Information Security in 2009

On the eve of 2009, as we work out our plans for ringing in the New Year, I stopped to think about what information security will bring us in 2009. As threats become much more dynamic, sophisticated, and targeted, I couldn’t help but come up with a few predications that I feel we’ll see more of next year. This list is not based on any confirmed sources or exploits, but rather my personal research and experiences in 2008.

1. Mobile security: Smartphones such as the iPhone, Blackberry, G1, and others are becoming more widely used and accepted in enterprise environments. With new capabilities to interface with backend Microsoft Exchange servers, corporate databases, and even banking websites, smartphones are accessing and storing tons of sensitive data. Therefore, security concerns will be addressed and controls will be implemented to manage these devices.
 
2. Virtualization security: Many enterprises are moving towards virtual solutions. Virtualization allows more efficient and easier management of servers. The ability to remotely create a server, place it on a network segment, then upgrade the memory and hard drive space with a few clicks is remarkable. However, I foresee much more emphasis on securing server clusters. Security boundaries must be protected and protected from other systems crossing security domains.

3. New Botnet Damage: Botnets are becoming much more widespread. Some researchers are estimating that some botnet herders own millions of systems across the globe. This provides herders with extensive capability. Not only can they attempt multiple DDoS attacks, but owning this many systems allows them to control their own online Army.  I foresee more focus on host-based IDS/IPS solutions to control botnets.

4. More MAC malware: I recently spoke of new malware targeting MAC. We’ve seen or heard of many vulnerabilities in Windows throughout the years, mostly due to the fact that they have a much higher market share in personal computers. As Apple starts to get more attention and as enterprises start purchasing MACs, more focus will be on creating exploits for Apple computers.

5. Whitelisting: There’s always been a focus on blocking bad IP addresses, programs, and processes with blacklists. The problem here is the zero-day threat that is unknown and implicitly allowed. More focus will be on defining what’s good and explicating allowing only those IPs, programs, and processes. This will implicitly block all other instances and better protect systems.

These are just five predications that I thought of today for 2009. I’m sure we’ll see much more from a wide-range of domains, and my hope is that we can effectively keep the new can of worms at bay.

Happy New Year!

Marcos