- Published: 05 December 2011
- Written by NStinchcombe
Rise in Big Data and Application DDoS Attacks Among Key Concerns
Imperva (NYSE: IMPV), a pioneer and leader of a new category of data security solutions for high-value business data in the data center, today announced its predictions for the top cyber security trends for 2012. The analysis, compiled by Imperva’s Application Defense Center (ADC), is designed to help companies shield themselves from the threat of hackers and insiders. “Hacking, by nature, is a discipline that relies on innovation,” explained Imperva CTO Amichai Shulman. “Knowing future, potential threats helps security teams fight against the bad guys.”
• A detailed white paper is available here.
• Imperva will host a webinar with CTO Amichai Shulman and registration is available here.
Imperva predicts that the top nine cyber security trends for 2012 are:
Trend #9: SSL gets hit in the crossfire - Currently, attackers are exploiting vulnerabilities in the various implementations of the SSL protocol. Furthermore, we are seeing a rise in attacks which target the worldwide infrastructure that supports SSL. We expect these attacks to reach a tipping point in 2012 which, in turn, will invoke a serious discussion about real alternatives for secure web communications.
Trend #8: HTML 5 goes live - Over the last few years, vulnerabilities in browsers' add-ons (third party components such as adobe's Flash Player or Oracle's Java) were the significant cause of "zero-day" exploits. We predict that in 2012 hackers will shift their focus to exploiting vulnerabilities in the browsers themselves in order to install malware. The reason is due to recently added browser functionality – mainly driven by the adoption of HTML 5 standard. The HTML 5 standard was created to enable browsers to support a richer end user experience in a standardized way. While the new features are attractive to web developers, they are also very beneficial for hackers.
Trend #7: DDoS moves up the stack - Distributed Denial of Service (DDoS) attacks are gaining popularity and were part of high profile hacking campaigns in 2011, such as the Anonymous attacks. We predict that in 2012 attackers will increase the sophistication and effectiveness of DDoS attacks by shifting from network level attacks to application level attacks, and even business logic level attacks. Indications for this trend are already emerging. For example, the #RefRef tool, introduced in September 2011, exploits SQL injection vulnerabilities used to perform DoS attacks.
Trend #6: Internal collaboration meets its evil twin - Internal collaboration suites (such as Microsoft Sharepoint and Jive) are being deployed in “evil twin” mode, i.e., these suites are used externally. As a result, we believe organizations will look for tools to protect and control access to such platforms.
Trend #5: NoSQL = No Security? - The IT world is quickly embracing NoSQL under the buzzword Big Data. These huge data stores are the next big step in analyzing the massive amounts of data that is being collected in order to identify trends. We predict that the inadequate security mechanisms of these systems will inhibit enterprises from fully integrating these systems as third party components within the enterprise.
Trend #4: The kimono comes off of consumerized IT - After being caught off guard by the consumerization of IT, professionals are trying to regain control of corporate data. We believe that they are doing it the wrong way. Instead of trying to control data at the source, IT organizations try to regulate the usage of end-user devices and de-cloud data access. We expect organizations to spend a lot of time, money and effort on these techniques and technologies next year, with very poor results.
Trend #3: Anti-social media - As many more organizations are making their way into the social media space, we expect to see a growing impact to the integrity and confidentiality of the enterprise’s information. Moreover, we expect hackers will continue to automate social media attacks, exacerbating the problem.
Trend #2: The Rise of the middle man - With the increased supply and demand for compromised machines, as well as for sensitive corporate information, we predict the rise of the cyber broker. This individual matches the buyers of stolen data or compromised machines (aka “bots”) with the sellers of the data (or bot renters). In the same way stocks and investors gave rise to stock markets, hackers need a middleman.
Trend #1: Security trumps compliance – In the past, security decisions were usually driven by compliance. However, in 2012 we expect to see security decisions driven by security. The past influx of laws and regulations, which drove the budget and security solutions such as PCI or SOX, were used to feed the security budget. With the cost of a breach rising, industrialized hacking impacting many organizations and the need to protect of intellectual property, we expect to see more companies making cyber security decisions based on security.
About Imperva
Imperva is a pioneer and leader of a new category of data security solutions for high-value business data in the data center. With more than 1,500 end-user customers and thousands of organizations protected through cloud-based deployments, Imperva's customers include leading enterprises, government organizations, and managed service providers who rely on Imperva to prevent sensitive data theft from hackers and insiders. The award-winning Imperva SecureSphere identifies and secures high-value data across file systems, web applications and databases. For more information, visit www.imperva.com, follow us on Twitter or visit our blog.
Forward Looking Statements
This news release contains forward-looking statements, including without limitation those regarding Imperva’s predictions regarding top cyber security trends for 2012. These forward-looking statements are subject to material risks and uncertainties that may cause actual results to differ substantially from expectations. You should consider important risk factors, which include: the risk that our products are not adopted at levels that we anticipate; the risk that our products are not perceived as providing a solution against cyber security attacks; and other risks detailed under the caption “Risk Factors” in Imperva’s filings on the SEC’s website at www.sec.gov. We undertake no obligation to update any of the forward-looking statements contained herein after the date of this release, whether as a result of new information, future events or otherwise.
© 2011 Imperva, Inc. All rights reserved. Imperva and the Imperva logo are trademarks of Imperva, Inc.