Patrick Crowley

Four Trends and Realities Confronting Security Today

Realities Confronting Security

Today, the number of attempted data breaches, cyber attacks, and other bad behavior by bad actors continues to go up at an alarming rate. Worse, it’s clear we can only expect the problem to get worse, not better.

It’s sad to say, but we’ve clearly reached a point where the realization that hackers are out there, actively trying to gain illicit access to a company’s network, is not a new – or shocking – concept. Instead, it’s become an accepted way of life for security professionals, an inevitability they must face each and every day as they fight to protect their networks and safeguard sensitive data.

It would be one thing if security teams only had to keep up with the increasing number and types of attacks. Unfortunately, there are four emerging technology trends that present new realities and new security challenges. Through no fault of their own, these trends seem to conspire against today’s security professionals, putting them at a significant advantage and disrupting previously successful methods.

Let’s take a closer look at each of these trends, highlight the security challenges they pose, and describe the new realities security teams must face to overcome them.

Trend #1: The inability for threat signatures to detect all risks

Signature-based threat detection refers to those security tools or technologies, such as antivirus and intrusion detections systems (IDS), that attempt to detect, capture, and quarantine a virus or entire malware families using their known signatures.

Yet in the past few years, malware-authoring techniques have evolved to the point where security tools that rely on threat signatures simply can’t keep up. Or, in the case of zero-day attacks, hackers can exploit a vulnerability the company didn’t even know existed, which means that no threat signature could have successfully prevented the attack. With signature-based threat detection, security teams are essentially operating in the dark – attempting to defend against an army of threats they can’t “see.” As a result, overall security suffers.

Trend #2: The increasing use of end-to-end encryption in networks

Whenever two devices in a network establish an end-to-end encrypted connection, the traffic flows between them (their “conversations”) is invisible to everything – and everyone – else. This is an effective strategy in preventing man-in-the-middle attacks, where an adversary can access the data communications between the two devices without raising an alert.

When we think about man-in-the-middle scenarios, we tend to think of them in this context – preventing bad guys from disrupting the system. Yet many of the most important enterprise-level security controls, tools such as next-generation firewalls, IDS solutions, payload detonation devices, and many more, all rely on man-in-the-middle techniques.

More specifically, they use deep packet inspection (DPI) to examine the data contents of packets as they move through the network. DPI technology searches for viruses, malware, intrusions or other example that doesn’t comply with protocol as it attempts to make a security determination. Yet end-to-end encryption makes DPI much less effective and prevents security teams from being able to detect if suspicious content exists in the packets. It is interesting to note that the larger global security intelligence has recognized the security flaws associated with end-to-end encryption and DPI, yet for the most part, the corporate world still lags a step behind.

Trend #3: The proliferation of connected devices

To best understand the implications of this trend, consider this thought: Have you recently purchased an electronic device that did not attempt to connect to a network in order to do what it was designed to do? Most likely the answer is no, and examples of non-connecting devices are becoming extremely rare. It’s a trend that will continue: Gartner predicts that there will be 20.8 billion connected devices in the market by 2020.

Consider the effect of the related bring-your-own-device (BYOD) trend where employees a growing number of personal laptops, tablets, phone, and other devices in the workplace. The problem is that these devices cannot be controlled – or secured – in the same way as other corporate assets. For example, security teams cannot:

  • Install security agents on them,
  • Enforce remote monitoring, records management, and remote wipe capabilities in case the device is lost or stolen,
  • Force each device to participate in multi-factor authorization schemes, or
  • Make them generate event logs, which can be sent to a central repository for long-term storage and further analysis.

Yet clearly, these devices have their upside and can be extremely productive, so the BYOD trend is not going away soon. This creates even more reason for companies and security teams to carefully consider their strategies and approaches.

Trend #4: Information overload

Virtually everyone who has worked in incident response or information security realize that that there is too much information to process efficiently – or effectively. There are simply too many machines, generating too much data, requiring too many man hours for analysts to respond to various alerts, and more frequently, false positives.

These four trends all add up to the reality that enterprise security is being substantially disrupted and common security tools and technologies – even those that may have worked in the past – can’t keep up. It’s time for a new solution.

The endpoint modeling advantage

Endpoint modeling can be the answer to overcome these challenges. Endpoint modeling is a security technology that automatically discovers each device on a network, creates a model of that device’s “normal” behavior, and continuously monitors this behavior over time to look for any deviations. This way, when an exception does occur, the endpoint modeling solutions generates a real-time, actionable alert. Security analysts can quickly drill down to see exactly what is happening and take the most appropriate action to resolve the issue.

For example, endpoint modeling can tell human operators if:

  • A medical imaging server is suddenly visited by an unknown IP address,
  • A domain controller interacts with Google forms for the first time,
  • A multi-function printer attempts to transfer a file outside of the firewall, or
  • Any other new or different device behavior that could be the first sign of compromise – or a potential attack.

