When it comes to cybersecurity, the types of attacks and threat vectors are always a moving target pitting the white hats against the black hats in an epic battle for our networks that isn’t going to be won anytime soon. (Sorry to be a downer during the holidays.) But the good news is that technology is also ever evolving, and some of the smartest people are working on new ways to secure infrastructure and endpoints while also preventing future attacks from happening. While the brightest minds are working to solve those problems, we at SDxCentral are turning to the crystal ball to wildly speculate about what’s to come in the new year. Grab your tinfoil hat and a champagne cocktail, snuggle up in front of a warm fireplace, and check out our five security predictions for 2020. And if they don’t come true, AI wrote this.
More Security M&A Activity in 2020
Yes, this one seems like a gimme, but 2020 will undoubtedly see more security mergers and acquisition as the niche and emerging technology vendors get gobbled up by the traditional security vendors. The third quarter of this year reached a record high, according to Momentum’s Cybersecurity Market Review for Q3 2019. This includes 146 transactions worth more than $15.5 billion across mergers and acquisitions (39 transactions valued at $13 billion) and financing (107 transactions netting $2.5 billion).
We also expect to see larger infrastructure vendors continue working to “bake security into” all of their offerings — like VMware is doing with its Carbon Black acquisition, which the software-defined infrastructure vendor expects to net $1 billion in business this year alone.
Open Source Security Takes Hold
The security sector has lagged behind the rest of the tech industry when it comes to open source. We predict that will change drastically, and 2020 will be the year that security embraces open source. Looking back, we saw a couple of bold moves by security heavyweights this year that indicate change is afoot. This includes Google and friends launching a new open source project, called OpenTitan, that tackles silicon root of trust (RoT). The new group says it will produce a RoT silicon reference design and integration guidelines for use in data center servers, storage, and other devices — and this could be a changer for securing silicon.
And last month a new open source initiative launched targeting interoperable security technologies. The new group, called Open Cybersecurity Alliance, formed under the auspices of the Organization for the Advancement of Structured Information Standards (OASIS). It launched with initial open source content and code contributed by IBM Security and McAfee. “I’m really hoping this effort will start to encourage more collaboration, more open source in the industry,” said Jason Keirstead, chief architect at IBM Security Threat Management.
“Over the past three years I’ve seen a migration by our customers to be very receptive to [open source],” added D.J. Long, VP of business development at McAfee. “I think the time may be ripe to capitalize and take advantage of this mindset that it should be broadly adopted.”
Push to the Edge
Security needs to be anywhere and everywhere. It needs to be distributed, and close to cloud services, end users, and the billions of devices that are spread around the world to enable high-bandwidth, low-latency connections. Otherwise there’s a tradeoff between performance and security.
In light of all of this, it makes sense that some innovative vendors are using edge infrastructure to support their security platforms and services. We saw some security vendors pushing toward the edge this year including Netskope with its NewEdge infrastructure and Forcepoint’s Web Security platform. Palo Alto Networks’ Prisma Cloud security platform is another example of this approach, or what ESG calls “elastic cloud gateways.”
“We see a lot of vendors heading this way and we do see this as the way all should or will move in the future,” said Doug Cahill, a senior analyst at ESG and director of the firm’s cybersecurity practice.
Palo Alto Networks also recently announced a partnership with Google Cloud to jointly develop a new multi-cloud security framework using Prisma Cloud. We expect to see a more security vendors follow suite in 2020.
AI Will Speed Security Response — and Attacks
Humans simply can’t keep up with the plethora of emerging threats across multiple clouds, workloads, and devices. Luckily for us, machines do a better job at this. As Check Point says in a blog post about its 2020 cybersecurity predictions, artificial intelligence (AI) can accelerate the identification of and response to threats, but “cybercriminals are also starting to take advantage of the same techniques to help them probe networks, find vulnerabilities, and develop ever more evasive malware.”
BlueHexagon takes it a step further and forecasts the first malware using AI models to evade sandboxes will be born in 2020. “Instead of using rules to determine whether the ‘features’ and ‘processes’ indicate the sample is in a sandbox, malware authors will instead use AI, effectively creating malware that can more accurately analyze its environment to determine if it is running in a sandbox, making it more effective at evasion,” wrote Blue Hexagon CTO Saumitra Das in a blog post. “As a result of these malware author innovations and existing limitations, the sandbox will become ineffective as a means to detect unknown malware.”
5G Security Gets Real
As major 5G network deployments roll out in 2020, 5G security will (finally) take center stage and these complex networks open up new attack vectors and require organizations to secure a whole lot more network assets. “The infrastructure needed to roll out and manage new 5G networks requires a more complex, software-defined architecture than older communication networks,” Das said. “This new architecture means services will operate within a more complex environment with a broader attack surface that requires more security diligence on the part of the service providers.”
5G networks will also enable billions of new devices and endpoints that need to be secured at the edge of the network (see earlier prediction). “Vulnerabilities found in 5G could lead to snooping on IoT traffic, easier ways to compromise IoT devices, or even in some cases being able to remotely reprogram the IoT device,” wrote Elisha Riedlinger, COO at NeuShield, in a blog post. “What further exacerbates this issue is that IoT devices tend to stay around longer and are typically harder to update than other devices, like mobile phones, that use 5G. This means that vulnerabilities found here could have longer and further reaching ramifications.”