This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
Tim Liu, Chief Technology Officer, Hillstone Networks
Hillstone Networks has identified four areas where security is set to be of paramount importance in the coming year:
In enterprise security investments, more emphasis has been put on post-breach detection and incident response for this past year. We will see this trend continue in 2017. Technologies in the area of breach detection, data leak protection, remediation, etc., are focusing on the full cyber kill chain rather than an isolated attack stage. This is turning the traditional perimeter defense into a defense-in-depth architecture. This is especially important in today's IT infrastructure dealing with blurred network boundaries and increased mobility, leading to the rise of breaches going undetected. In Asia Pacific for instance, organisations take 520 days before breaches are discovered - 374 days higher than the global median of 146 days. In the same vein, existing technologies are also maturing. For example, behavior analysis and sandbox technologies are becoming more mainstream and integrated with existing solutions.
Another continuation of trends from the past year is data-centric security. Since data loss is one of the most serious consequences of security breaches, and data security is high on the list for regulatory compliance, enterprises will continue to put more investment in this area to secure critical data through its lifetime.
Security for IoT
IoT security moved from talking point to reality in 2016 and we will see more of it in 2017. Already, Frost & Sullivan predicts that ASEAN IoT market is expected to grow from US$1.68 billion in 2015 to US$7.53 billion by 2020. The recent DDoS attack on Dyn involves a botnet that included a large number of IoT devices such as webcams, routers and streaming media devices. These devices are perfect bots for several reasons:
- First, many of these devices are designed for consumers, and ease-of-use is the top priority and in many cases, little or no security is implemented.
- Secondly, users of these devices are more diverse and many are not sophisticated in information security.
- Last but not least, once compromised, the breach is hard to detect because of the limited user interaction (so called screen-less devices). As the quantities and variety of IoT devices will drastically increase and surpass computers and mobile phones, we will see growing impact from these devices in security incidents. We will also see more ways for hackers to turn the unique capabilities of these devices for their financial gain.
Sign up for CIO Asia eNewsletters.