Cybersecurity From A To Z: What Solution Providers Need To Know
From A To Z
The tech industry is littered with jargon, and security is no exception (in fact, it may even lead the pack). From anti-virus, to cloud access security brokers, to ransomware, to zero-day threats, there's a full alphabet of terms that solution providers need to stay on top of. Mixed into the list are also some of security's notable companies and executives, who have helped shape the market in one way or another.
As part of Cybersecurity Week CRN complied a full list, from A to Z, of what you need to know about cybersecurity.
A: Anti-Virus
At its most basic level, anti-virus software is designed to identify and block malicious content, including viruses and other malware. Most anti-virus software options rely on signature technologies, which use a database of known bad malware to scan an endpoint or environment. In recent years, there has been a move away from this type of signature-based approach, and a call for the death of anti-virus in favor of next-generation endpoint technologies, which rely on behavioral analytics to identify anomalous behavior. Even anti-virus giant Symantec, which owns the Norton anti-virus brand, notably last year proclaimed the technology dead and called for an evolution beyond signature technologies.
B: Breach
Breach is one of the worst-case outcomes when it comes to security, meaning that a hacker has successfully infiltrated a company's network and data has been taken (though unintentional data loss also technically can count as a breach). According to a study by Trustwave, the average time it takes for a company to discover it has been breached is more than 200 days.
In 2015 so far, there have been 184 known breaches, according to the Privacy Rights Clearinghouse. Notable breaches from the year included the Office of Personnel Management, Experian, Anthem, Premera, CareFirst, Planned Parenthood, and many more. There were 297 known breaches in 2014.
C: Cloud Access Security Broker
One of the hottest emerging areas in security is the cloud access security broker (CASB) space, which denotes vendors that act as the middle men between cloud providers and enterprises to enforce policies and implement security solutions. Examples of vendors in the space include Skyhigh Networks, Netskope, CloudLock and more. The market has been a hot space for acquisitions in recent months, with Blue Coat picking up Perspecsys and Elastica and Microsoft acquiring Adallom. The market is expected to reach $3.34 billion in 2015 and $7.51 billion by 2020, according to research firm MarketsandMarkets.
D: Distributed Denial Of Service (DDoS)
Distributed Denial of Service (DDoS) is a type of denial of service attack where an attacker floods a host, often a web server or network branch, with hundreds or thousands of IP addresses in order to kill its connection with the Internet. Tools such as firewalls, rate or traffic-limiting switches, intrusion-prevention systems and application layer analysis can help prevent against this type of attack. A recent large-scale example of this type of attack occurred on Nov. 1 and Dec. 1, where the Internet Domain Name System's root servers were hit by two intervals of a suspected DDoS incident.
E: Encryption
At its most basic level, encryption is the processes of converting a message or data into code so only intended receivers with the appropriate key can read it. The technology is used for messaging, email, data transfer, mobile phones, wireless systems, Bluetooth, ATMs and more. The controversy over the technology has seen a renewed debate in recent months, as government officials argue that the technology prevents effective law enforcement and national security protection and the tech industry maintains that the technology is key for security and privacy. The debate most recently came to a head in November after the Paris terrorist attacks, which had both elected officials and law enforcement clamoring about the dangers of encryption as a tool for terrorists, though it remains unclear if encryption technologies were used by those involved.
F: Funding (Lots Of It)
Funding has been flowing into the security industry from venture capital at an almost unfathomable rate. In recent months, security startups as a whole have seen billions of dollars poured into their businesses. Hindawi's Tanium landed $120 million this September, adding to the $52 million it raised just last March. Zscaler and Crowdstrike each landed $100 million. Palantir won $450 million (plus another $129 million in December). AlienVault, Checkmarx and Cylance each landed well over $40 million. The sheer amount of funding has caused some chatter about the idea of a security market bubble, though most experts agree that the dire need for security will stem a drastic market crash.
