What Will Matter in 2011
Information Security has easily been too fast of a field to provide reliable predictions. Sometimes it is hard to predict what you find if you come back from a long lunch. But lets try and play along with new years predictions. What will matter to your job this coming year?
We got a running list of various ideas from SANS Instructors [1]. Let me point out two that are sort of my personal favorites:
IPv6: Who would have guessed :) ... I think IANA may run out of IPv4 space sometime this or next week and regional registrars sometime this year. We will keep pushing IPv4 space to the limit and ignore IPv6 for as long as possible. But as usual with procrastination: What we will end up with is a lot of rushed out and broken implementations.
Social Malware: I think we will see less bots that spread via exploits but instead we will see smarter bots that find the right context to trick the user into executing them. Some of it we have seen with bots like Koobface. But there will be more, smarter, versions. Something that assembles an e-mail based on your browser history or facebook groups / pages you "like" to make it match your interest. You just went to see "Tron" in the theater? You will get an e-mail or facebook message with a secret second ending as a video file to play. Kind of like spear phishing, but more automated.
Now if you follow what I am doing, you may expect application security as one of the topics. I will skip application security prediction for 2011. I think progress will be incremental and that will be ok. People make plenty of money with "secure enough" software. There isn't currently a big change that I see coming in 2011. New software will be incrementally better as more developers figure out how to use new tools right. But legacy code will still be a huge problem and it will not be fixed in any big new ways, just one line at a time.
Wikileaks, Cyberwar, Cyber Terror: No big shifts here. It will continue to happen just like in 2010. No big new defenses either. Maybe a bit more international collaboration in fighting malicious actors.
Please feel free to add your predictions as comments below.
[1] http://www.sans.edu/resources/securitylab/security_predict2011.php
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Comments
How can we "Collaboration in fighting malicious actors." when "we" can't even work out who was behind "Stuxnet"?
What "we" need to do in 2011 is work on better forensics and live forensics in real-time.
If we can't get the forensics correct, we can't even start to think about "Collaboration in fighting" against malicious actors.
-Andrew
n3td3v IT Security
Jan 4th 2011
1 decade ago
Raymond
Jan 4th 2011
1 decade ago
From an IT security perspective, WikiLeaks isn’t just a website. WikiLeaks set the precedent and if it were shut down, another would take its place. For us – what we need to prepare for – is the web-enabled model of making security leaks of privileged information by insiders more convenient than it’s ever been before.
Strong internal controls applying the principal of least privilege are the defense against the WikiLeaks-inspired form of insider threats. You can never prevent the chance of this kind of leak completely, but by reducing the number of people with access to the kind of information that could be leaked, the volume of information that is leaked goes down in direct proportion to the reduction in access.
-Jim Zierick, BeyondTrust
Jim Zierick, BeyondTrust
Jan 4th 2011
1 decade ago