Post Thu Feb 12, 2009 7:47 am

SANS 2009 Security Predictions ... ctions.php

Just two samples, visit the link for some VERY interesting predictions =)

Eric Cole, Secure Anchor, offers two security predictions for 2009,

    * Less reliance on patching This is a tricky one because I am not saying organizations should not patch. Patching is critical and still must be done. However, with the window shrinking between when a vulnerability is public and when the exploit is released, organizations will have to deploy other measures to help minimize their impact to exposure. This is further emphasized by seeing more out of cycle critical patches released by vendors, showing that organizations are going to have to do more with desktop lockdown. Hardening a client system by not allowing administrator access and removing all unnecessary components are important. Two results of organizations being less reliant on patching for their primary protection are more deployments of HIPS (host based intrusion prevention) and think clients increasing in popularity. Thin clients could also take the form of virtual machines where you load a new image every time you start the computer.

    * More focus on data, less on the perimeter The perimeter is critical and must be maintained to have a proper level of security; however, the focus needs to be on understanding, mitigating and reducing the risk to critical data. Therefore, organizations will put more energy and time against data focused protection. The DLP (data loss prevention) space will have to be redefined since much of the current technology goes after low hanging fruit and companies will demand solutions that truly protect critical information.

Paul Asadoorian of PaulDotCom's 2009-2010 predictions. Paul is weighing in with 3:

    * Other threats will become as easily exploitable as remote exploits. We've all seen how people scramble and make noise when Microsoft releases a patch for a new remote exploit (ala MS08-067). We will start to see attackers using other most subtle measures, such as web applications and mobile device attacks, in the same manner. Except, at least in the beginning, there will be no scramble and noise.

    * Wireless networks will continue to source attacks. So many organizations have done a good job implementing "secure" wireless networks. However, there are always other threats that will continue, such as guest networks, handheld devices, client-side wireless software, that will open doors for attackers. These attacks are targeted and subtle now, look for a "knock your socks off" wireless attack in 2009 to really help put the risks in perspective.

    * Someone will unplug the Internet - We've danced around it for quite some time and have seen some examples ( went away briefly in 2008), but time has come for major meltdown. This will most likely be a targeted attack as we move closer to cyberwarfare tactics really hurting. With the economy in the US already weak, enemies will be looking to take their shots and cyberwarefare will be one of them. Economic targets or even natural resources will be at risk. Thats the fun about predictions, you don't have to be right and you can think big. [Stephen Northcutt] Well that is certainly thinking big. For myself, I think there is enough redundancy that you cannot take down the Internet. I guess the closest thing we have to study is the Akamai attack.