliatosupportprofessionalcybercareers.InfoSecure–PartofBeOneDevelopmentGroup,InfoSecureprovidesawarenessandsecuritytraining.InternetworkDefense–InternetworkDefenseisasmalltrainingconsultancyofferingCISSPtrainingbootcamps.Interskill–InterskillprovidesmainframetrainingwithcatalogofIBMmainframeandsecuritycourses.ITSecurityExperts–ITSecurityExpertsisaUK-basedgroupofferingsecurityconsultingandtraining.justASC–justASCisaUK-basedinformationsecurityconsultingcompanythatincludestrainingandawareness.KindusSecurity–KindusSecurityisaUKsecurityconsultingcompanywithon-linesecuritytraining.LearningTree–LearningTreeoffersarangeofnetworking,data,application,businessandcybersecuritytraining.Lunarline–Lunarlineoffersarangeofcybersecurityproductsandservicesincludingtraining.MADSecurity–VARsecuritysolutionsandconsultingfirmMADSecurityoffersrangeofsecuritytrainingoptions.MavenSecurity–MavenSecurityprovidessecurityconsultingandtrainingincludingWebandnetworksecurityassessments.
MediaPro–PacificNorthwestfirmMediaProprovidesarangeofawareness,security,andprivacytraining.Metacompliance–MetacomplianceprovidesGRC,compliance,andsecurityawarenessforcustomersintheUK.MetaIntelligence–MetaIntelligenceprovidesintelligenceservices,riskmanagement,securitytraining,andpentesting.MISInstitute–MISInstituteofferscoursesininternalaudit,ITaudit,andinformationsecurity.Navixia–SwissinformationsecurityconsultingfirmNavixiaoffersarangeofsecurityawarenesstraining.OffensiveSecurity–OffensiveSecurityprovidesinformationsecuritytraining,certifications,andservices.Optiv–ValueaddedresellerOptivoffersinformationsecuritysolutionsandtrainingservicesaspartofitssolutionset.PAConsultingGroup–PAConsultingGroupisalargeconsultancythatoffersinformationsecuritytrainingforcustomers.PaloAltoNetworks–PANofferssecuritytrainingservicesincludingaCertifiedProfessionalServicesProvider(CPSP)program.ParameterSecurity–ParameterSecurityoperatesaHackerUniversitytrainingprogram.PentesterAcademy–PentesterAcademyofferstechnicalcoursesinJavascript,Forensics,Shellcoding,andpenetrationtesting.PhishLabs–PhishLabsprovidessecurityandtrainingservicesfocusedondetectingandpreventingphishing-relatedthreats.PhishMe–Phishmeprovidesaserviceforusingsimulatedphishingscenariostotrainemployeesaboutthethreat.PhoenixTS–PhoenixTSprovidesvendorcertifications,learningresources,andinstructor-ledcourseinIT,cloud,andsecurity.RavenEye–RavenEyeprovidessecurityconsultingincludingethicalhacking,PCIDSSQSAservices,andpenetrationtesting.RedTigerSecurity–RedTigerSecurityisaSCADAconsultingservicesfirmofferingcoursesinsecuringICS/SCADAsystems.RedVector–RedVectorprovidesonlineeducationandtrainingforvariousindustriesincludingsomecybersecurityofferings.Root9b–root9bprovidesadvancedcybersecuritytrainingandconsultingalongwithregulatoryriskmitigationservices.Safelight–PartofSecurityInnovationsince2014,Safelightoffersarangeofsecuritytrainingoptions.SANS–SANSoffersafullcurriculumofcybersecuritycourses,education,andtrainingfromexpertinstructors.SCADAhacker–SCADAhackeroffersexperttrainingservicesandresourcesforsecuringICS/SCADAsystems.SecureNinja–SecureNinjaoffersaspecializedrangeofcybersecuritytrainingandITsecurityservices.TheSecurityAwarenessCompany–WinnSchwartauoffersinformationsecuritytrainingandresources.SecurityAwareness,Inc.