Information security innovation and research

Sin-Yaw Wang is the Vice President of Engineering at WatchGuard Technologies. In this interview he talks about the the main challenges for delivering innovative information security technologies as well as long-term investments in security R&D.

We live in complex times. Not only are new technologies penetrating large enterprises before proper safeguards are put in place, but the threat landscape is evolving rapidly following the adoption. What are the main challenges for delivering innovative information security technologies that can evolve with the market, instead of being created as a reaction to an existing threat?
The industry will continue to be a cat-and-mouse game for the foreseeable future and there will always be dangerous new threats. IT departments should absolutely:

  • be looking at solutions that can evolve and react quickly to these new threats. Hackers are consistently looking for a new approach and so should you. For example, the challenge with signature-based solutions is that hackers can bypass the solution to evolve and obfuscate their malware using techniques like packing and crypting. Dynamic malware analysis, also known as sandboxing, is used to test programs and executable files without sacrificing the security of the device. As sandboxing has become a central piece of every major security solution, so has the presence of evasive code in malicious software to combat these new solutions. Sandboxes need to use emulation techniques that can detect any attempted evasions. The point is, no one can predict when or how a new threat will arrive so choosing a solution with the most flexible architecture is prudent, as it allows you to evolve your defenses without breaking the bank.
  • be sympathetic to the workload and stress of the IT department. People’s attention span is a precious commodity; and a security solution is only as effective as your personnel’s attention. How quickly can the person identify the threat among the sea of logs and reports, and deploy a solution? When in doubt, choose the vendor that makes your IT department’s job easier.

What advice would you give to those that need to evaluate long-term investments in security R&D? How can a vendor properly innovate while operating in an industry defined by agile risk?
First, ride on the shoulders of giants; don’t compete with them. Companies such as Intel and Freescale (now part of NXP) invest billions to make their processors fast and cheap. Leveraging the industry ecology can lower a product’s cost. Invest in software and take advantage of the general-purpose hardware.

Second, more websites are using HTTPS to encrypt and secure all traffic. Applications and sites like Facebook, Google and Wells Fargo default to using HTTPS. Hackers are taking notice and have realized the potential to hide advanced malware in it. Gartner believes that, in 2017, more than half of the network attacks targeting enterprises will use encrypted traffic to bypass controls, up from less than five percent today. Security solutions need to be prepared to decrypt and inspect traffic without making any noticeable impact on browsing experience.

Also, don’t over-optimize. One thing about networking is that line-speed caps the total throughput in and out of the system. There is no need to do it faster than that. Instead, allocate the resources for deeper inspection. But, make sure you don’t go down a rathole that takes your eye off the larger R&D picture.

Finally, don’t forget to focus on ease of deployment. 90 percent of the security breaches today are from flawed configuration. That’s human error. If it’s not easy to setup, it invites vulnerability.

What IT security areas do you expect to get the most innovation in the next 5 years? What can we do in order to try to be a step ahead of the cyber criminals?
Two trends are undeniably under-served: personal mobile devices in the workplace (BYOMD) and the blurring of the network perimeter. People don’t want to surrender their smartphone or tablet, even if their IT department has a policy restricting them. Those devices are vulnerabilities and compromise security. As an example, Android devices are more prone to malware because of their “openness,” jail broken or rooted phones are a security liability because they are “unlocked” and open up root access to potentially malicious applications. We expect to see a lot more security innovation around the integration of mobile devices into the corporate network.

In addition, the new wireless technology will, for the first time in history, become fast enough for people to “cut the cord” and go 100 percent wireless. Today, wireless users already compromise the network perimeter, but soon they will dissolve it completely. The ramping up of wireless access points brings the increase of security risks because it is getting faster, it is free(er) and it is everywhere.

Finally, I don’t see SDN (software defined networking) coming out of data centers anytime soon and therefore it will not really play a major role in the network security realm. There are entrenched players that need the traditional “hardware defined” network to bring in revenue. They will make sure the SDN evolution is slow.