You’ve probably read your fill of security prophets (many employed by security vendors) prognosticating about all the scary/wonderful security stuff that will happen in 2015. Rather than go down that too-traveled route, I’ve decided to take a different angle and discuss 8 buzzed-about vendor-wished-for phenomena that will not occur in the coming year, and will confuse your security posture..
- The demise of the network perimeter has been predicted (and advocated) since at least 2001, and that argument is gaining new momentum considering the rise of BYOD, Internet of Things, SDN, etc, However, in 2015 the network perimeter will not disappear. Is the perimeter more dynamic today than ever ? Yes. Is it more complicated than a static set of centralized ingress/egress points? Absolutely. However, the perimeter, even as it constantly morphs, is real, and it’s important to protect. If we don’t keep that in mind as a design principle, and decide instead to open the network barn door wide and protect each endpoint, application, and data asset individually, we are relying upon our ability to configure policy flawlessly across scores of assets. While we must indeed secure each valuable enterprise asset, we must also keep safeguards at the door to turn away bad actors before they can attempt to compromise those valuable assets.
- SDN security will not be deployed by many enterprises, because not many will have deployed SDN by year-end 2015. In 2015, Security leaders must work with their networking counterparts to understand (and influence) network design as SDN principles get introduced, and should build a security controls roadmap to ensure that these more agile networks can be protected.
- Virtual firewalls will not comprise >5% of new purchase revenue in the network firewall market. Same as it ever was.
- IPS functionality will not commoditize or disappear. Yes, I get it, standalone IPS revenue is declining. Gartner agrees. However, IPS is a crucial factor in an increasing number of next-generation firewall evaluations, and is more present across customer networks than ever. Certain advanced threat prevention vendors attempt to minimize the importance of IPS in order to gain access to IPS budgets; customers who believe them, and cease to use context-enriched network IPS controls, do so at great risk.
- There will be no “Enterprise UTM”. The enterprise firewall and unified threat management (UTM) markets are different and not just two terms for the same technology. SMB customers often choose UTM because they get a wide variety of security point products in one platform, reducing capital costs and management complexity. Enterprise customers ARE increasingly deploying next-generation firewalls, which often comprise firewall, IPS, and user and application control. Some also deploy URL filtering and cloud-based sandboxing; however, even with all of these features deployed, NGFWs offer a small subset of what UTM “all-in-one” boxes offer. NGFWs offer more scalable security controls, and provide finer-grained L7 filtering capabilities.
- Network security vendors will not successfully sell joint network/endpoint security solutions. Different buying centers, different requirements, different cultures regarding security and risk. Some exceptions exist in a small fraction of enterprises where a breach has occurred or where incident response is a well-developed function and the CISO has the power to influence disparate buying centers.
- “Security by deception” will not become a common requirement. So many organizations struggle to fulfill basic foundational “let the good guys in” and “keep the bad guys out” duties; messing with security science-project esoterica (which might momentarily distract determined attackers) will fall by the wayside in 2015.
WILLwon’t be the “Year of PKI”. 1997 called and wants its prediction back.
Happy (and secure) New Year!