DFLabs’ 2019 Cyber Security and SOAR Predictions
The events of the past 12 months will inevitably set the basis for the cyber security trends for the year ahead, but can all activities for 2019 be that easily predicted based on the ever growing sophistication and evolving types of cyber attacks that we are continually faced with? Without a doubt, as with previous years, there is still a crucial and increasing need for organizations to be able to effectively and efficiently respond to attacks that manage to crack through their infrastructure, and the speed of detection and response to these attacks will remain a critical element for organizations in order to minimize their impact.
2018 saw a year of continued common types of cyber attacks, including those which caused some of the largest high profile data breaches in history. Despite increased legal obligations with new rules and regulations coming into force for organizations to adhere to, such as the General Data Protection Regulation (GDPR), with potentially huge fines for organizations who are not able to meet breach notifications requirements within 72 hours, and the NIS Directive providing measures to protect critical infrastructure and to boost the overall level of cybersecurity in the EU, the dwell time (from breach to discovery) of such attacks is still at an all time high, with some incidents taking a number of months or even years to come to light.
With that being said it is time to move on from 2018 as 2019 has now begun. So let’s kick off our blog for the year by hearing from DFLabs’ team of experts. Here are some of their top cyber security and Security Orchestration, Automation and Response (SOAR) predictions, which they expect to see during 2019 and beyond.
Dario Forte – CEO & Founder
Detection vs. Prevention High on C-Level Agendas
The impact of cyber security incidents will be on the agenda in many board rooms in 2019 as the consequences to organizations are being discussed at C-level during the aftermath. CISOs’ focus will continue to shift towards finding better ways to sufficiently detect and manage incidents to reduce their impact, as opposed to focusing on preventative measures to reduce the risk of an incident occurring.
Mike Fowler – VP of Professional Services
Machine to Machine Will Be the Only Method to Keep up with the Increasing Volume of Attacks
Trends clearly indicate that nation state attacks continue to increase at an alarming rate. Governments are dealing with the same issues as any cyber security organization, including increased threats from a diverse and increasingly technologically proficient enemy, correlating disparate amounts of data from various sources and the inability to train, and more importantly, the need to retain skilled responders.
This will continue as we see nations standing up cyber commands as part of their armed forces, placing a much greater emphasis on protecting not only critical infrastructure but our capability to respond effectively to cyber attacks. Any reasonable response scenario must include elements that can only be provided by an orchestration and automation solution and we will continue to see that only machine to machine responses will be able to effectively counteract attacks coming in at the speed of thought.
Michele Zambelli – CTO
A Wider Need for SOAR with an Expansion of Use Cases
During 2019 SOAR technology will be used not only for security events but for other type of alerts where automation could help, including IT incidents, fraud, physical security to name a few. Deduplications and aggregation of events will be one of the most requested features by security teams within organizations, while horizontal scalability will be a must for Managed Security Service Providers (MSSPs) as the number of use cases continues to grow.
Andrea Fumagalli – VP of Engineering
Orchestration of Existing Security Tools
With the number of disparate security tools only increasing, tools and technologies will likely continue to be underutilized and not maximized to their fullest capabilities. In 2019 we will find that is isn’t only about what tools are being used within Security Operations, but how they are being used collectively together. Orchestration will play a key part in improving operational efficiencies to enable seamless processes and workflows, fusing information and intelligence, while overall saving valuable time and human resources.
Tito Avila – VP of Global Sales and Business Development
Organizations Will Continue to Fall Behind Hackers in the Security Arms Race
Botnets can be rented by the hour. Brute force attack tools can be obtained for free at the click of a mouse. Professional criminals actually demo attacks to prospective purchasers. Hackers whether individual actors, well funded criminal enterprises, or state sponsored attackers have a bevy of sophisticated attacking tools at their fingertips. Meanwhile, in the “white hat” arena, tool budgets aren’t the biggest problem, finding professionals to man them is. Everyone is competing for the same limited pool of security talent … security firms, enterprises, carriers, MSSPs and government organizations can’t find enough prospects to fill their open requisites. If found, firms can’t keep the talent either. Turnover in the security industry is now higher than in the retail sector. Read that again. With the talent gap continuing to expand and the need to protect against better armed, better organized attackers, organizations will find it difficult to keep safe. To do so, they will need to find other new means and methods (such as SOAR technology) to do more with their existing or diminishing resources.
John Moran – Senior Product Manager
Adoption of SOAR by Managed Security Service Providers
MSSPs will increasingly turn to SOAR solutions as a way to maximize their resources and differentiate their services from their competitors who are not currently utilizing a SOAR solution. This will be especially true to MSSPs who are looking to increase the value of their Managed Detection and Response (MDR) services. On a daily basis MSSPs fight the same battles and face the same challenges that Security Operations Centers (SOCs) and Computer Security Incident Response Teams (CSIRTs) experience, just on a larger scale, so the capabilities and benefits of a SOAR solution should be utilized to their advantages for scalability purposes to meet their growing customer SLAs.
Heather Hixon – Senior Solutions Architect
The Wider Adoption of Artificial Intelligence (AI) May Have Unintended Consequences
Artificial Intelligence (AI) has gained a lot of steam in recent years. More vendors and organizations are building this capability into their products and security practices. AI, when added to a security program can help solve the dreaded false positive debate and help organizations do more with less, but there are risks associated with the adoption of this technology.
In addition to helping security teams automate manual tasks and augment the decision making processes when determining the validity of an event, Artificial Intelligence and the machine learning algorithms which drive it can open organizations up to unintended risks. Just as these organizations work to employ more of this type of technology into their defense strategy, attackers are viewing it as another attack vector which can be used to their advantage.
When choosing an AI technology, it is extremely important to understand the technology driving it and its operational use. Be sure to follow best practices for its adoption to minimize any potential risks associated with it.
Of course everyone will have a slightly different opinion and that is human nature. Therefore we would like to hear your feedback on our predictions and also hear your own predictions for the year ahead, and we encourage you to comment on the post below.
Let’s see as the new year unfolds how accurate we are, and in the meantime I am sure there are many lessons to be learned from 2018 with many new and stronger security best practices being put into place within organizations throughout the year. Unfortunately cyber security attacks are here to stay, are inevitable and will remain to plague us in the future. Today it is now more crucial than ever before to ensure we are fully prepared and are able to adequately respond to them, keeping all security incidents under control.