Virtualization Technology News and Information
Netwrix 2016 Predictions: 7 Predictions for Virtual Environment Security

Virtualization and Cloud executives share their predictions for 2016.  Read them in this 8th Annual series exclusive.

Contributed by Michael Fimin, CEO and co-founder, Netwrix Corporation

7 Predictions for Virtual Environment Security

Data breaches have evolved from being purely IT risks to becoming a threat to the high-level business goals, which makes security a major concern for the majority of companies. In no part of the infrastructure is this more true than in today's virtual machines. While it's unlikely that we will see completely new threats in 2016, a deeper attention into the detection of suspicious activities and quicker response to security incidents are the only ways to minimize the ongoing impact of cyber threats.

As more and more organizations realize that security is an investment priority, increasing efforts to protect virtual assets will remain at the top of the list. To help companies identify where their security investments should be focused, Netwrix Corporation, a provider of IT auditing software that delivers complete visibility into IT infrastructure changes and data access, points to the following IT security trends and predictions for 2016:

1.    Virtual machine host firmware is at risk of hidden attacks. Leveraging firmware vulnerabilities will become an easy way to gain secret access to the entire physical machine with a virtual environment deployed. The number of firmware attacks is considerably low right now, but it has all the reasons to develop into a full threat that organizations will have to address.

2.    Attack surface will continue to grow. Interest in SaaS applications, BYOD, the cloud, IoT devices, wearables and self-driving cars make it hard to reduce all possible vulnerabilities. Hackers will continue to take advantage of insecure systems and devices, targeting with techniques that are more sophisticated.  This will shift the focus from incident prevention to incident detection and attack response, which will encourage the development of new technologies to automate basic remediation and free up resources for mitigating security risks.

3.    Personal data harvesting will gain traction. Criminals, hacktivists and state-backed hackers will continue to take advantage of personal data to craft sophisticated targeted phishing attacks, or even blackmail owners to gain access to critical systems and data. High demand for personal data and its growing value on the black market, along with advanced big data analytics, will allow hackers to more quickly collect and analyze large volumes of personal records from social media, healthcare, finance and government institutions.

4.    Protection against insider threats will become a priority. The growing number of data breaches caused by human errors and malicious insiders, high costs and lack of mature and reliable mechanisms to prevent insider misuse, will force IT security professionals to focus on gaining visibility into what users are doing across the network. This will encourage the development of solutions to track user activity and raise alerts about unusual behavior.

5.    Account hijacking paves the way to the network. Acquisition of credentials becomes a more attractive way to gain direct access to a wide range of devices, data, services and applications. The ability to bypass all security mechanisms and act without arousing suspicion will stimulate adversaries to develop new methods of account theft, while companies will look for solutions for improved visibility into user activity, behavior analytics and multifactor authentication.

6.    Cyber arms race will impact more people. Nation-states will continue investing in cyberwarfare to craft sophisticated targeted attacks against other governments, military networks, international businesses, critical infrastructure, and more. Cyberattacks on the highest level will continue and there will be more notable large-scale cases. The race will lead to two major consequences that will eventually affect everybody: availability of advanced tools and malware for criminals and collection of unprecedented volumes of personal data.

7.    Demand for outsourced services will grow. As major cloud providers invest considerable effort into improving the quality of their services and deploying advanced security systems, they will see a growing demand for their services from companies that do not have the resources to ensure the same security level for business critical assets and look for ways to achieve the goals with lower investments.

Security will remain one of the most high priority topics in the coming year. Specifically, enhanced visibility into cloud and virtual environments, advanced protection of privileged accounts, and protection from the human factor, possibly the worst pain point of any company, will rise to the top of the IT conversation. As these issues affect internal workflows, enterprise organizations will be forced to look for additional security mechanisms to help eliminate the threats and risks that may impact business productivity or continuity.


About the Author

Michael Fimin is an accomplished expert in information security, CEO and co-founder of Netwrix Corporation, the IT auditing company, providing software that maximizes visibility of IT infrastructure changes and data access.


Published Friday, December 11, 2015 6:30 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2015>