–SecurityAwarenessInc.offerssecurityawarenessforgovernmentandcommercialcustomers.SecurityInnovation–SecurityInnovationofferssoftwaresecurityservicesandapplicationsecuritytraining.SecurityMentor–SecurityMentorisaCalifornia-basedtrainingandsecurityawarenessservicesfirm.SecurityOrb–SecurityOrbisaninformationsecurityandprivacyWebsitewithtrainingandawarenessresourcesSecurityUniversity–SecurityUniversityspecializesinCISSP,CompTIA,andQ/ISPsecuritytraining.SeeSecurity–Israel-basedSeeSecurityisaninformationsecurityandcyberwarfarecollegeofferingadvancedtraining.SkillbridgeSecurity–SkillbridgeSecurityprovidesarangeofcybersecuritytrainingservicesincludingtailoredcourses.Symantec–NowpartofSymantec,TheHackerAcademyprovidesmodulesandinstructor-ledsessionsininformationsecurity.Symosis–Symosisprovidesassessments,gapanalysis,securitytrainingandduediligence.Syntrio–Syntrioisacomplianceandtrainingorganizationthatincludescybersecuritytrainingcourses.TAGCyber–TAGCyberoffersvariouson-siteandvirtualcybersecuritytrainingofferings.TeachPrivacy–TeachPrivacyoffersarangeofprivacyandinformationsecuritytrainingincludingHIPAA.TrailofBits–TrailofBitsprovidesexpertcybersecurityresearchandtrainingservicesforcustomers.Varutra–VarutraisasecurityconsultingfirmlocatedinIndiathatoffersinformationsecuritytraining.VigiTrust–VigiTrustprovidessecuritytraining,compliancereadiness,GRC,andrelatedsecurityprofessionalservices.VisibleStatement–VisibleStatementprovides24/7informationsecurityawarenesssolutionsinmultiplelanguages.Wombat–Wombatoffersinteractivesecuritytrainingandphishsimulationservices.WombatacquiredThreatSIMin2015.Control50:SecurityValueAddedReseller(VAR)SolutionsSecurityvalueaddedreseller(VAR)solutionsinvolvethebundledcollectionsofproductresale,expertconsulting,systemintegration,purchasingsupport,managementadvice,andothertailoredprofessionalservicesofferedtoeasetheenterprisetaskofselectingandbuyingcybersecurityproductsandservicesfromvendors.EarlyVARsolutionsweredesignedtodothepaperworkinvolvedinbuyingfrommanydifferenthardwareandsoftwaresolutionsfromsecurityvendors(andothertypesofvendorsaswell).Overtime,thesecurityVARdevelopedintoaone-stopshopfororganizationswhopreferredtooutsourcemuchofthepurchasing,contracting,andotheradministrativetaskswhenputtingtogetherasecurityarchitecture.ThegoodnewsforsecurityVARsisthatthisfurtherevolvedintoatrustedadvisoryrole,onethatsupportedasintimateabusinessrelationshipasonemightfindinalong-timeconsultant.The
badnews,however,isthatwiththeclearshiftfromlengthydeploymentcyclesforhardwareproductstoimmediatepoint-and-clickprovisioningofsoftwareappliances,theroleofthesecurityVARwillcertainlyshift.Whetherthisshiftisgoodorbadforthevalue-addedsecurityindustryremainstobeseen,butclearlytheavailablebusinessopportunitieswillchange.ThemostaggressivesecurityVARswilladjustandexpandtheirconsultingoffers,andsomewillemphasizesomeaspectoftheirservicethatislesseasytovirtualize,suchasalocalgeographicknowledgeinaremoteregion.GeneralOutlookThegeneraloutlookforsecurityvalueaddedreseller(VAR)solutionsinvolvestransitionfromhardwareproductsalesandsupporttoarchitecturalstrategyandplanningsupport.Thistransitionalsoinvolvesshiftfromadministrationofproductresaletosolutionsconsultingviatrustedpartnerships.FirstgenerationsecurityVARsolutionsfrom1998to2007involvedone-stoppurchasingsupportformostlyhardwaredealswithheavytransactionorientation.ManyVARsincludedintheirvaluepropositiontheabilitytosellintoalocalregionbasedonculturalknowledgeorlanguageabilities.SecondgenerationsecurityVARsolutionsfrom2007to2016involvedanincreaseinsolutionofferings,stillmainlytransactionoriented,butwithearlyfocusonbuildinglastingpartnershipsthroughguidanceandconsultation.ThirdgenerationsecurityVARsolutionsfrom2016to2025shouldexpectamassiveshifttoself-provisionedvirtualappliances,whichwillforceVARstoserveinamoreconsultativerole.ThegoodnewsisthatbusinessforsecurityVARsinthecomingyearswillshiftfromtransactionaltostrategic.
