This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
2014 witnessed a number of high-profile threats, with bugs such as Heartbleed, Shellshock, and Cryptolocker causing quite a few alarms and disruptions to many Developers, System Administrators and online security experts around the world. The Shellshock bug in particular was so fluid and complicated that experts estimated it to potentially affect half of the websites on the internet.
As we move into 2015, it remains important to remain vigilant and prepared in lieu of impending threats and security risks. In our 2014 predictions that we made one year ago, we made the following predictions:
- Growth of network virtualization
- Security virtualization in the public cloud
- Online file sharing being embraced by corporate IT
- Growth in data and availability demands make cloud storage more appealing
- SMB next-generation firewall becomes cloud-connected
- End user and mobile app usage continues
- Cloud for off-siting, mobility and elasticity
For Barracuda's security outlook predictions for the year ahead, we do expect the trends we predicted in 2014 to continue into 2015 with the growth of online file sharing and a growing reliance on cloud storage expected to continue making headways. Here are four additional security trends that we foresee developing in the year ahead:
Attack surfaces will change
As companies move from physical to virtual to public cloud to SaaS, their attack surfaces change accordingly. An infrastructure upgrade may add multiple attack surfaces, all of which have to be secured. For example, companies that migrate from an on-site Microsoft Exchange Server to Office 365 have added a new attack surface a cross multiple threat vectors, including email and web application threat vectors.
We will continue to see threats across all vectors, with an increase in attacks related to mobile access and web applications.
Threat vectors also include email, remote access, web-browsing and network perimeters (which includes public and private clouds). Mobile internet is particularly vulnerable to phishing and social engineering attacks as mobile devices are constantly moving between secure corporate networks and unsecure home or public Wi-Fi.
There will be a continued rise in web application attacks and DDoS incidents.
The web application vector is the attack surface that is currently the least understood by most IT administrators and is generally the most exposed.
Many companies attempt to secure this threat vector with the wrong technology, like a network firewall, which can protect Layer 4 protocols and even do deep packet inspection. However, truly protecting web application layer attacks generally requires terminating the HTTP or HTTPS protocols and often rewriting traffic to identify and mitigate threats. Just as a network firewall is not designed to stop spam, it is also not designed to stop web application attacks. This type of misunderstanding leaves the threat vector exposed to attack, and gives the administrator a false sense of security.
Sign up for Computerworld eNewsletters.