Cyber Security Landscape

By Jayant Shukla

Reported incidents of high-profile cyber attacks are increasing and computer security is once again in the spotlight. Today the theft of credit card numbers as well as identity theft by cyber criminals seeking financial gains has become commonplace. On the world stage Cyber Warfare has become reality. Increased activities by state actors as demonstrated by the devastating Suxnet cyber-attack that destroyed Iranian centrifuges, is now frequently revealed. The GAUSS malware, believed to be related to the Stuxnet, is even more worrisome because security companies were not able to analyze the files and we have no idea about its purpose.

It is very clear that the sophistication of cyber attacks is increasing, but there is progress being made in improving the defense against them. Security measures taken by Microsoft, Apple, and Google, have made it difficult for the lower wrung cyber-criminals to inflict the damage that we observed in the early days of the spyware epidemic. Innovative network-based solutions are capable of detecting cyber attacks faster and before they reach their target.

Further, law enforcement agencies, in conjunction with payment processing companies, regularly go after cyber criminals across the globe and shut them down.
While the progress is laudable, does it imply we will have a handle on the cyber security problems? The answer, unfortunately, is a "no". Even with the aforementioned progress, the status of securing networks, computers, and mobile devices against cyber attacks remains a mixed bag. We indeed have better security against run-of-the-mill malware, but at the same time we are increasingly vulnerable to targeted attacks because they break the signature- and heuristics-based defenses. The perspective of the attackers is very simple. Their motivation is mostly financial gains and their chosen path is to exploit the imperfectness of security solutions deployed by their target. Because no security product will catch 100 percent of malware or cyber-attacks, the attacker has to simply tweak their attack until it can bypass the security measures of their target, e.g. the Stuxnet. Another approach is to develop new methods for evading detection and an example of that is the GAUSS malware.

Unknown vulnerabilities in applications remain our Achilles heel. While bug bounty programs are good, they barely scratch the surface of the problem. Most state actors have significant databases of vulnerabilities and a thriving black market for these vulnerabilities and exploit tools exits.

As cloud-based services become more widely adopted, we will see more attacks directed towards them. Virtualization has transformed the computing world and it helps in recovery from cyber attacks, but it does not provide any help in defending against them. Targeted and customized cyber attacks will remain a top unsolved problem and the evolution of their tactics will guide the development of next generation of security solutions.

However, that approach will provide only limited success, and unless fundamental improvements are made in identifying cyber-attacks and malware, we will continue to remain extremely vulnerable to attacks. At the same time, the security product offerings will become more complex and the cost of network security will continue to go up.

The market dynamics for security startups are also changing which will impact successful development of the next-generation security technologies. Companies like Fortinet and Palo Alto networks have had great IPOs, Sourcefire was acquired by Cisco for a record price, and several high profile IPOs, like Fireeye and Barracuda, are in the works. Noticeably, the average time to IPO for these companies is over eight years. The long time-frame for maturity reflects the increasing difficulty in developing innovative technology, proving a business model, and gaining significant traction. This trend will continue and the bar for newcomers will be higher. That will result into a lot more mergers and acquisitions of security startups.

The field of cyber security is more dynamic and exciting today than ever before, but it is also more challenging. There will be spectacular cyber attacks and there will be great innovations for defeating them. Cyber security must fare better than Achilles.

Based in Monrovia, CA , Trlokom is a Computer & Network Security company specializing in endpoint security and provide solutions that protect enterprise networks from external and internal threats.