G: Grey Hat
In hackers, there are Grey Hats, White Hats and Black Hats. White Hats are the "good guys," focused on ethical hacking and penetration testing. On the other hand, Black Hats are the types of attackers that make the news, attacking victims for personal or financial gain. In between are the Grey Hats, who are generally ethical but might break the rules and exploit a vulnerability without permission for research or other reasons.
H: Heartbleed
In April 2014, researchers discovered a vulnerability in OpenSSL, commonly known as Heartbleed. The vulnerability, wild since 2012, allowed hackers to "bleed" a server of otherwise protected information by exploiting the open connection between a client and a server, called a "heartbeat signal." Vulnerable information included user names and passwords, email and instant message content, encryption keys, documents and more. The discovery prompted a rapid push to patch servers. A year out, a study by Venafi found that 99 percent of organizations had applied the necessary patches.
I: Insider Threat
According to the Verizon Data Breach Report, 20.6 percent of all attacks are due to insider misuse, with an additional 15.3 percent coming from device theft or loss. Within that, the report broke the insider misuse threat down to find that 55 percent of incidents were due to privilege abuse. Driving the threat is financial gain, which accounted for 40 percent of incidents, followed by convenience, the report found.
J: Crown 'Jewels'
As the security industry shifts away from an emphasis on perimeter-based technologies, data protection is taking a front row seat at the table. When implementing data protection technologies, such as encryption, a company needs to evaluate what its "crown jewels" are, or that data or information that would be business-critical if it were to fall in the wrong hands. Examples of that could include financial data and intellectual property. From there, an organization can prioritize what level of security will be implemented for different types of data.
K: Kaspersky Lab
Led by CEO Eugene Kaspersky, Kaspersky Lab is a security vendor focused primarily on endpoint security. The company has offerings for business around anti-virus, virtualization security, mobile security, DDoS protection, security intelligence and more. The company has more than 3,000 employees and more than $700 million in revenue.
L: Labor
If you ask a security solution provider or vendor what their biggest challenge is, many of them will say finding enough skilled talent to fill open positions, with some telling CRN that it is the worst fight for talent they have seen in 15 years. The numbers are there to back up that assertion. According to Frost & Sullivan's 2015 (ISC)2 Global Information Security Workforce Study, 62 percent of the study's nearly 14,000 respondents said they didn't have enough security talent, up from 56 percent in 2013. That gap will continue to grow, the study predicted, reaching 1.5 million unfilled positions in the next five years.
M: Managed Security Service Provider
There's a new breed of MSP on the block in recent years: the managed security service provider. MSSPs, as defined by Gartner, offer a managed service offering around security, including monitoring and management of security devices and systems through a Security Operations Center. Vendors are embracing the new model, with multiple security vendors launching or enhancing MSSP-specific partner programs this year.
N: Next-Generation Endpoint Security
Endpoint security has seen a resurgence in recent months, with an increasing focus being put on next-generation endpoint security, which uses behavioral analytics and heuristics for more advanced detection and remediation capabilities. Instead of relying on signatures like traditional anti-virus solutions, next-generation endpoint security vendors use analytics to identify anomalous behavior or activity, such as a spike in an unusual area or a user accessing a server or system that isn't part of their job description. Companies with solutions in this area include SentinelOne, Crowdstrike, Cylance, Cybereason and many more.
O: Optiv Security
2015 saw the birth of the biggest security-focused solution provider in Optiv Security. Formed by the merger of Accuvant and FishNet Security, the blockbuster move was first announced in November 2014 and closed in February of this year. In August, the company announced it had completed the merger internally into a single $1.5 billion behemoth. As a force of that size, Optiv is the leading partner of many security vendors and plays a critical role in shaping the future of the security market.
P: Phishing
Phishing isn't a new phenomenon, but according to the 2015 Verizon Data Breach Report it still remains a very effective method for hackers. According to the report, 23 percent of people open phishing emails and 11 percent will click on the attachments. Those statistics are up from years past, which averaged between 10 and 20 percent. As the problem remains, the report suggested that companies implement email filtering, implementing a security awareness program and improved detection and response capabilities to circumvent the human element.
