Virtualization Technology News and Information
Splunk 2020 Predictions: Where 2020 Cloud Attacks Occur at Machine Speed, No More 'WTF is MITRE ATT&CK'

VMblog Predictions 2020 

Industry executives and experts share their predictions for 2020.  Read them in this 12th annual series exclusive.

By Haiyan Song, SVP and GM of Security Markets, and Monzy Merza, Head of Security Research, at Splunk

Where 2020 Cloud Attacks Occur at Machine Speed, No More 'WTF is MITRE ATT&CK'

2020 will be the year that ML algorithms are poisoned, the SOC's new encyclopedia is MITRE ATT&CK, and unprecedented machine-speed cloud attacks hit the on-prem world.

That's according to Haiyan Song, SVP and GM of Security Markets, and Monzy Merza, Head of Security Research, at Splunk. 

Among their other top predictions? The human element will remain a major threat vector.  Attackers will evolve from targeted email schemes to using new tools like deepfake technology to continue what has always been the easiest way to circumvent security: people.

Haiyan Song:

  1. The most advanced (and potentially devastating) cloud attacks will occur at machine speed in 2020. Cloud misconfiguration has been a path of least resistance for attackers. As better automation eliminates that problem, cybercriminals will have to identify a new ‘easy route'. Going forward, cybercriminals will exploit the emerging vectors brought to bear by cloud native technologies such as containers and Kubernetes, taking advantage of organizations' learning curves to launch new attacks at a scale and speed we have not seen in the on-prem world.
  2. Bad actors will focus on AI/ML as a new attack vector - sabotaging training data and disrupting decision-making. Expect to see attempts to poison the algorithm with specious data samples specifically designed to throw off the learning process of a machine learning algorithm. It's not just about duping smart technology, but making it so that the algorithm appears to work fine - while producing the wrong results.
  3. Deepfakes will uplevel the danger of social engineering. In 2020, we expect social engineering's role in cyberattacks to continue to rise, with the advancement of technologies like deepfake and its potential impact on the masses, and we'd be very surprised if a deepfake attack doesn't make the headlines in this election year. The bottom line is that when it comes to cybersecurity, the human element remains a major threat vector. 
Monzy Merza:
  1. MITRE ATT&CK will become the go-to framework and common vocabulary for every SOC. For organizations required to have the most aggressive stances on security, such as financial services and healthcare, ATT&CK is already the go-to framework. In 2020, it will become a basis of conversation for security operations center (SOC) teams in other industries, including retail and manufacturing, as they mature their security postures.


About the Author


Haiyan Song has been with Splunk since 2014 and currently serves as our Senior Vice President, Security Markets. From 2012 to 2014, Ms. Song served as Vice President and General Manager of HP ArcSight, a security and compliance management company previously acquired by Hewlett-Packard Company. From 2005 to 2012, she served as Vice President of Engineering at ArcSight. Ms. Song previously served as Vice President of Engineering at SenSage, an event data warehousing company, from 2004 to 2005. She started her career at IBM/Informix, a database software company. Ms. Song is one of the thought leaders of the cyber security industry in the US. She is named Top 50 most powerful women in Technology in 2016 and 2017. Ms. Song holds a M.S. from Florida Atlantic University and studied Computer Science in Tsinghua University in China.

Monzy Merza 

Monzy Merza serves as the head of security research at Splunk. With over 15 years of cybersecurity leadership in government and commercial organizations, Monzy is responsible for helping advise and implement strategic security programs for Splunk's cybersecurity customers, working hand-in-hand with executives across the Fortune 500 to develop modern security architectures. Monzy is also responsible for leading the Splunk Cyber Research team, which arms Splunk customers with actionable threat intelligence to combat advanced threats. A noted international speaker, Monzy frequently presents at government and industry events on topics such as nation state threat defense and machine learning. His current security research is focused on integrated approaches to human-driven and automated responses to targeted cyberattacks.
Published Tuesday, November 26, 2019 7:30 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2019>