ExtraHop, the leader in cloud-native network detection and response, announced its top predictions for the cybersecurity and technology industries in 2020. Informed by insight from customers, partners and industry analysts and insiders, ExtraHop leaders predict a year of tool consolidation, headline-grabbing breaches and a shifting industry focus on what makes a successful tech start-up.

The Year of Deeper Scrutiny for Fast-Growth Companies: “2019 was a tough year for heavily hyped, fast-growth companies going public in Silicon Valley. Several companies that raised huge rounds ultimately failed to deliver expected results or even approach profitability after they went public, and Wall Street was not amused. In 2020, we expect the investment community to more deeply scrutinise companies' financials and business fundamentals, ultimately leading to the support of companies who deliver on their promises, are capital-efficient with sound vision and innovation, and have truly sustainable business results and models to back them up.” - Arif Kareem, CEO

File hashing has been the default mechanism for detecting malicious threat activity"

Antiquated Threat Detection Methods like File Hashing and Signature-Based IDS Waste Time: “Since the 1990s, file hashing has been the default mechanism for detecting malicious threat activity, despite the fact that it's ineffective against modern attacks that use polymorphic or fileless methods to go undetected. The same goes for signature-based IDS, which are extremely noisy while providing very little actual alert context. Security teams will continue to rely on these antiquated methods of detection because they are expected to, regardless of how well they work in today's threat landscape.” - Jesse Rothstein, CTO and co-founder

Accountability for the Ethical Use of Users’ Data: “Recent headlines tell of giant data corporations like Google and Facebook monetising users' data and lacking sufficient transparency in these activities. There’s already been significant social backlash, but in 2020 we predict that users will demand companies not just follow the often-dated laws, but that they also do what’s right. Regulations like GDPR and CCPA are helping to bring more clarity around what’s appropriate, but 2020 will be the year that the industry is held accountable for the ethical, in addition to regulatory-compliant, use of personal data.” - Raja Mukerji, CCO and co-founder

A Slowing Economy Will Force Tool Consolidation: “In security programs, it's been very difficult to turn tools off. What gaps will I create? What unintended consequences will I see? As the economy has rolled along over the last decade, most security programs have had the necessary funding to add new tools and retain legacy tools under the guise of risk management. Economic slowdown is likely to change all of that, as investments in new technology will require cost savings elsewhere. A tighter economy will finally cause us to pull the plug on legacy security tools.” - Bill Ruckelshaus, CFO

A tighter economy will finally cause us to pull the plug on legacy security tools""Observability" Will Gain Ground as Both a Concept and a Vocabulary Term in Security and DevOps: “Observability is a term that several companies are using to describe the practice of capturing metrics, logs and wire telemetry, or sometimes other data sources, mostly in the DevOps space. The value of correlating insights from these data sources has gained enough ground that vendors need a word for it.

Observability, The SOC Visibility Triad, and other terms have been spotted in marketing materials and on big screens and main stages at security and analytics conferences. In 2020, we'll see heated competition to control the vocabulary and mental models that enterprises and vendors use to discuss and market security best practices regarding gathering multiple data sources and correlating insights between them.”- John Matthews, CIO

A Major Information Leak from a Cloud Provider is Coming: “In 2020, we are likely to see a major information leak from a cloud provider. While at the same time the cloud providers are providing many useful built-in tools, it's not clear that they are using their own tools to secure themselves. As a further prediction, the leak will not effectively diminish migration to the cloud. As we have noticed with other breaches, they do not significantly erode confidence in the services.” - Jeff Costlow, CISO

2020 may well be the year that a breach of a vendor’s environment exposes the data of one or more of their customers"

The Wave Begins Towards Security Tool Consolidation: “Organisations will take a strong look at the number of security vendors within their ecosystem in 2020 to determine overlap and begin a move towards consolidation of tools. The winners will include those that have proven their API superiority and ability to work together within an organisation’s ecosystem. The losers will be those who have not proven their ability to strengthen core security.” - Chris Lehman, SVP of Worldwide Sales