Figure50.2018SecurityValueAddedResellerOutlookTheTAGCyberdegreeofconfidenceinthispredictiveoutlookishigh,sincetheabilitytoprovisionviapoint-and-clickportalinterfaceshasalreadybeguntochangethewayCISOteamspurchaseproducts.SDNinfrastructurefromIPSteamswillalsoincludethisabilitytoself-provisionapplicationsintoservice-chainedrun-timeobjects–whichwillonlycontributefurthertotheevolutionofthesecurityVARroleinbusiness.AdviceforEnterpriseSecurityTeams
TheadvicehereistospendsometimethisyearwithanysecurityVARsolutionprovidersyoudealwithtoday,andaskforadescriptionoftheirroadmapfordealingwiththeshifttoself-provisionedsoftware.Iftheytellyouthatitwillbebusiness-as-usualinthecomingyearsforvalue-addedsecurity,thenyouhavethewrongpartner.IfyouhaveatrustedpartnershipwithanexistingsecurityVAR,thentakeadvantageofthisbyinvestingintherelationship.Helpthembecomeavaluedconsultanttoyourbusiness,offeringguidanceasyounavigatethecomplexityofmultiplevendorofferingsacrosscloud,mobile,virtual,andrelatedemergingtechnologies.AdviceforSecurityTechnologyVendorsSecurityVARsmustimmediatelytakeadvantageoftheirrelationshipstodevelopdeeper,morestrategicpartnershipsastrustedconsultants.EvensecurityVARslocatedinaremoteregion,wheretheirservicesincludelocal,culturalandlanguagesupport,mustbemindfulthatpoint-and-clickinterfacesknownogeographicboundaries.Thevastnumberofvalue-addedresellerswillcollapseandconsolidateinthecomingyears,andtheonewhowillsurvivearethosewhodecidetoadaptandevolveimmediately,notwaitingforthoselucrativehardwareresaledealstodiminish.Thisistheyeartoact.ListofSupportVendorsABR-PROM–ABR-PROMhasbeenprovidingsolutionssuchasSecPointtocustomersinPolandsince2000.AccessIT–AccessITprovidesITsecurityandinfrastructuresolutionsthroughVARpartnershipswithmajortechnologyproviders.Accunet–Accunetprovidesstorage,datacenter,security,network,andvirtualizationsolutionssince1997.Aggeios–AggeiosisavalueaddedresellerofmanagedITservices,informationsecurity,anddatacenterlocatedinKuwaitCity.TenFour–PreviouslyAlliant,thesolutionprovideroffersutilityITservices,security,unifiedcommunications,andmore.AlpineCyberSolutions–AlpinefocusesonvalueaddedsecuritysolutionsforcustomersintheBaltimore-Philadelphiamarket.AlveaServices–ALVEAServicesprovidesmanagedITsecurityandbusinesscontinuitysolutionsthroughchannelpartners.AlusOutsourcing–AlusOutsourcingprovidesinformationsecurityandrelatedservicestocustomersinBrazil.AmanInformationSecurity–AmanInformationSecurityisaQatari-ownedconsultingandVARsecuritysolutionfirm.ARAMATECH–ARAMATECHoffersVARsecuritysolutionsincludingGRCintheNetherlandsandDenmark.Arcon–ArconisamanagedsecurityservicesproviderservingenterprisecustomersinLatinAmerica.Asgent–AsgentprovidesnetworksecurityandvalueaddedresellersolutionsforSMB,primarilyinJapan.Assuria–Assuriaprovidessecuritysolutions,securitysoftware,andmanagedSIEM.AVPSistemas–AVPSystemsisaVARsolutionproviderlocatedinEcuadorandservingLatinAmerica.AxxumTechnologies–Axxumoffersvalueaddedservicesincybersecurityandinformationassurance.BaicomNetworks–BaicomNetworksisaLatinAmericanvalueaddedsecuritysolutionproviderinArgentina.BridgewaySecuritySolutions–BridgewayisaconsultativeresellerofferingsupportandguidanceforbusinessesintheUK.Br-secure–BrazilianvalueaddedsecuritysolutionproviderBr-secureoffersarangeoftechnologypartners.Carahsoft–ITsolutionsproviderCarahsoftfocusesontrustedgovernmentofferingsincludingcybersecurity.Cirosec–CirosecisaGermaninformationsecurityconsultingfirmwithvalueaddedsolutionsthroughpartners.Colvista–ColvistaisaLatinAmericanITproviderinBogotaofferingconsultingandintegrationservices.Comda–ComdaisanintegratorofsecuritysolutionsinIsraelwithfocusonbiometrics,accesscontrol,anddigitalsigning.ConquestSecurity–Conquestprovidessecurityservicesandsolutionsinconjunctionwithasetofsecuritytechnologypartners.CriticalStart–CriticalStartisasecurityconsultingfirmlocatedinTexasareawithpenetrationtesting,risk,andVARsolutions.CyberDefenses–CyberDefensesprovidesarangeofsecurityprofessionalservicesforbusinessandgovernmentcustomers.CyberHound–CyberHoundprovidessecuritysolutionsincludingNGFAandsecureWebgatewayviatechnologypartnerships.DenverCyberSecurity–DenverCyberSecurityprovidesITsecurityservicesviapartnershipswithSolutionaryandWombat.DigitalScepter–ServicesfirmDigitalScepteroffersarangeofvalueaddedresellersecuritysolutions.Digivera–Digiveraprovidesinformationsecurity,managedservices,andtechnologyconsultingservices.DimensionData–NTTparentownedITservicesfirmDimensionDataoffersVARsecuritysolutions.E-DataTeknoloji–ValueaddedresellersecuritysolutionproviderE-DataTeknolojiislocatedinTurkey.eMazzantiTechnologies–eMazzantiprovidesITtechnologyconsultingforbusinessincludingvariousITsecurityservices.EmpoweredNetworks–CanadianfirmEmpoweredNetworksofferstechnologyservicesandsolutionsincludingsecurity.EnterpriseTechnologyPartners–EnterpriseTechnologyincludesinformationassuranceandVARofferings.eSecurityToGo–eSecurityToGoprovidesvalueaddedsecurityandnetworkingsolutionsincludingITsecurityconsultation.
