Cisco: Cloud Traffic Surge Will Complicate Security4:00 PM EST Fri. Feb. 22, 2013
Cloud computing will have a major impact on the threat landscape and the way companies deploy security controls to protect data, according to the Cisco 2013 Annual Security Report. While adoption of cloud services has been gradual, Cisco predicts a substantial increase in cloud traffic and said a convoluted network perimeter is muddling security activities and making security management more complex.
Global data center traffic is expected to quadruple over the next five years, and the fastest-growing component is cloud data. Cisco predicts that by 2016 global cloud traffic will make up two-thirds of total data center traffic.
Cisco said the lines of control are blurred in the cloud. An uncertain network edge makes deploying firewalls and antivirus more complicated. Other controls become difficult to deploy because the data center is not owned and operated by the organization, Cisco said.
Hypervisors, the systems that create and operate virtual machines, pose a risk, according to Cisco. Gaining control of a hypervisor could give a hacker an opportunity to steal data from multiple servers. An attack known as hyperjacking can enable a remote attacker to take complete control of a server. To date, the attack has been only proven by security researchers. There have been no documented cases of the attack taking place in the wild.
Threat totals increased significantly in 2012, rising nearly 20 percent over 2011. Organizations are having a difficult time keeping vulnerability management systems updated and patched, and a shift to virtual environments is making it more difficult, according to Cisco. Resource management attacks, which generally result in a denial-of-service condition, made up the largest threat group, consisting of SQL injection, cross-site scripting and buffer overflow vulnerabilities. The security industry needs to become better equipped at handling these coding errors, Cisco said.
Malware writers increasingly use encryption and code obfuscation to make it difficult to detect and reverse-engineer malicious code, but an emerging technique called self-camouflaging malware is making malware even stealthier by blending it with specific software already present on the system it infects. Cisco believes the emerging technique will thrive, concealing an increasing amount of malware from the static analysis phases of most malware detection engines.
The rapid adoption of BYOD and multiple devices per end user coupled with the growth of cloud-based services makes it almost impossible to manage security capabilities at each endpoint, Cisco said. Network monitoring across all vectors is becoming increasingly important, the company advised. Network activity needs to be collected, stored and analyzed to make risk-based decisions.