When things attack: Mirai and the Dyn DDoS attack reveal a disturbing future

The October 21 attacks that knocked some of the internet's most-recognized brands offline in the largest recorded distributed denial of service to date reveal how little the world has taken seriously the threat of poorly secured consumer IoT. Will we be ready for what may come next?

The 451 Take

These attacks have only just begun to illustrate the level of exposure the world faces from what so far appears to be largely SMB products made for the Internet of Things. Indeed, this narrow focus says much about the potential scale of risk beyond the cameras and DVRs largely targeted in this case. While virtually everyone weighing in on the discussion agrees that something must be done to head off an even worse scenario, what remedies make the most sense? There are needs at virtually every level of IoT architecture, from the software and functionality built into devices to the networks and platforms that interconnect IoT's many moving parts. The recent attacks illustrate how easily poorly secured IoT can be made a platform for attacking the fundamental underpinnings of the internet that keep the entire digital world functioning. So far, most of the discussion around IoT security has revolved around protecting IoT itself, with considerable investment already having gone into securing industrial IoT, particularly in sectors where safety is a primary concern. The threat that vulnerable IoT poses in and to the larger world has been seriously underserved. The range of solutions proposed – from adopting the analog of building codes for software and hardware to sweeping regulation, and the inevitable arm wrestling each presents – makes it clear that resolving these vulnerabilities will not be easy. What concerns us most is that, as so often happens with security, it will take an incident of serious proportions to bring any real progress to a head. It would be wise for the industry to do what it can to address this before governments take a stab at it.

Read the full analysis by 451 Research analysts here.
2955 Hits

Meet the New Additions to our 100+ Analyst Team!

451 Research is proud to announce 7 key additions to its growing analyst team since the beginning of the year. The longtime philosophy at 451 Research has been to continually reinvest in our business, and 2016 has been no exception. In the first quarter of 2016, we have made a number of significant hires to improve our research, our data, and our management expertise. Below is a list of our recent hires and an overview of their interests and capabilities:
Continue reading
4781 Hits

Critical Security and Compliance Considerations for Hybrid Cloud Deployments

Critical Security and Compliance Considerations for Hybrid Cloud Deployments
For IT organizations struggling with demands to improve operational agility, lower operating costs and drive accelerated service delivery the answer more and more is hybrid cloud. Of course, the answer to what is hybrid cloud in the context of a specific organization varies widely. Generally, however, most organizations understand it to mean a mix of private, public and managed cloud.

And while what is best fit for hybrid cloud architectures would again vary, in a recent 451 Research survey of enterprise IT and information security vendors, close to three-quarters of the respondents have already embarked on a hybrid cloud journey – embracing a mix of private, public and managed clouds.
Inevitably, all organizations on the hybrid cloud adoption spectrum must wrestle with making the most of hybrid cloud architecture while still meeting security policies and compliance mandates for the protection and management of sensitive or proprietary data. These are not insignificant challenges. The two biggest problems are how to maintain control and visibility into security practices across distributed infrastructure, and how can organizations manage risk in an environment where technologies built for static infrastructure only cover partial ground.
Continue reading
6981 Hits

Threat intelligence: only for the 1%?

Analyst: Scott Crawford

Threat intelligence has become a booming area of information security, and with good reason. Attackers have the luxury of exploiting whichever weaknesses in a target best serve their intent. Defenders, on the other hand, must make the most of limited resources to defend all the most vulnerable aspects of critical information assets. Understanding the nature of current threats and adversary intent is essential to knowing how and where to place the most effective bets on defense.

But this insight comes at a price. Organizations must invest in researching the threat landscape, identifying adversaries and techniques, and communicating this wisdom to intelligence consumers. The value – and thus the cost – of this insight increases with the level of effort and expertise required to gather, analyze and provide this information.

Read the full report!
3419 Hits

451 Research and Vormetric shed light on the current state of data security [infographic]

451 Research and Vormetric shed light on the current state of data security [infographic]
Over the past few years we have been exposed to an ongoing and seemingly endless string of data breaches. Hardly a week goes by without news of another damaging data breach incident - according to the Privacy Rights Clearinghouse, the number of records breached in 2015 is already more than twice that of 2014 – despite the fact that collectively, we are spending billions each year on various forms of cyber security and venture capitalists are spending princely sums on startups touting the latest and greatest new security offerings.

Part of the problem is that the attack surface is growing. Public cloud services, big-data applications and the emerging ‘Internet of Things’ (IoT) have each added considerably to the resources to which data is distrusted and need to be protected. They have also collectively expanded the ‘data supply chain’ and contributed to an exponential increase in the number of external parties with some level of access to our networks and sensitive data, which in the case of large global firms can easily number in the tens of thousands.
Continue reading
3049 Hits