A Vendor Will Be Responsible for a Major Breach of Data Due to Phoning Home: “In 2019, ExtraHop issued a security advisory about the vendor practice of phoning data home and how this is happening without the knowledge of customers. The problem with this practice is that it expands the attack surface via which that data can be breached, exposing it to threats within the vendor’s environment. 2020 may well be the year that a breach of a vendor’s environment exposes the data of one or more of their customers. Regulations like GDPR have imagined exactly this type of scenario and laid out specific requirements for data controllers and data processors. But when such a breach occurs, it will have broad impact and implications.” - Matt Cauthorn, VP Security

The Big IoT Breach is Coming: “In 2017, major ransomware attacks crippled the networks, and operations, of major global organisations. While those attacks did billions in damage, for the most part, IoT devices were left unscathed. But sooner or later, and probably sooner, the big IoT breach is coming, and it could have global implications. Whether it happens in the US or abroad, in healthcare, shipping and logistics, or manufacturing, IoT devices around the globe are fertile hunting grounds for attackers. Taking down every connected device, from telemetry sensors to infusion pumps to mobile points-of-sale, could easily grind operations to a halt.” - Mike Campfield, VP of Global Security Programs

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

In case you missed it

What are the security challenges of protecting utilities?
What are the security challenges of protecting utilities?

Utilities are an important element of critical infrastructure and, as such, must be protected to ensure that the daily lives of millions of people continue without disruption. Protecting utilities presents a unique range of challenges, whether one considers the electrical grid or telecommunications networks, the local water supply or oil and gas lines. Security technologies contribute to protecting these diverse components, but it’s not an easy job. We asked this week’s Expert Panel Roundtable: What are the security challenges of protecting utilities?

Q&A: how the ‘secret service of Hollywood’ protects celebrities
Q&A: how the ‘secret service of Hollywood’ protects celebrities

