Virtualization Technology News and Information
Wallarm 2019 Predictions: The Evolution of Cyber Defenses, Attacks and Vulnerabilities

Industry executives and experts share their predictions for 2019.  Read them in this 11th annual series exclusive.

Contributed by Ivan Novikov, CEO of Wallarm

The Evolution of Cyber Defenses, Attacks and Vulnerabilities

Reflecting back on 2018, we saw a string of major breaches occur that affected billions of consumers and cost major corporations financial and reputational harm. We also saw the topic of data privacy take center stage across government and business organizations, in part, resulting from the enforcement of GDPR in Europe and the development of similar legislation in the US. Additionally, the rise of promising technology such as AI and blockchain continued to impact developments in the cybersecurity industry. In 2019, we can expect to see the evolution of cyber defenses, attack methods and new vulnerabilities for hackers to exploit. Here are a few thoughts on what I expect to see in 2019 and beyond:

Envoy Proxy will result in increased security issues driven by misconfigurations

Envoy recently graduated from the Cloud Native Computing Foundation, making it the third project to do so. Envoy Proxy is a good project and its growing popularity is well deserved. It is pretty robust from a security perspective because of its good architecture, C++ implementation and lack of legacy code base. At the same time, it is a new project and DevOps folks are much less familiar with it than, for example, NGINX. As a result, we are likely to see a higher number of security issues driven by misunderstanding or misconfiguration, such as misconfigurations making the platform vulnerable to sophisticated SSRF exploitations.

Fuzzing will become mainstream from the attack and defense perspectives

The term ‘fuzzing', which means trying various inputs for applications to try to cause an exception there, first entered the security fray back in 1988. 2019 will be something of a milestone in its maturity. As it turns 21, fuzzing as both a defensive measure as well as an attack method, will become much more mainstream. Fuzzing will be used to automatically generate hundreds of security tests to deliver tangible agility and security benefits across the three primary areas of concern for CISOs without requiring developers to become overnight security experts:

  • Vulnerability detection - dynamically and constantly assess threats, bugs, and configuration errors to mitigate threats and ensure regulatory compliance
  • Digital transformation - inform protocols and close any open holes caused by errors resulting from changing configurations during cloud migration
  • Continuous operations - continuous testing to identify anomalies and other unexpected behaviors at the application layer to mitigate against undiscovered threats

AI will continue to be refined and implemented by both organizations and criminals

High-profile breaches this past year have thrust the application layer under the security spotlight - as applications become increasingly sophisticated their development also opens up increased vulnerabilities. While DevOps is racing to keep up with accelerated application development, it is becoming increasingly impossible to keep up with, much less anticipate, threats manually. Machine learning and AI will continue to be used to mitigate vulnerabilities much more efficiently and with more accurate results.

Serialization based attacks and vulnerabilities in application frameworks will grow

While incredibly efficient, serialization will also serve as an open door for would-be hackers when not properly and continuously monitored. Whether embedding malicious code within a serialized object or exploiting unsafe code already on the server, what can be a help in most cases can deliver paralyzing hurdles in other circumstances. Other than refusing serialized objects from untrusted sources, CISOs will employ integrity controls such as digital signatures and invest in proactive monitoring and recording of deserialization exceptions, failures and connection to ensure that no malicious code comes in, and those pre-existing vulnerabilities are not exploited.

API gateways and frameworks misconfiguration issues will arise

As a result of new sophisticated development platforms and frameworks that have simplified coding, the threshold to become a developer has become much more attainable. While simplified on the outside, the modern frameworks and platforms remain complex on the inside, essentially making them time bombs. In other words, as developers start to use these frameworks without a deep technical understanding of how they work, organizations can expect to see issues resulting from misconfigurations.

Use of automation to compensate for the shortage of cybersecurity pros

The robots are coming! Headlines emphasize that AI and automation are coming for our jobs yet, while the global AI security market is projected to reach $34.8 billion by 2025, this is to compensate for a lack of IT security professionals rather than stealing roles that already exist. The fact is that AI is better suited to tasks such as intrusion detection, risk and vulnerability assessment, and continuous testing. As threats and hacking techniques continue to proliferate, it will become impossible to keep pace without AI and machine learning. The AI security market is in a state of flux at the moment, and we're seeing a slew of significant investments and market consolidation. We think this will increase competition and fuel innovation - all of which means AI will become better and quicker at identifying and mitigating against risks than lower to mid-level security analysts. This can be an opportunity for those currently configuring tools to move instead to monitoring or quality control positions.


About the Author

Ivan Novikov 

Ivan Novikov is CEO and co-founder of AI powered application security company Wallarm. He's a white-hat hacker that specializes in testing methods to improve the security of information systems. Ivan has won several bug bounty awards from companies including Google, Facebook, Nokia, Honeywell and others, and frequently speaks at security events including Black Hat, Hack in the Box, SINET Innovation Summit, AI Summit and others. He is known for being an inventor of memcached injection and for his work in Server Side Request Forgery (SSRF).

Published Friday, January 25, 2019 7:43 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2019>