2014 Predictions: Firewall

Matt Keil


Category: Firewall, Predictions

PAN_PredictionsCyberSecurityLogo-01

One of the many principles our CEO Mark McLaughlin brought to the company, that I fully embrace, is the rule of three, which encourages you to focus and prioritize. Top 10 lists are great for late night talk shows, but realistically, a list that long becomes somewhat dilutive. With that in mind, let’s delve into what I think will be three of the more interesting firewall and next-generation network security topics for 2014.

1. The NSA revelations will catalyze a dramatic uptick in the use of SSL/encryption.

This is a tricky subject. Encryption, when used to protect networks and digital assets, is a good thing, and we fully endorse its use. Encryption, when used to bypass security or steal data, is a bad thing. Now that we know more about just how closely our government is watching us, I suspect we’ll see a spike in SSL/encryption use.

Something that there is no debate on is that attackers are using SSL – what’s commonly known as the universal firewall bypass — to hide their actions. We need only look at this year’s APT1 revelations and the Aurora attack from several years ago to confirm this. Our most recent Application Usage and Threat Report shows that about 25 percent of the 1,395 applications found on enterprise networks are capable of using SSL. We expect that to number to increase, making the challenge of how SSL is being used that much more difficult to determine.

2. We will exert more control over remote access tools.

The revelations of how commonly remote access tools such as RDP, SSH and TeamViewer are used to attack your network will force us to exert greater control over these tools.

Make no mistake, these applications provide support and development teams with powerful tools to simplify their jobs. But we know from past Verizon Data Breach reports that they are used so commonly by attackers that there are scripts readily available to find their use on your network for purposes of exploitation. The recent APT1 revelations that RDP was used in the ongoing attack further solidified this finding.

We also know that employees use these tools to mask what they’re doing on the corporate network as a means of protecting privacy. Browser plugins such as Remote Desktop and uProxy for Google Chrome will make these tools more accessible and only increase the challenge of controlling their use on the corporate network. User privacy is critically important, but users also need to understand that these applications can jeopardize the core of the business. The challenge will be how organizations can best implement controls without limiting productivity. A tough challenge but one I am hopeful that we can make progress on this coming year.

3. Cyberlockers and cloud-based filesharing will continue to grow, despite the risks.

We’ve been watching browser-based filesharing applications since 2008, when we identified a pool of roughly 10 variants in this group. As of this year, we’re tracking more than 100 variants, and according to our research an average of 13 of these applications are found on networks we analyze.

In many cases, there is no business use case for this many variants. Hotfile, for example, was found on 30 percent of the 3,000+ networks we analyzed and it was just fined $80 million for copyright violations. Is this an application that belongs on your network?

I firmly believe there is business value for some of these applications (we use them here at Palo Alto Networks), but they do present business and security risks if they’re used too casually. The risks will continue to escalate as the vendors try to broaden their appeal to users and differentiate themselves by adding premium, always-on, always-synched features.

Thanks for reading.

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Don’t forget to read our other 2014 predictions

Isabelle Dumont on cybersecurity trends 

Wade Williamson on APTs and the threat landscape

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS