Abstract:




[Financial Security Trends]

Gartner’s latest predictions for future security technologies and markets

Summary:

(1) By 2020, 0DAY exploits will account for less than 0.1% of attacks, excluding sensitive government targets;

(2) Penetration testing intelligence tools will increase from 0% in 2016 to 10% by 2020;

(3) By 2020, enterprises will have a major security incident caused by security, and cause significant losses;

(4) At present, IRM risk management, SIEM, IGA identity governance, EPP terminal protection, PAM access management market scale is large, but the compound annual growth rate is low; EDR, safety training, RASP, UEBA, although the market share is relatively small, but the growth will reach 48% (UEBA), 45% (EDR), 37% (CASB), 48% (safety training);

(5) Gartner predicts that rules-based detection modes (SIEM, IDS, keyword-based DLP, antivirus, etc.) will migrate to conduct based detection modes (such as UEBA, NTA network traffic analysis, DEA data theft analysis, ETA terminal threat detection);

(6) Investment opportunities according to Gartner are UEAB, RASP, security training, EDR and CASB;

Momentum releases Q3 Security industry investment and financing analysis report

Summary:

(1) Total M&A in Q3 was usd 2.5 billion, several significant financing included SAP acquisition of Gigya (USD 350 million), Digicert acquisition of Symantec network security business (USD 950 million), Symantec acquisition of Fireglass (USD 225 million) and Skycure (USD 200 million), Warburg Pincus buys eSentire ($150 million) and Core Security buys SecureAuth ($225 million)

(2) In Q3, the amount of investment coming to market also increased, reaching us $1.4 billion, for a total of 76 investment actions. The four deals over $50 million are: BlueteamGlobal ($125 million), ForgeRock ($88 million), Druva ($80 million) and DarkTrace ($75 million) 


(3) In Q3, the market tilt on the next generation MSSP and MDR increased. Gartner expects key security areas for 2017-2018 to include: cloud security, detection response, DevSecOps, and increasing compliance driven demand.

[Related security incidents]

WiFi network WPA2 KRACK vulnerability analysis report click to view the original article

Summary:Security researcher Mathy Vanhoef discovered the vulnerability of Key Reinstallation Attacks (KRA) in WPA2 protocol. By taking advantage of the design flaw in the standard encryption Key generation mechanism of WPA2 protocol, the third message packet can be tampered and replayed during the four-way handshake negotiation of encryption keys. Cause the key to be reinstalled in use. WiFi network negotiates the encryption key for subsequent data communication through WPA2 Handshake message. The third message exchanged is tampered and replayed, leading to man-in attack to reset replay counter and random value (nonce) and replayed to the client. An insecure encryption key is installed on the client.

Comment on:This vulnerability is named Key Reinstallation Attacks. In addition to data encryption keys in use, it also affects PeerKey, Group Key, Fast BSS switch, FT handshake, etc., resulting in insecure WiFi communication data encryption channels. There are risks of sniffing, tampering, and replay. Attackers can obtain data information in WiFi networks. Almost all devices that support Wi-Fi (Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, etc.) are exposed to security threats. For example, AES-CCMP can be played back and decrypted. TCP traffic may be hijacked and injected into malicious traffic. WPATKIP and GCMP can be played back, tampered with, and decrypted.

[Cloud Perspective]

Patent analysis of global artificial intelligence fieldClick to view the original article

Summary:The number of ai patents awarded by applicant country and by type of technology has more than quadrupled (from 708 in 2012 to 2,888 in 2016). In particular, the number of AI patents granted in the United States increased by 1,628 during the period, accounting for about 75 percent of the global increase.

In 2012, biometers and knowledge-based models were the biggest players in patented AI technology. However, the number of patents granted to specific mathematical models and other AI technologies increased rapidly from 2012 to 2016, doubling from 2015 to 2016. These two figures illustrate short-term trends in the granting of AI patents by country and by technology.

A large proportion of AI patents awarded to Chinese and Japanese universities are for technology based on model organisms. In terms of security, the use of ARTIFICIAL intelligence is really in its infancy.

How to protect important enterprise data from theft on the cloudClick to view the original article

Summary:

(1) Data types to be protected: e-commerce companies need to protect customers’ personal and financial information, all enterprises must protect employees’ information in accordance with HIPAA, and protect patients’ information in accordance with health care needs;

(2) Data storage and security functions: No matter where data is stored in public cloud, private cloud or hybrid cloud, where data is stored is very important. In addition, some security defense strategies for data storage are very important.

(3) Enable two-factor authentication: Most major CSPS provide multi-factor authentication systems. Many CSPS protect data at all levels, but users can access sensitive data directly after logging in with their accounts, which is also the purpose of Google’s advanced protection;

(4) Use third-party encryption measures: choose encrypted storage when storing data;

(5) Select the right tool: use cloud firewall, data encryption policy, VPN link encryption transmission, etc.;

(6) Control terminal devices: BYOD devices are also an important source of attacks, which need to be controlled for BYOD devices;