1

IT Security Trends in 2012

SonicWALL visionaries identify the most significant drivers of IT security strategy for the year ahead. By Boris Yanovsky, VP of Engineering, SonicWALL Daniel Ayoub, CISSP, Product Management, SonicWALL

CONTENTS

Mobile Device Management 2

Smart Phones as Computers 2

Application White Lists 3

Hands-Off IT 3

Cyber Warfare 3

Mobile Security 4

Data Protection 4

Security Consolidation

The Cloud Becomes Commoditized

Virtualized Security

About SonicWALL

4

5

5

6

2

Abstract: The three main categories of the data network environment effecting IT security are all

undergoing major change simultaneously. In the year ahead, these changes will manifest themselves as

security challenges. These trends fall into three categories: client devices (the consumerization of IT); the

external threat environment (the institutionalization of threat development); and the hosting environment

(virtualization). Any one of these dynamics should shade the thinking of IT strategists inside companies and

other organizations. Taken together, they may spur major re-evaluations of current practices.

Thought leaders at SonicWALL have taken a high-level assessment of this evolving landscape and identified

the top trends to factor into IT strategy development. The key trends he identified are:

1. Mobile Device Management

Laptops, tablets, and smartphones—in aggregate—are now preferred over desktop computers by users accessing company networks. These new endpoints are necessarily more personal devices, and are increasingly being specified and even purchased by the users. This practice—known as BYOD (Bring Your Own Device)—will accelerate, with some companies even granting allowances for the purpose. This approach to user provisioning will require IT strategists and administrators re-examine how such devices are managed on the network. Companies will need to adjust their Acceptable Use Policies (AUPs) and acquire the technologies to enforce those policies. Device manufacturers will enable and support some of these policy changes. Mobile Device Management (MDM) will begin to move from large-scale centralized deployment of special purpose solutions—external to the devices—to features integrated into the devices themselves. MDM controls who can connect to the network. To support this, Network Access Control (NAC) will make a comeback as the hub of MDM, coordinating with the endpoint controls to perform compliance checks on configurations and applications relative to the AUP. For wireless access, there will be a greater reliance on 802.1X protocols in conjunction with device authentication and user authorization to help manage permissions for network and file access.

Figure 1. 802.1X-enabled Mobile Device Management

2. Smartphones Recognized as Computers

Smartphones are quickly being recognized as handheld computers. The implications of this are far-reaching.

The entire network now has to be provisioned in consideration of these new OSs and the applications

running on them.

3

As addressed in the previous section, Network Access Controls will become the hook between IT-managed

environments and user-managed devices. Specific to smartphones, this will require companies to conduct a

greater variety of End Point Interrogation to confirm: client protection measures (like anti-virus software) are

updated and running; no patches are missing; and the devices are not housing or running banned

applications.

3. Application White Lists

Pools of ―white list‖ applications—App Store and Android Market—will continue to grow, and become more

trustworthy. These vendors are best positioned to vet the myriad applications being developed for their

equipment and assure that the applications, at a minimum, house no malware. This will also assure the

required degree of integrity for the applications to avoid network and application conflicts.

With application certification essentially outsourced, companies may begin to require agent software be

installed corresponding to their MDM solution, allowing companies to monitor compliance without regard to

individual devices. As a result, new security solutions for iOS and Android platforms will emerge, yielding

more comprehensive and better integrated security to address all the capabilities of these devices.

As a company’s virtual perimeter extends to mobile endpoints, increasing capabilities to extend enterprise

management and policy enforcement to mobile endpoints will become part of the feature set of enterprise IT

security management platforms. In fact, some solutions will be supplied by service providers (carriers) as

part of network service.

4. Hands-Off IT

Driven by the BYOD trend, IT will become more hands-off in supporting mobile devices. This is already

taking place at some companies, but it will start to be adopted as corporate policy on a broader scale.

The case for this trend is based in companies realizing that when users purchase their own equipment, they

frequently kick in some of their own money to buy higher-end gear. Since this equipment is even more

―theirs,‖ they tend to better care for it. This includes handling many service issues on their own. This, in turn,

minimizes help desk calls into the company. In many cases, users purchase extended service contracts with

the equipment and handle support that way. In any case, the result will be fewer demands on IT’s time,

freeing IT to address more strategic and larger scale issues.

5. Cyber Warfare

The threat landscape will gain greater attention and become more treacherous in the year ahead. This is

because of a fundamental change in who is developing malware and why. The black-hat community has

essentially split. On one hand, there are the ―kiddie-scripters‖ who play at hacking and malware with varying

degrees of sophistication. On the other hand, national governments and transnational criminal organizations

have ―institutionalized‖ threat development and deployment, motivated by political and financial agendas.

These are deliberate and systematic attacks. They are well-funded, employ technically sophisticated

developers, and their operations are ongoing. In response, the countermeasures arrayed against these

threats have become comparably institutionalized.

Much of this cyber warfare is taking place unbeknownst to the public with rare exceptions, such as Stuxnet

which received broad visibility in the mainstream media. Civil infrastructure is already being targeted by

probes and attacks, as are some embedded systems. 2012 will be the year when a high-profile event brings

these activities into general awareness.

Companies will continue to be targeted for customer account information and industrial secrets. But the

success of the attackers will be more visible, as their assaults are more widely felt and produce more

dramatic results that directly impact the general population.

4

6. Mobile Security

As noted earlier, smartphones are—for practical purposes—handheld computers. In the year ahead, this will

present new security challenges already familiar in the conventional computing environment.

