Security teams are investing in their defense strategies with technologies that leverage automation, machine learning and AI. But criminals are doing plenty of investing of their own in attack technologies while maturing the techniques they use to exploit vulnerabilities and gain access to sensitive information.
That's the takeaway of Cisco’s 2018 Annual Cybersecurity Report Highlights, which relies on the insight of 3600 chief information security officers (CISOs).
Criminals are using cloud services for anonymity and to evade detection through encryption, which they are using as a tool to conceal command-and-control activity, according to the research.
“They are using what we use to hide in the cloud,” said Franc Artes, an architect with Cisco’s security business group. “We can’t just blacklist all Amazon Web Services or Azure. Criminals know that and are leveraging that by paying attention to what we’re using.“
Encrypting internet traffic, a tool typically used by enterprises to mitigate risk, is now being used heavily by criminals to both distribute malware and avoid detection. Encrypted traffic was up 12 percent in 2017, according to the report, creating a challenge for defenders trying to identify and monitor potential threats. Cisco threat researchers said there was more than a threefold increase in encrypted network communication used by inspected malware samples over a one-year period.
Malware Gets Stealthier
More sophisticated malware also raised the stakes for defense in the last year.
“Malware is becoming more vicious,” the report intro states. “And it’s harder to combat. We now face everything from network-based ransomware worms to devastating wiper malware. At the same time, adversaries are getting more adept at creating malware that can evade traditional sandboxing.”
Network-based ransomware, like WannaCry and Nyetya, which were rapid-moving, self-propagating network-based attacks seen in 2017, will continue in 2018, according to the report predictions. The high percentage of DevOps servers left open is creating a huge ransomware risk, said Artes.
“They know we are still horrible about maintaining patch management,” he said. ”Our projection is future malware in this space will sit dormant on purpose for 12 months – the typical life cycle of stored tapes – and in that 13th month, if it executes, you will have no tapes to back up what is lost.”
Technology for the Front Line
What are CISOs investing in now for defense? The report forecast more spending on AI and machine learning capabilities, with 83 percent of respondents expecting to rely on automation to reduce the level of effort to secure the organization, and 74 percent on AI.
Security professionals also said they see value in behavioral analytics tools in locating malicious actors in their networks, with 92 percent noting behavior-analytics tools work well.
Security Knowledge Now a Must
One of the key takeaways of the report for partners is that security understanding is now crucial for client relationships, according to Steve Benvenuto, senior director of global security partner sales with CISCO’s global security sales organization.
“Security is definitely top-of-mind at most organizations, and at least some knowledge is needed going into those conversations," said Benvenuto. “Our customers are asking us to address certain outcomes — whether it’s around ransomware, or cloud, or email. We are really advising our partners in how we can help in these scenarios and it is a huge opportunity around services and architecture.”
Benvenuto said he also sees it as a chance for partners to engage in more conversations before the sale.
“It’s what customers are looking for,” he said. “They are looking to have a security conversation. We used to go in and have conversations about network or data centers or around a vertical. But there is level of security conversation required in all of those now.”
Who is Security Joan? We'll never tell, but all you really need to know is that she's a huge Steely Dan fan (as if the nom de plume didn't give it away). She's also a veteran infosec journalist who has covered the evolution of the cybersecurity industry, its shadowy criminal underworld, and the good people trying to stop them for more than a decade. Security Joan helps inform the Channel Futures cybersecurity coverage with her sizable expertise. Say hi on Twitter @Security_Joan or shoot her an email at [email protected].