The Trends in IT Security, As You See It
A Word from the CEO: Making IT Security the Cornerstone of Growth. Retrospective of 2019, Based on Customer Feedback.
I wanted to share a few insights with all the CIOs, CISOs, and IT managers out there, reading our blog, regarding the main trends in IT security and what we’ve learned from them.
Many of you give us a lot of feedback, which we use in our product development, and we are really grateful for that since it also gives us a level of insight into concerns and thoughts that we think you all share in a number of areas of IT security. Let me share my observations with you about the areas that we at Heimdal address and hence receive feedback on. Maybe you will find them insightful as well or maybe not.
From a strategical/tactical perspective, what we found is that most are looking for the best balance between security and ease-of-use for the IT department. I do think though that there is one level above and beyond that, which is not only making IT work for the IT department and from a security perspective but also making sure you enable and empower the employees of the organization to fulfill their role.
The IT department will be capeless heroes in everyone’s eyes: employees and CEO alike. I will try to integrate that in the more operational feedback, we hear from our customers, as I walk through it below.
What we hear from all of you regarding the most important trends in IT security, can now further be grouped as follows.
Top 3 Key Trends in IT Security
#1. PAM or Admin Rights Management
Considering the users’ perspective on how to work with their day-to-day IT equipment is my reasoning for starting our learnings from 2019 with Admin Rights Management or Privileged Access Management (PAM). Not only is PAM one of the leading trends in IT security today, but, as technological advancement, it has the biggest potential to empower people across the entire organization.
Far too many users today, still have administrative rights on their desktop, posing a huge security risk for the company in exchange for greater work flexibility, of course. The problem is often, that the more the IT Department tightens security and the level of flexibility on the desktop, the more time they will have to support the users with installing or updating existing software – or, in some cases, they use third-party applications.
The alternative is, of course, to leave them with administrative rights, with a great security risk and no audit capability whatsoever. We have tried to mitigate precisely that risk in 2019, by launching Thor AdminPrivilege™, which allows users to elevate rights if the administrator allows them to. This is done while keeping the security in place, by allowing the Thor AdminPrivilege™ module to intelligently communicate with the Threat Prevention and Threat Remediation systems we offer so that the system is always aware of risks on the desktop. In this case, if the endpoint is exposed to risk, rights escalation is suspended or de-escalated immediately.
System admins waste 30% of their time manually managing user rights or installations.
which frees up huge chunks of sys-admin time.
- Automate the elevation of admin rights on request;
- Approve or reject escalations with one click;
- Provide a full audit trail into user behavior;
- Automatically de-escalate on infection;
We see this as a cornerstone, in ensuring the necessary working flexibility for the workforce going forward, but at the same time giving the IT department a high-level of security and a full user audit capability. This level of flexibility will give the IT department an unprecedented position to empower the organization without limiting security.
In other areas of the market we have also seen a number of interesting developments, let us take you through them.
#2. Threat Prevention
There is quite a lot going on in this area, as all CIOs, CISOs and IT managers strive to keep their environment safe.
In threat prevention, the concerns we see are split over a few areas.
Internet Traffic or Communication – First of all, there is the issue of making sure what employees’ access is safe and clean – but at the same time respecting their privacy. Now with the rise of DoH (DNS over HTTPS) especially with operating system support from Microsoft, the privacy is less of a concern, but security will be more so because intercepting DNS packages will be increasingly difficult.
We know this area is very challenging to address and, from my perspective, the balance between employee and customer privacy is very clear. As long as the employee of your company is using company equipment, you have to conduct regular data leak prevention drills for the customers of your company. And if your employee is not using company equipment, they should not be accessing your network in the first place.
Specifically, for this reason, Heimdal has also focused not only to make the Darklayer GUARD™ engine ready for DNS over HTTPS in Chrome, Firefox, and other browsers but also to be prepared for filtering DNS over HTTPS, when Microsoft releases its operating system support for DNS over HTTPS.
We think it is imperative that the IT manager has top management’s endorsement to invest in IT security that can filter requests which could put the company’s customers’ data at risk – and anything malicious could result in data loss, so you have to take a preventive approach. And since DNS requests have so far been sent in plaintext and the employee is using company property for his/her requests, we fully support the idea of being able to filter DNS over HTTPS as well, through our Forseti™ and Thor Foresight lineup.
Antivirus is no longer enough to keep an organization’s systems secure.
Thor Foresight Enterprise
before they reach your system.
- Machine learning powered scans for all incoming online traffic;
- Stops data breaches before sensitive info can be exposed to the outside;
- Automatic patches for your software and apps with no interruptions;
- Protection against data leakage, APTs, ransomware and exploits;
Other areas of the threat prevention space (i.e. Patch Management) has also seen some big movements over the past year. The feedback we have received from customers in order to do the automated spin-up of machines and automated patch management, both for 3rd party and OS patching, was a historical cornerstone, namely that it was impossible. To put it bluntly, it couldn’t be done. We have always challenged that mindset, by showing that it can be done, but as a positive step, we now see from more and more customers, that the mindset has changed. People are in fact looking for ways to automate and work smarter with their 3rd party, OS patch management, and software deployment.
Bearing in mind that a lot of the major hacks such as Equifax, Uber, Target, and many more all came from unpatched software, this is naturally the easiest way of enhancing your security. However, as it often happens in that area, things didn’t get done because the task was too boring. It took too long and hence Patch Management did not retain the necessary focus of the IT department. Who can blame them?
But precisely these trends in the patch management space are the key reasons why we continued to develop our X-Ploit Resilience module – support smarter, more automated patching of both 3rd party and O, as well as 3rd party deployments. We offer support for custom applications as well.
#3. Threat Mitigation
Moving out of the Threat prevention space and into Threat Mitigation (Threat Removal and Detection), we did not see any major shifts in the IT security trends of 2019. Most customers now fully recognize the fading value of antivirus products and look towards other alternatives for protection, such as enhanced mail solutions, DNS protection, Admin rights management, or more advanced antivirus solutions – EDR (Endpoint Detection and Response) and EPP. We also did notice a strong shift towards Microsoft’s APT offering.
There was one attacker trend in the Threat Mitigation space, that does warrant a clear highlight because you typically don’t notice until it is too late. In the Firewall space, Bruteforce Ransomware attacks, have grown rapidly since the first warning signs, were posted by us in late 2017, based on Middle East customer data. In late 2019, these attacks have also found their way to mainland Europe and the US, hitting some very big businesses. For that reason, we have just last month released our Firewall module for the Thor Vigilance lineup, which supports Bruteforce detection and mitigation for both endpoints and servers.
Wrapping it up
This is it from our side. What trends in IT security are you most interested in? Get in touch through the comment field below, or just sign up for a free session of security consultancy by sending an email to firstname.lastname@example.org. Have a secure New Year, everyone!