Purpose-built to respond to modern security challenges

Endpoint modeling also provides a solution for each of the flaws found in the four trends above.

  • Trend #1: Threat signatures: Endpoint modeling builds its foundation on creating a model of actual device behavior, so there is no need to use signature-based threat signatures to attempt to detect intrusions, viruses, or malware.
  • Trend #2: Increasing encryption: Endpoint modeling only uses passive network metadata and does not rely on deep packet inspection to try to “look inside” the packets themselves. This means encrypted network traffic, which is invisible to conventional network security tools, can still be successfully monitored from a security perspective.
  • Trend #3: Device proliferation: Endpoint modeling thrives in an environment of a growing number of devices because it does not require agents to be installed on any of them. A network sensor monitors their behavior on the network and builds a device-specific model for each one.
  • Trend #4: Information overload: Finally, endpoint modeling is a unique and effective response to the challenge of information overload. Specifically, machines are generating huge volumes of log data that is not suitable for human consumption. Endpoint modeling automates the process to use machine-generated data and other information and produces insightful alerts and incidents more appropriate – and effective – for analysts to use to investigate further.

As IT and security professionals seek new alternatives to detect and prevent and increasing number of cyber attacks, they must first consider four significant technology trends and understand their growing impact on network security. When they do, they can begin to see how endpoint modeling can provide an advantage, both in addressing these concerns and in giving them the right tools they need to improve their security efforts.

By Patrick Crowley, Founder and Chief Technology Officer, Observable Networks

Patrick Crowley

Patrick Crowley is the founder and CTO of Observable Networks. He is also professor of Computer Science & Engineering at Washington University in St. Louis where he has been a leading researcher on deep packet inspection (DPI) technologies within various academic, commercial, and government communities.

View Website


5 Simple Tips to Help Avoid Ransomware

5 Simple Tips to Help Avoid Ransomware

5 Tips to Avoid Ransomware Ransomware is a particularly pernicious form of malware: unsatiated by simply using your system as ...

How to Avoid Becoming Another Cloud Security Statistic

Cloud Security Statistic Last year, Gartner predicted that, by 2020, 95 percent of all cloud security failures will be caused ...
The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the ...
Driving Transformation? It is possible to predict the future.

Driving Transformation? It is possible to predict the future.

Driving Transformation Previously, I wrote about the criticality of defining the Vision for your transformation - what is your real objective, how ...
Avoiding Obsolescence In The Cloud

Avoiding Obsolescence In The Cloud

The Cloud I was amused to discover this week that Microsoft aren’t supporting Internet Explorer 8 or 9 – with ...
Cloud Access Management: Access Everywhere

Cloud Access Management: Access Everywhere

Cloud Access Management As the utilization of cloud applications has become a standard of using in nearly every industry, there ...


Dropbox heads for trading debut after upsized IPO pricing

Dropbox heads for trading debut after upsized IPO pricing

(Reuters) - Having topped expectations with the upsized price of its initial public offering, Dropbox Inc on Friday faces its next big challenge: a successful launch of trading when global stock markets are the defensive ...
IDC Report: Smart Cities Initiatives to Reach $28.3 Billion in 2018

IDC Report: Smart Cities Initiatives to Reach $28.3 Billion in 2018

First-ever IDC Smart Cities Spending Guide Expects Technologies Enabling Smart Cities Initiatives to Reach $28.3 Billion in 2018 SINGAPORE, March 23rd, 2018 – Asia/Pacific (excluding Japan) on the technologies that enable Smart Cities initiatives is expected ...
BMW delays electric car mass production until 2020 for cost reasons

BMW delays electric car mass production until 2020 for cost reasons

FRANKFURT (Reuters) - BMW has held back the mass rollout of electric cars until 2020 because current fourth generation electric car technology is not profitable enough for volume production, Chief Executive Harald Krueger said. “We ...
Rackspace Extends Managed Security to Google Cloud Platform

Rackspace Extends Managed Security to Google Cloud Platform

SAN ANTONIO, March 21, 2018 (GLOBE NEWSWIRE) -- Rackspace® announced today that Managed Security and Compliance Assistance for Google Cloud Platform (GCP) is now available for preview to new and existing customers that use Rackspace Managed Services for GCP ...
Google classroom

Helping G Suite customers stay secure with new proactive phishing protections and management controls

Security tools are only effective at stopping threats if they are deployed and managed at scale, but getting everyone in your organization to adopt these tools ultimately hinges on how easy they are to use ...
Gartner Says Worldwide IoT Security Spending Will Reach $1.5 Billion in 2018

Gartner Says Worldwide IoT Security Spending Will Reach $1.5 Billion in 2018

By 2021, Regulatory Compliance Will Become the Prime Influencer for IoT Security Uptake Internet of Things (IoT)-based attacks are already a reality. A recent CEB, now Gartner, survey found that nearly 20 percent of organizations ...