At a major music festival, a fan in the crowd aggressively leapt over a barricade to approach a famous artist. Personnel from Force Protection Agency immediately implemented extrication protocol to shield the artist from physical harm, quickly reversed course and calmly led the client away from the threat. Force Protection Agency (FPA) personnel intentionally did not engage the threatening fan in any way, as local venue security personnel were present and tasked with apprehending the rogue fan. FPA’s efforts were directed expressly toward the protection of the client, avoiding unnecessary escalation or complications and minimising physical, visual, and legal exposure. Dedicated to the safety of clients Force Protection Agency is a unique, elite-level agency inspired by a vision for excellence and innovation Specialising in protecting celebrities and high-net-worth individuals, Force Protection Agency is a unique, elite-level agency inspired by a vision for excellence and innovation, and dedicated to the safety and success of clients. The agency was formed in 2017 by Russell Stuart, a California State Guard officer and security and entertainment industry veteran. The agency is the culmination of 20 years of experience in the fields of security, military, emergency management, logistics and technology, media and entertainment, and celebrity management. We interviewed Russell Stuart, Founder and CEO of Force Protection Agency (FPA), which has been called “the Secret Service of Hollywood,” for his insights into providing security for celebrities. Q: What unique need in the marketplace do you seek to serve, and how are you qualified to serve it? Stuart: The needs of celebrity and high-net-worth clients are complex and constantly changing. When dealing with a high-profile individual, discretion is paramount, extensive communication is required, and adaptation is ongoing. A critical objective is anticipating and planning for all types of potential negative scenarios and preventing them from even starting, all while not disrupting the normal course of operation of the client's day or their business. Force Protection Agency is poised to serve these needs by innovating and intelligently managing the planning, procedures, and personnel used in every facet of protecting the client’s interests and achieving their objectives. Q: What is the typical level of "professionalism" among bodyguards and security professionals that protect celebrities? Why does professionalism matter, and how do you differentiate yourself on this point? Stuart: Professionalism is an overall way of approaching everything to do with the business, from recruiting, to training, to making sure the right agent is with the right client. Nothing matters more; polish and precision are not only critical to mission success, but also support the comprehensive best interest of the client while preventing costly collateral damage and additional negative consequences. True “professional protective services" is intelligent strength and proper execution, not emotional or reactionary violence. Unfortunately, the latter is frequent among many celebrity bodyguards, and often incurs extremely expensive and even dangerous repercussions. Q: Your company has been described as "the Secret Service of Hollywood." How true is that comparison, and how does your work differ from (e.g.) protecting the President? Force Protection Agency prides itself on providing its services with discretion, precision, and poise Stuart: Totally true, and for this reason: the keys to success in protection are prioritization, and planning. Most people fail to even recognise the first, negating any level of effort given to the second. Establishing the true needs and the correct priority of objectives for each individual client and situation, and firmly committing to these without deviation, are what distinguishes both government secret services and Force Protection Agency from the vast majority of general security firms. Also, the term “secret service” implies an inconspicuous yet professional approach, and Force Protection Agency prides itself on providing its services with discretion, precision, and poise. Q: What is the biggest challenge of protecting celebrities? Stuart: The very nature of celebrity is visibility and access, which always increases risk. The challenge of protecting a high-profile individual is facilitating that accessibility in a strategic and controlled manner while mitigating risk factors. A client’s personal desires and preferences can often conflict with a lowest risk scenario, so careful consideration and thorough preparation are essential, along with continual communication. Q: How does the approach to protection change from one celebrity (client) to another? What variables impact how you do your job? Stuart: The approach is largely determined by the client’s specific needs, requests and objectives. The circumstances of a client's activities, location, and other associated entities can vastly disrupt operation activities. A client may prefer a more or less obvious security presence, which can impact the quantity and proximity of personnel. Force Protection Agency coordinates extensively with numerous federal, state, and municipal government agencies, which also have a variety of influence depending on the particular locations involved and the specific client activities being engaged in.  Q: Are all your clients celebrities or what other types of "executives" do you protect – and, if so, how are those jobs different? Stuart: Force Protection Agency provides protective services for a wide range of clients, from the world’s most notable superstars to corporate executives and government representatives. We also provide private investigation services for a vast variety of clientele. Force Protection Agency creates customised solutions that surpass each individual client’s needs and circumstances. The differences between protecting a major celebrity or top business executive can be quite different or exactly the same. Although potentially not as well known in popular culture, some top CEOs have a net worth well above many famous celebrities and their security needs must reflect their success. Q: What is the role of technology in protecting famous people (including drones)? Technology is crucial to the success of security operations Stuart: Technology is crucial to the success of security operations and brings a tremendous advantage to those equipped with the best technological resources and the skills required to maximise their capabilities. It affects equipment such as communication and surveillance devices like drones, cameras, radios, detection/tracking devices, GPS, defensive weapons, protective equipment, and more. Technology also brings immense capabilities to strategic planning and logistical operations through the power of data management and is another aspect of Force Protection Agency operation that sets us apart from the competition. Q: What additional technology tools would be helpful in your work (i.e., a “technology wish list”)? Stuart: The rapidly growing and evolving realm of social media is a massive digital battlefield littered with current and potential future threats and adversaries. Most mass shooters as of late have left a trail of disturbing posts and comments across social media platforms and chat rooms that telegraphed their disturbing mindset and future attacks. A tool that could manage an intelligent search for such threats and generate additional intel through a continuous scan of all available relevant data from social media sources would be extremely useful and could potentially save many lives. Q: Anything you wish to add? Stuart: Delivering consistent excellence in protection and security is both a vital need and a tremendous responsibility. Force Protection Agency is proud of their unwavering commitment to “Defend, Enforce, Assist” and stands ready to secure and satisfy each and every client, and to preserve the life and liberty of our nation and the world.

