A Brief History of the Future of Network Security Part 2: Emerging Threats

This is the second post in a three-part Blog series on Network Security

Carl B. Forkner, Ph.D.

Emerging Threats: Timeline and Lifecycle

Contemporary and future threat landscapes are dynamic and often include unforeseen technological advances. Devices and applications are under development and appear on the market at more rapidly—and with those new technologies come new threats. Not only companies and organizations, but individual users of less expensive technology such as smartphones, tablets, and laptop computers who are novices where information security is concerned must deal with optimizing their devices and applications while blocking potential threats. With the explosion of social media as the primary source of connectivity for so many people internationally, addressing the hidden threats from social media sites is a continuing challenge…and more cross-platform sharing and integration will continue to make device and network security an evolving challenge at all levels.

The intensifying threat landscape is driving organizations to add additional security to protect networks. There were nearly 80,000 security incidents with 2,122 confirmed data breaches reported in 2014. 700 million records were lost, representing about $400M in financial losses to organizations. In 2014, about 170 million malware events occurred where 70-90% of malware was unique to individual organizations—in other words, targeted attacks. The average loss for a breach of 1,000 records ranged from $52K to $87K and the average loss for a breach of one million records ranged between $892K up to $1.77M.

The Threat Timeline

The early days of personal computer availability to consumers and the advent of the Internet and Worldwide Web are behind us. These events were followed by the parallel development of more powerful hardware appliances and more complex applications for those machines. Unfortunately, with those developments also came a thriving developmental path for malware and other methods by which to breach system and network security to obtain data from or deny use of targeted platforms.

threat-evolution

Figure 3. Threat Evolution

The threat vector is a dynamic process, with each stage of technology development being accompanied by a near-concurrent development of threats by which to exploit that technology. With a broad distribution of enterprise networks, increasing the need for access to networks and data by mobile users—both business and private, the data center has become the hub of modern global networks, e-commerce, and personal data management. From early direct attacks by hackers to modern and advanced persistent threats, the threat timeline continues to expand—necessitating continued evolution of network security measures.

The Threat Lifecycle

As the sophistication of computer network attacks developed, strategies evolved from direct attacks to the employment of strategic, patient, more complex approaches to computer network intrusion and exploitation. Along with this threat evolution came background and remote threats to computers and networks from seemingly innocuous sources, such as malware embedded in legitimate Internet links or files. With these threats, the lifecycle runs from reconnaissance of potential targets and manufacturing of the method or malware to an endpoint of receiving the desired data or effect and exploiting the results.

Cybercriminals are creating customized attacks to evade traditional defenses, and once inside, to avoid detection and enable egress of valuable data. Once inside the network, there are few systems in place to detect or better still protect against APTs. It can be seen from the threat life cycle (illustrated below) that once the perimeter border is penetrated, the majority of the activity takes place inside the boundary of the network. Activities include disabling any agent-based security, updates from the botnet command and control system, additional infection/recruitment and extraction of the targeted assets.

apt-lifecycle

Figure 4. The Advanced Persistent Threat Lifecycle

Addressing Emerging Threats: Network Security Evolution

Trends in information technology development and employment over the last 15 years have led to a need to rethink the methodology behind modern network security. To further exacerbate this challenge, these trends occurred simultaneously across major industries, all levels of business, and personal consumer environments.

How Network Security Fits In

The early days of personal computer availability to consumers and the advent of the Internet and Worldwide Web are behind us. These events were followed by the parallel development of more powerful hardware appliances and more complex applications for those machines. Unfortunately, with those developments also came a thriving developmental path for malware and other methods by which to breach system and network security to obtain data from or deny use of targeted platforms.

The evolution of network security necessarily followed the evolution of threats to the network. From the early days of simple, direct attacks to modern threats that include complex, indirect, and coordinated attacks, security development continues to counter new and future threats. The steps in network security evolution are depicted in the following figure, overlaid with threat evolution.

net-sec-vs-net-threats

Figure 5. Network Security vs. Network Threats

________________________________

Next week will be the final part in the series: Protecting the Future

________________________________

Learn More!

Network security certification training is a core competency of Dynamic Worldwide Training Consultants, offering training through internationally-recognized names such as EC-Council, Juniper Networks, and Fortinet Network Security. Check certification program and course offerings at http://www.DWWTC.com or call for a free, no obligation consultation with a Dynamic Worldwide Training Consultants advisor.

Consumer:          Call Rodger Brubacher at 602.386.2054 or rodger.brubacher@dwwtc.com

Corporate:          Call 866.399.8287 to locate your local sales representative or e-mail info@dwwtc.com

________________________________

Figures 3 through 5 adapted from Fortinet, Inc. Network Security Expert – Level 1 curriculum. Dynamic Worldwide Training Consultants is a Fortinet Premier Authorized Training Center.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s