Application security firm F5 Networks has got in on the act with its own set of security predictions for 2016, featuring the year of partnerships, SSL encryption and behaviour tracking.
2016 is the year of SSL everywhere, and the year we start inspecting outbound SSL traffic
2016 will be the year encryption becomes standard, but with this shift, it becomes harder for security teams to identify and track data loss. This past summer, hackers obtained the finger prints and social security numbers of more than 22 million people in the Office of Personnel Management breach. The hack went undetected for so long because there was no protocol for inspecting the outbound encrypted traffic that contained the stolen data.
Today’s security tools typically monitor incoming traffic for malware, but the zero-trust/SSL everywhere model leaves a blind spot for inspecting outbound flow. The need to ‘break and inspect’ outbound traffic will be crucial in securing the network in the year ahead.
Targeted attacks and mutating malware make it difficult to keep up, so we’ll start tracking behaviour
The next wave of cyberattacks have evolved and attackers are moving to a more targeted approach – with some attackers even coding to bypass specific security firms’ capabilities. This results in malware mutating at a rate that is difficult for both the enterprise and security firms to keep up with. In 2016, enterprises will struggle to keep up with fast-moving, constantly evolving threats, making behavioural analytics a new priority to ensure your data and apps are doing what they’re meant to do.
The IoT security conversation will shift from concerns about a DDoS bot army to worries about poorly secured web apps creating back doors to the data center
As more devices and applications join the IoT ecosystem, the likelihood of vulnerabilities facing data centers increases exponentially. In 2016, the industry focus will shift from concerns over IoT devices being turned into a bot army, to a conversation about keeping IoT traffic secured, and out of sensitive areas. Security teams will start establishing baselines for web application security to measure against it.
The year of the security partnership
We’ve already seen the beginnings of this trend, but in 2016 there will be an uptrend of traditional security vendors partnering with networking companies and cloud providers. In the age of hybrid data centers and mobile workplace environments, enterprises can no longer depend on traditional network firewalls to keep their data safe and vendors with areas of expertise will need to bridge the gap to create a more comprehensive security solution.
The perimeter is disappearing and vendors are teaming up to secure enterprise networks at the application level.
Photo credit: jijomathaidesigners / Shutterstock