E-SPIN–PartofagroupofcompaniesinMalaysia,HongKong,andChina,E-SPINoffersVARservices.ETEK–Bogota-basedvalueaddedresellerETEKoffersarangeofcybersecurityandrelatedservices.Fortress–Singapore-basedvalueaddedresellerFortressprovidesITsecuritywithanofficeinMalaysia.GigaNetworks–Florida-basedfirmGigaNetworksoffersnetworksecuritysolutionsincludingVARservices.GuidePointSecurity–GuidePointSecurityprovidesinformationsecuritysolutionsusingarangeoftechnologypartners.HardSecure–HardSecureprovidesvaluesaddedresale(VAR)securitysolutionsincludingconsulting.Infinigate–InfinigateisaVARintheUKofferingsecurityservicesfromcompaniessuchasCorero,Dell,andTrustwave.Infogressive–Lincoln,NebraskafirmInfogressiveofferscybersecurityVARservicesandtraining.InfoGuard–InfoGuardprovidesICTsecurityproducts,professionalservices,andmanagedsecurityforbusinesscustomers.InfoLock–infoLockprovidesinformationsecurityconsulting,integration,andvalueaddedresale(VAR)services.IntellectSecurity–IntellectSecurityprovidesvalueaddeddatasecurityandencryptionsolutions.Intrinium–CloudandmanagedITconsultingfirmIntriniumoffersarangeofVARsolutionsincludingsecurity.IPS–IPSisasmallCanadianvalueaddedreseller(VAR)ofcybersecurityproductsandservicesforbusiness.iSecure–Woman-ownedITsecurityproviderlocatedinRochesterandofferingVARsecuritysolutions.ISnSC–ISnSCisaMiddleEasternpenetrationtestingandITsecuritysolutionsvendorwithVARcapabilities.Italtel–ItaliantelecommunicationsandITsolutionsfirmItalteloffersarangeofmanagedandVARservicesincludingsecurity.ITCSecureNetworking–ITCSecureNetworkingisaUK-basedintegratorincludingservicesfromthecompany’sSOC.IT2Trust–IT2TrustisaScandinavianvalueaddeddistributorofITandnetworksecuritysolutions.Lumenate–Lumenateprovidesarangeofvalueaddedsolutionsincludingsecurityandcompliancethroughpartners.MADSecurity–MADSecurityprovidesVARsolutions,inadditiontoarangeofsecuritytrainingservices.MindPointSecurity–MindPointGroupprovidesarangeofmanaged,compliance,andcloudsecurityservices.MissionCriticalSystems–MissionCriticalSystemsisanITsecurityresellerintheSoutheastUnitedStatesandCaribbean.MSPStream–ManagedITservicesandsolutionsproviderMSPStreamoffersarangeofcybersecuritysolutions.M.TECH–M.TECHisaregionalITsecurityVARfocusedonsecuritysolutionsofferedthroughsecuritytechnologypartners.Namtek–NamtekisaNewHampshire-basedsecuritycontrolsandservicesproviderwithVARcapabilities.NCCGroup–AccumuliSecurity,partofNCCGroup,providesvalueaddedsecurityprofessional,managed,andtrainingservices.NetpoleanSolutions–Netpoleanisasecuritysolutionsvalueaddedreseller(VAR)focusedontheSoutheastAsiaregion.NetworkSecurityGroup–NetworkSecurityGroupprovidessecuritysolutionsthroughsecuritytechnologypartnerships.Nexum–NexumisasecuritysolutionsproviderworkingwithtechnologypartnerssupportedfromNexumSOCcenters.NH&A–NH&Aprovidessecuritysolutionsforenterprisecustomerthroughpartnershipswithsecuritytechnologyproviders.NorsemanDefenseTechnologies–NorsemanisasmallVARproviderservingFederalGovernmentcustomersintheDCarea.Nuspire–Nuspireprovidesarangeofmanagedsecurityandnetworksolutionsthroughavarietyoftechnologypartners.OneSecure