Malware, ransomware, compromised credentials, hacked IoT devices...security threats are on the rise worldwide, and there are no signs of this trend slowing down anytime soon. This trend provided countless topics to discuss during the recent RSA Conference in San Francisco. A complete recap of the conversations that captured my attention could fill a month's worth of blogs, at the very least, so here are the few that resonated the most:
Internet of Things (IoT) Security is the New Frontier IoT is a hot topic in any context, but recent incidents like the DDOS attack via connected devices that Dyn experienced in October of last year and the Mirai botnet, malware that can be used to stage network-wide attacks, have moved IoT to the top of things that keep security teams up at night. There was no shortage of conversations about how to keep connected devices from becoming tools that inflict harm on humans and systems.
Machine Learning and Artificial Intelligence This subject is fascinating from many different perspectives. It seems like every product category is looking for ways to add intelligence to their offerings, some with more credibility than others. The security industry isn't the only one focusing on it, but the implications for security are significant. Machine learning gives us the opportunity to move much faster than the speed of humans.
Global Regulations Government entities worldwide are responding to rising security and privacy threats with more stringent regulations. Rulings such as the General Data Protection Regulation (GDPR) and Privacy Shield were the subject of many discussions during RSA. Any business that has a European citizen in its database may be impacted by the regulations. Plus, many other countries are looking to laws like GDPR to shape their own recommended best practices.
Deception Technologies The security industry's development and use of deception technologies is growing more sophisticated. Deception technologies use decoys to derail an attacker's efforts to reach and exploit targets. While the concept of honeypots is an old one, a number of new products have hit the market over the last few years and are taking this field up a notch.
Identity and Access Management at the Center All of these trends have identity at the center of them. Whether it's the unique identity of a Thing, applying behavior analytics to individuals' activities, giving people the right to be forgotten or using deception to ferret out who is a bad actor, identity sits in the middle of it all. Identity defined security shifts the focus from only protecting the data center perimeter to the removal of network-based trust, and ensuring that the right people (and only the right people) can access the right things.
To learn more about the critical role that identity and access management plays in security, see the 2017 TAG Cyber Security Annual Report managing and controlling access to the identity of a thing or a person enables security in a growing range of use cases and scenarios, from IoT and regulatory compliance to intelligent threat detection.