More viruses, Trojans, and other types of malware will be authored specifically for smartphone

dissemination. In some cases, the mobile devices will be targeted as a means for malware to be introduced

into data networks generally with the ultimate intent of infecting and compromising computing systems of all

types. Such threats will exploit some unique characteristics of smartphone platforms: small physical form

factors, and the social nature of smartphone use.

The small screens and one-app-at-a-time nature of smartphone interaction can obscure suspicious system

behaviors. Users rarely, if ever, are mindful of the security applications installed on their handsets, much

less whether those applications are running and effectively doing their job. The new generation of malware

developers is aware of these shortcomings and will exploit them, leveraging smartphones as another

platform for cyber attacks.

At the same time, smartphones are uniquely personal devices that are used for all kinds of social

interactions. This makes them an ideal vehicle for social engineering tactics and distribution of malware.

Over the course of 2012, we are likely to see the first confirmed botnet of mobile devices distributing mobile

spam and other, more active, threats across mobile networks.

7. New Energy Behind Data Protection

The amplified threat environment and expanding channels of attack will spur a new focus on data protection

practices. Regulatory compliance will gain increased importance. Concerned communities like corporate

governance and financial services (Sarbanes-Oxley), healthcare (HIPAA), education (CIPA and FERPA),

and commerce (PCI) will intensify their scrutiny. Audits will likely increase. As is the case already, many of

these audits will be conducted by third parties.

With this, we expect to see an increase in the outsourcing of internal compliance audits and remediation of

any shortfalls. This will be driven by two factors: the increasing complexity of both the network and threat

environments, and the willingness of the third-parties to assume the liabilities associated with non-

compliance. Given that audits specific to regulatory compliance are adjacent—not central—to sound security

practices, it will be an easy decision for organizations to take to outsource this function (if the cost-benefit

analysis makes sense in their particular case).

8. Security Consolidation

2012 will be the year when the paradigms of virtualization and cloud deployments come to IT security. The

old concept of a network having a core or center (usually the data assets) does not exactly apply in a cloud

deployment. With the proliferation of endpoints and the effective removal of a physical network perimeter,

security architectures are scrambling to provide the necessary protections and permissions.

The solution is security consolidation. While this might seem counterintuitive, the advantages are obvious

and practical. Smarter, faster security appliances can be networked into integrated, self-aware systems. The

robust feature sets in these appliances represent a single platform for all the security operations of intrusion

detection and prevention, anti-malware, content filtering and so on. They can also execute the endpoint

interrogation and controls discussed earlier. The sum of this functionality will be a security paradigm ideally

suited for cloud deployments and the oversight of traffic from a range of endpoints conducting remote,

virtualized sessions.

This approach provides the layered security usually associated with having multiple devices, one patching

the holes of the other. As old firewalls or content filters or anti-spam appliances age out, they will be

replaced by the new integrated security appliances. This will be the starting point for the new provisioning

roadmap to full consolidation.

5

9. The Cloud Becomes Commoditized

―Cloud computing‖ and ―cloud storage‖ are quickly moving beyond being important new concepts to being

familiar, conventional ones. Even as companies re-examine their network operations in light of these

concepts, IT executives and managers are recognizing that these concepts are not unlike the

mainframe/terminal or client/server concepts of the past, with some important new capabilities enabled by

smarter, faster technologies and the ubiquity of Internet connectivity. The upshot of this realization will be

the commoditization of cloud deployments.

While ―cloud‖ has served as shorthand for all sorts of implied benefits, the evaluation of the real benefits in

each instance will be scrutinized closely. The differences between public and private clouds will become

more appreciated and their suitability for particular initiatives will be better understood. Deeper

understanding of the advantages and drawbacks of cloud storage and computing will inform decisions about

migration and new deployments. Enthusiasm for all things ―cloud‖ will scale back from the way to do things

now… to a way to do things when it makes practical and financial sense.

10. Virtualized Security

Finally, we believe 2012 will be the year that virtualization and security consolidation converge in virtual

security appliances. These will be packages of security functionality—decoupled from special-purpose

appliances—hosted alongside all the other applications on enterprise servers. Servers will host hypervisors

to address the security needs of cloud storage and computing and of application virtualization. But this

approach is not specific to cloud architectures. So it will soon be applied to network architectures of all kinds.

And this will undoubtedly set the stage for important new trends in the years to come.

Figure 2. Virtualized security

6

About SonicWALL

SonicWALL®, Inc. provides intelligent network security and data protection solutions that enable customers and partners - around the world – to dynamically secure, control, and scale their global networks. Built upon a shared network of millions of global touch points, SonicWALL Dynamic Security begins by leveraging the SonicWALL Global Response Intelligent Defense (GRID) Network and the SonicWALL Threat Center that provide continuous communication, feedback, and analysis regarding the nature and changing behavior of threats worldwide. SonicWALL Research Labs continuously processes this information, proactively delivering defenses and dynamic updates that defeat the latest threats. Leveraging its patented Reassembly-Free Deep Packet Inspection™ technology in combination with a high speed, multi-core parallel hardware architecture, SonicWALL enables simultaneous, multi-threat scanning and analysis at wire speed and provides the technical framework that allows the entire solution to scale for deployment in high bandwidth networks. Solutions are available for the SMB through the Enterprise, and are deployed in large campus environments, distributed enterprise settings, government, retail point-of-sale and healthcare segments, as well as through service providers.

©2012 SonicWALL, Inc. is a registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice.