CEO Choi Won-sik of Palo Alto said, “Today's event is designed to showcase security-related issues in 2018 and how Palo Alto Networks is preparing for it. Palo Alto Networks has been doing well in a rapidly changing market environment and I think we can show a better picture in this year. I look forward to your continued interest.”
According to the announcement, Palo Alto Networks' 2018 security prospect is as follows.
The first topic was ‘the need to protect data on cloud systems.’ As the use of third-party cloud storage continues to increase, the scope of security provided by cloud service providers includes network, storage, and computing resources. Therefore, since users are responsible for security of data stored in the cloud, it is forecasted that the importance of the response to this will increase.
Simple Storage Service (S3) of AWS, a leading cloud service, uses 'bucket' as containers for online data storage in the cloud. Whenever a user error occurs in the configuration of the bucket, anyone can freely access the data via the Internet. In fact, over the past several months, there have been accidents in which sensitive files, passwords, home addresses, customer databases and information of about 180 million US voters have been exposed.
In particular, care must be taken in the case of data that can be overwritten when configuring buckets. If any attacker finds a fixable bucket, he can upload malware to the bucket and overwrite the files. Also, if the user stored code in these storages, this can also change.
The second topic was ‘the importance of data integrity management.’ As the damage of data loss and theft to businesses and governments is getting bigger, it is forecasted that the demand for securing data integrity will also increase.
If data integrity is violated, not only it can be critical to the financial market, but also it becomes possible to inflate the stock price of a company by manipulating sales results. In the case of public institutions promoting Smart City, if the data of the IoT system ranging from the traffic lights to the waterworks are altered, it may cause serious trouble.
To ensure data integrity, you need to know what data is retained, how to collect and create it, and where the most sensitive part of the data is located. In addition, if a user name or a password fails to provide security functions using the multifactor authentication (MFA) technique, an additional layer of security should be provided. In addition, you must protect sensitive data through encryption. As the effectiveness of encryption depends on which key management strategy you choose, it is significant to choose the most appropriate strategy to the company.
The third topic was ‘continuous heat of ransomware.’ It is predicted that ransomware attackers, who have gained successful experience of revenue generation last year, will continue to create damage in 2018 with more sophisticated techniques and increased scale. This is because the ransomware attack, which has evolved into a highly profitable business model, can be executed only with limited technology; thereby attacks became easier through the appearance of ransomware as a service.
Moreover, it is predicted that there will be more ransomware for political issues than pecuniary gain in 2018. As a typical example, the ransomware 'RanRan' in the Middle East in 2017 required politicians to send messages by creating a website instead of demanding money.
The presenter, General manager Jo Hyun-seok, introduced by saying, “In a situation where legacy security solutions are inevitably becoming more vulnerable to ransomware, the most effective countermeasure is to secure a platform that share threat intelligences regardless of the location of attacks in real time by automatic communication between firewalls and endpoints based on proactive counter policies.”
The fourth topic was ‘the need to manage security against potential security threats to Internet (IoT) devices’. Although the positive impact of IoT technology on daily life is increasing, security threats are also increasing behind the convenience, and it is becoming possible for attackers to cross the network through personal devices. Therefore, he emphasized that even if personal devices are not the company's assets, each company's CISOs should include management of these devices within their corporate security strategy, and regular employee training on application settings and device security settings.
The fifth topic was 'coming of the era of attack through software supply chain'. Over the past two years, there have been cases of cyberattacking through a software supply chain that provides reliable software and updates. They attacked software developers by using ‘credibility’ that users allowed to their developers so that it becomes easier to access different networks instead of directly attacking the target by using phishing and vulnerabilities.
Palo Alto Networks predicted that by 2018, such attacks will be more frequent in terms of frequency and severity, so it needs to be prepared. Attacks through the software supply chain represent a need to build a network that can have the visibility of every point in the attack's life cycle and detect and block out-of-the-box behaviors. In order to prepare for a new era of attack, the company will need to have technologies and processes that can prevent trusted software from suddenly turning into malware through automatic updates.
The sixth topic was 'the need for automatic threat handling for operational technology environments'. Recently, there is a growing demand for Automated Threat Response (ATR) technology because recent malicious actions are taking predefined actions to check for new technologies such as behavioral analysis and artificial intelligence.
ATR is a technology designed to automate the process of detecting threats and automate the process of closed defenses, which reduces the burden on SecOps and shortens response times. As the frequency and size of intelligent attacks continue to evolve, it is necessary to acquire ATR technology based on behavior analysis and intelligent security threat analysis environment.
As Palo Alto Network is expected to begin mass deployment of ICS (industrial control system) security in major infrastructure and manufacturing environments, 2018 will be the year in which the effects of ATR adoption in the area of operational technology (OT) will become visible. In fact, major companies in related fields have completed the PoC, started segmentation work, and added behavior analysis and anomaly detection technologies to enhance the security of the OT environment.
These solutions include dedicated sensors and modules to supplement Security Information and Event Management (SIEM). Initially built with independent discovery tools, these ICS network monitoring solutions are predicted to be configured to effectively respond to the threats by being integrated into devices such as next-generation firewalls.
Finally, the seventh topic was 'development of machine learning technology to enhance cybersecurity'. In the past, many companies have responded to cyber-attacks by using signature-based security products on endpoints, networks, or in the cloud, but signature-based malware detection is becoming ineffective as cyber-attackers automate malware generation. It is hard to say that machine learning technology is a breakthrough in cybersecurity, but its impact on the defense approach to cyber-attacks continues to increase.
In addition, Palo Alto Networks introduced some of their products are using machine learning technology to predict user and device behaviors and detect irregular acts presenting the sign of an attack such as ‘Traps’, an intelligent endpoint security product, and ‘LightCyber’, a behavioral analysis solution for network security.
General Manager Jo Hyun-seok said, "In 2018, more CISOs are expected to include machine learning technology in cybersecurity strategies. In the healthcare field, where massive amounts of data are actually being generated, there are already more instances of using machine learning for intelligent malware detection. Applications for machine learning are likely to continue to increase.”
Copyright ⓒ Acrofan All Right Reserved