–OneSecureTechnologyprovidesenterprisesecuritysolutionsincludingemail,network,data,andWebsecurity.Optiv–OptivisaVARcybersecuritysolutionsproviderbuiltfromtherecentmergerofFishnetSecurityandAccuvant.Performanta–PerformantaprovidesarangeofsecurityVAR,technical,andconsultingservicestobusinesscustomers.ProactiveRisk–ProactiveRiskisaNewJersey-basedVARwithsecurity,software,andsupplychainfocus.Proficio–ProficioisaVARsolutionsprovideremphasizingmanagedsecurityservicesincludingSOCandSIEM.Referentia–ReferentiaisaVARsolutionsproviderlocatedinHonoluluthatincludescybersecurityoffering.ReliaQuest–ReliaQuestisasecurityconsultingfirmlocatedinFloridathatincludesVARsecuritysolutions.RRC–UkrainianVARsolutionsproviderRRCincludesarangeofresaleofferingsfordatasecurity.SaaSSecurity–VARsecuritysolutionsproviderSaaSSecurityinNorwaysupportstechnologypartnersincludingProofpoint.SecureCommerceSystems–SecureCommerceSystemsisaVARsolutionsproviderinTexasthatofferssecurityproducts.SecureNation–VARsecuritysolutionsproviderSecureNationislocatedinBatonRouge,Louisiana.Securicon–InformationsecurityconsultingfirmSecuriconislocatedinNorthernVirginiaofferingVARsecuritysolutions.SecurityinMotion–SecurityinMotionprovidesITsecuritysolutionsincludingsecuritytechnologyproducts.SeguridadIT–SeguridadITisaVARsecuritysolutionsproviderinSpainwithextensiveCiscoproductofferings.Sengex–Sengexprovidesarangeofsecuritysolutionsformobileanddataprotectionthroughpartnerintegration.SharperTechnology–SharperTechnologyisaveteranownedITinfrastructureanddatasecurityVARsolutionsprovider.SimetTeknoloji–SimetisaTurkey-basedVARsolutionsproviderfocusedoncomputerandnetworksecurity.SNBGroup–SNBGroupisaVARsolutionsproviderintheMiddleEastfocusedondatastorage,security,andIT.Starlink–StarlinkisasecurityadvisoryandvalueaddedsolutionsproviderlocatedintheMiddleEast.STEBRI–STEBRIisanITSolutionsproviderlocatedinSloveniawitharangeofcybersecurityofferings.SupyaSecurity–SupyaSecurityisaTurkishVARsolutionsproviderthatincludesresaleofferingsfordatasecurity.Syntegrity–Syntegrityprovidessecurityproductsandservicesincludingsupportforidentityandaccessmanagement.Techlab–TechLabprovidesmanagedandvalueaddeddatasecurityproductsandservicesincludingmobiledevicesecurity.TemplewoodHomelandSecuritySolutions–Templewoodofferscybersecuritysolutionsthroughpartnerships.TorusTechnologies–TorusTechnologiesprovidesVARsecuritysolutionsalongwitharangeofsecurityconsultingofferings.Towerwall–TowerwallisasecurityconsultingandVARsecuritysolutionsproviderlocatedinMassachusetts.
2BSecure–2BSecureisasecurityconsultingfirmthatprovidesvalueaddedresellersolutionsininformationsecurity.2Keys–Canadianfirm2Keysprovidesdesign,integration,andoperatingsecuritysolutionswithVARcapability.VILSOL–ManagedsecurityservicesandVARsolutionsproviderVILSOLoffersnext-generationfirewallsinLatinAmerica.Westcon–WestconGroupisaVARanddistributorofnetwork,unifiedcommunications,datacenter,andsecuritysolutions.Wontok–WontokprovidesvalueaddedservicesandendpointsecuritysolutionsX-martSolutions–X-martSolutionsisaVARsolutionproviderlocatedinSaoPaulo,BrazilservingLatinAmerica.