Q: Quickly Growing
Security is one of the hottest, and most quickly growing markets in technology right now. Estimates vary, but a recent report by Research and Markets put the overall industry at a compound annual growth rate of 9.8 percent to $106.32 billion in 2015 and $170.21 billion by 2020.
R: Ransomware
Ransomware is a form of malware that, after infecting a device or network, prevents users from accessing their files (usually through encryption) before a ransom of some sort is paid. The most notable recent strain of ransomware was CryptoLocker, which now has encryption keys available for most of those infected (though, CryptoLocker 2.0 is making its emergence). At a recent IT Nation panel, executives said ransomware, while only accounting for about 5 percent of crimeware, is one of the most nefarious challenges facing businesses today.
S: Symantec
One of the biggest security vendors on the block, Symantec is a security heavyweight that is undergoing some major changes going into 2016. The company offers a full range of security solutions under its Unified Security platform, which includes the Unified Security Analytics platform, threat protection, information protection and cyber security services.
The company announced late last year that it would be splitting from its storage business Veritas, a move that is already operationally complete and is expected to be legally finalized at the beginning of next year. Going into next year, Symantec will be a security-only company for the first time since 2005 when it acquired Veritas, and will be looking to make some acquisitions, CEO Michael Brown said in an interview with CRN.
T: Total Addressable Market
The market for security is enormous. According to Gartner, worldwide spending on information security will hit $75.4 billion in 2015, a growth of 4.7 percent year over year. Driving that growth is a number of factors, including security initiatives from the federal government, legislation around security and high-profile data breaches.
U: User Education
The human element is a major factor in security. One way that companies can limit the effectiveness of phishing, prevent unintentional insider misuse and other similar attack methods is to promote end-user education. Whether that is through seminars, workshops, simulated phishing attacks or other methods, there are a lot of options for companies to promote more awareness of security within the organization.
V: Vulnerability
By definition, a vulnerability is a weakness in a system or software that, if exploited, could allow a hacker access. Some critical vulnerability findings this year included Android Stagefright, eDellRoot, Heartbleed, VENOM and SYNful Knock, which affected hundreds of Cisco routers.
W: Web App Attacks
Nearly two-thirds of all Web attacks are secondary attacks, using information gleaned from another attack, such as phishing, the 2015 Verizon Data Breach Report said. More than 50 percent of Web app attacks involved stolen credentials, with other top-ranking attack vectors including use of backdoor or C2, SQLI, RFI, abuse of functionality and brute force. The vast majority, upward of 75 percent, are opportunistic crimes, the report said, recommending that companies implement strong authentication to thwart attackers.
X: Ken Xie
Seeing the shortcomings of existing security technology, Ken Xie founded Fortinet in 2000. Now CEO and chairman of the board, Xie has helped the security vendor build out an extensive leading network security portfolio and led it through its 2009 IPO. The company, based in Sunnyvale, Calif., has now shipped more than 2.2 million units to date, has more than 255,000 customers and did $770 million in annual revenue in 2014. A long background in network security, Xie has started multiple security companies, including SIS and NetScreen (which was acquired by Juniper for $4 billion).
Y: Amit Yoran
Amit Yoran assumed the top role as president at EMC's security division RSA in October of 2014, after previously serving as senior vice president of products for the company. Prior to that, he founded and served as CEO of NetWitness (which was acquired by RSA), was founding director of the US-CERT program and co-founder and CEO of Riptech (which was acquired by Symantec).
Yoran has used his platform as president of RSA, which holds the annual RSA Conference, to speak about the dire future of security and urge for a mindset shift in the industry away from perimeter technologies toward a more comprehensive, solutions-based approach.
Z: Zero-Day
A zero-day refers to vulnerability that was previously unknown to the organization that hackers could (or already have) exploited. Zero-day vulnerabilities are difficult to discover, as they are by definition unknown and have to be sought out through methods such as source code auditing, reverse engineering and fuzz testing.