Security Experts:

New Year's Resolutions for the Security Minded

As I watched 2015 come to a close I began to develop, like many others, a list of resolutions for the new year. In 2015, the security community made its share of missteps but it’s been encouraging to see us come together, learn from our mistakes and continue to push ahead.

With that in mind, here are five resolutions that we can all relate to, and reflect on as we kick off 2016.

Resolution 1: Lose some weight (seriously, I mean it this time)

2016 will finally be the year that we start reducing our security footprint—not by loosening security, but through consolidation. The first priority will be slimming down firewalls by consolidating our distributed defenses onto core networking devices to make security easier to manage, control and troubleshoot.

Resolution 2: Read more

Not books, although those are good too, but in 2016, we’re going to inspect more outbound SSL traffic. Last summer, hackers obtained the finger prints and social security numbers of more than 22 million people in the Office of Personnel Management breach. The hack went undetected for so long because there was no protocol for inspecting the outbound encrypted traffic that contained the stolen data. Today’s security tools typically monitor incoming traffic for malware, but the zero-trust/SSL everywhere model leaves a blind spot for inspecting outbound flow. The need to ‘break and inspect’ outbound traffic will be crucial in securing the network in the year ahead.

Resolution 3: Make new friends

We’ve already seen the beginnings of this resolution, but in 2016 there will be an uptrend of traditional security vendors partnering with networking companies and cloud providers. In the age of hybrid data centers and mobile workplace environments, enterprises can no longer depend on traditional network firewalls to keep their data safe and vendors with areas of expertise will need to bridge the gap to create a more comprehensive security solution. The perimeter is disappearing and vendors are teaming up to secure enterprise networks at the application level.

Resolution 4: Try new things

The next wave of cyber attacks have evolved and attackers are moving to a more targeted approach – with some attackers even coding to bypass specific security firms’ capabilities. This results in malware mutating at a rate that is difficult for both the enterprise and security firms to keep up with. In 2016, we’ll look for new vectors to help enterprise partners keep up with fast-moving, constantly evolving threats, making behavioral analytics a new priority to ensure your data and apps are doing what they’re meant to do.

Resolution 5: Stave off Skynet’s looming Judgment Day for another year by securing the IoT

As more devices and applications join the IoT ecosystem, the likelihood of vulnerabilities facing data centers increases exponentially. In 2016, the industry focus will shift from concerns over IoT devices being turned into a bot army, to a conversation about keeping IoT traffic secured, and out of sensitive areas. Security teams will start establishing baselines for web application security to measure against it and monitoring systems, which will also help ensure the bot army doesn’t become self-aware just yet.

view counter
David Holmes is an evangelist for F5 Networks' security solutions, with an emphasis on distributed denial of service attacks, cryptography and firewall technology. He has spoken at conferences such as RSA, InfoSec and Gartner Data Center. Holmes has authored white papers on security topics from the modern DDoS threat spectrum to new paradigms of firewall management. Since joining F5 in 2001, Holmes has helped design system and core security features of F5's Traffic Management Operating System (TMOS). Prior to joining F5, Holmes served as Vice President of Engineering at Dvorak Development. With more than 20 years of experience in security and product engineering, Holmes has contributed to security-related open source software projects such as OpenSSL. Follow David Holmes on twitter @Dholmesf5.