How custom solutions meet customer needs for access control
How custom solutions meet customer needs for access control

The software-based technology running today’s access control systems is ideal for creating custom solutions for very specific end-user needs. Those needs may vary from delaying bar patrons’ access to a shooting range to reducing the risk of diamond miners pocketing precious stones. The ability to tightly integrate with and control video, intrusion, and other equipment puts access control at the heart of enterprise security. Often, off-the-shelf access systems provide most of the features an end user requires, but due to their type of business, facility or location, some organisations still have unaddressed needs. That’s where a custom solution can fulfill an essential task. Custom solutions are frequently requested by end users or the reseller to expand access control to meet those needs. Here’s a look at some custom solutions designed for end users. Area & time-based access control The owners of a popular shooting range also operate an onsite, full-service bar, and the owners wanted to delay entry to the shooting range once a customer had consumed alcoholic beverages at the bar. The custom solution works with the access cards customers use to enter the range. When a patron orders an alcoholic beverage, the bartender presents the patron’s credential to a reader at the cash register.  With each drink, the access control system puts an automatic delay on the card being used to enter the shooting range. An area and time-based control solution was created An area and time-based control solution was created for a major pharmaceutical manufacturer concerned with potential contamination between laboratories testing viral material and others designing new vaccines. If an employee uses a badge to enter a room with viral material, that employee can be denied access to a different area (typically a clean room in this case), for a customised period of time. This reduces the potential of cross contamination between ‘dirty’ and ‘clean’ rooms. The software can be customised by room combinations and times. Random screening A mine operator wanted to prevent easily portable precious stones from being taken by miners. The custom solution uses the access control system integrated with time and attendance software. As the miners clock in, the system randomly and secretly flags a user-defined percentage of them to be searched as their shifts end. Security guards monitor displays and pull selected employees aside.  A nice feature of this solution is that the random screening can be overridden at a moment’s notice. For example, if the process causes excessive delays, guards can override the system to enable pre-selected miners to pass until the bottleneck is relieved. The solution has also been adopted by a computer manufacturer looking to control theft by employees and vendors. Scheduler The system automatically unlocks and locks doors A custom solutions team integrated a university’s class scheduling and access control software to lock doors to classrooms that are not in use. With the custom solution in place, the system automatically unlocks and locks doors 15 minutes prior to and after a class. The doors remain unlocked if the room will be used again within the next 30 minutes. Readers mounted at each door enable faculty to enter rooms early for class setup or to work in a lab knowing students or others won’t be able to walk in. Event management This solution simplifies the visitor check-in process, especially for larger events with multiple guests. Efficiently moving people in and out of events booked at a working intelligent office building and conference center required integrating the access control system with a web-based solution storing the names, email addresses, and phone numbers of invited guests. Before an event, guests receive an email invitation that includes a link to a downloadable smartphone mobile credential. Upon arrival, guests present that credential to Bluetooth readers at the building’s gated parking garage. The same credential enables smaller groups (up to 50 guests) to enter the building through turnstile-mounted readers – also used throughout the day by hundreds of building employees. To avoid long lines for larger groups of visitors, the turnstiles are kept open with security guards using handheld readers to authenticate credentials as guests enter the lobby. Additionally, a third-party emergency notification system was added to this custom solution. Guests receive instructions on their smartphones should there be a need to shelter in place or evacuate during an event. The credentials and notifications are disabled as guests leave the building through the turnstiles. This allows the hospital to maintain a secure environment while providing a simplified, efficient access solution Similar custom solutions have been deployed at hospitals searching for a way to provide secure access to patients only expected to be staying a short time for surgery.  Patients are emailed a mobile credential to access both the hospital’s parking structure and surgical reception area. They can also designate family members and other visitors to receive emailed mobile credentials.  This allows the hospital to maintain a secure environment while providing a simplified, efficient access solution for patients and visitors. Custom solutions are about problem solving. It’s finding answers to needs not specifically addressed by an access control system. The robust software of modern access control systems enables the design of custom solutions to efficiently enhance security, save time and reduce redundant tasks through automated processes.