Armour Comms launches first secure Voice over IP... » London: Armour Communications has announced its integration with Skype for Business. Armour Mobile i... Anam Technologies selected by Deutsche Telekom a... » DUBLIN, BONN:  Anam Technologies has gone into partnership with Deutsche Telekom International Carri... 6.7 percent of programmes on private UK PCs are en... » Maidenhead, U.K: The average private user in the UK has 72 programmes installed on their PC, and 6.7... Multitone’s EkoSecure Personal Alert System chos... » Multitone Electronics plc has announced that its German-based team, Multiton Elektronik GmbH, has su... IoT 2020: Smart and secure IoT platform » Geneva, Switzerland: The Internet of Things (IoT) significantly impacts the global economy and is ex... Letterbox company to keep properties safe with inn... » A specialist mailbox manufacturer has made a pledge to enhance the security of UK properties through... MDS expands portfolio of cost analytics solution... » Warrington, UK: MDS has announced the launch of a suite of cost efficiency analytic solutions design... Post-Truth, Post-West, Post-Order? » Munich Security Report 2017 With Foreword By Ambassador Wolfgang Ischinger, Chairman of the Munich ... NuData Security comments on fraud costing the UK £... » Crowe Clark Whitehill has just released its Financial Cost of Fraud report  which states that fraud ... Edesix selected as body worn camera provider for U... » Edinburgh-based Edesix Ltd. has been selected as the Body Worn Camera provider of choice for Her Maj...


Advertise with Vigilance

Got News?

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.


Subscribe to Vigilance Weekly

Information Security Header

It’s the time of year again when IT security experts predict what the year will bring.

.Justin Coker, VP of EMEA Markets, Skybox Security, predicts:

Tasked with ensuring the success of business-changing IT initiatives from mobile and BYOD to virtualization and cloud services, IT security is finding that existing security controls and processes create complexity instead of reducing risks. At the same time, highly publicized breaches and new forms of attacks have raised awareness of the business impact of cyber threats to the board level. It’s time to reinvent your security approach – here are our 2013 predictions.

Next-generation vulnerability management – Today, vulnerability management is one of the security processes that organisations use to find and mitigate risks; yet, vulnerability scanning can disrupt network operations, and delivers huge numbers of found vulnerabilities without the context needed to focus mitigation activities on real priority risks. In 2013, organisations will seek out ways to correlate contextual information about network access paths and existing security controls into a next-generation vulnerability management solution that will deliver the actionable vulnerability remediation options every day that are needed to effectively prevent data breaches and cyber attacks.

Continuous security monitoring – The highly dynamic threat landscape requires enterprises to adopt continuous monitoring of their security risk posture rather than performing periodic security assessments. While we are already seeing this trend in vulnerability management (above), it also applies to areas such as firewall compliance, network access, and end point controls. The transition to continuous security monitoring enables the IT security organisation to move from reaction to threat prevention. A high degree of automation is required, leading organisations to seek out risk management tools that can keep pace with continuous changes on a daily basis without taxing the resources of the security teams.

IPS emerges as key component of risk migration strategy – After 10 years of rapid sales but slow adoption, intrusion prevention systems (IPS) will play a key role in enterprise risk mitigation strategy in 2013, as confirmed by the Skybox Security Next-Generation Firewall survey in November 2012. Whilst many organisations currently use vendor-recommended IPS settings, selectively tuning the IPS based on your specific network vulnerabilities bridges the security gap and enables organisations to reap greater benefits from next-generation firewall deployments.

Big data for security – We see a dramatic expansion of the attack surface, fueled by the growth in mobile and other endpoint devices. Security organisations are recognizing the need to take a big data approach to security assessment – collecting huge amounts of data, and applying new predictive analysis tools to identify risks and breach traces in real time. In 2013 and later years, this approach will become more methodological. Specifically, we anticipate collection and correlation of network topology data, firewalls capabilities, vulnerabilities, asset information, business context, and new threats. This contextual analysis will enable security analysts to focus on the high risk attack scenarios in a faster and more methodological way.

Emergence of the CIRO – The Chief Information Risk Officer will be the next evolution of the CISO, who can communicate to the board in the risk language they understand, rather than security jargon. CIROs will be looking to security to reduce risk whilst enabling the organisation to achieve their strategy / objectives.

Dr. Nicko van Someren – Chief Technology Officer, John Dasher – Senior Director of Product Management, Dmitri Volkmann – Vice President of Product Strategy and Planning at Good Technology, predict:

Identity and Access Management

Nicko: Mobile devices have the capability to have many more functions in everyday life. However, adoption of what has historically been 'Two-Factor Authentication' (2FA) in the mobile space is going to be very slow and very vertically specific, until the point that these forms of 2FA are ergonomically useful. Good Trust is a technology platform which allows us to leverage the hardware of a phone in new and interesting ways. A device which is more secure will allow a greater level of functionality, such as granting access to buildings or allowing mobile payments.

Line of Business funding IT

John: The importance of technology to business outcomes will change the way that it's introduced to an organisation. IT will no longer control the majority of the budget, or be in charge of enterprise IT projects. Each line of business will become even more demanding of apps that they need for specific functions. The result is that they will fund the IT projects they deem important.


John: There will be a major data leak within healthcare from a mobile device at some point in 2013. This is likely to come from a lost laptop that creates a data breach, and is even more likely to happen as people make the move from laptops to tablets. These bodies are susceptible because they have such a big and diverse workforce that is not focused on IT – their focus is on providing healthcare!

Mobile Device Management and Data Loss Prevention

Dimitri: There will be a price war in mobile device management, as it's becoming a commodity. MDM will become completely obsolete because it is impossible to achieve management and control of the content by only managing the device. Ultimately there need to be tools in place that ensure the data itself is secured, within any environment that it might be used.

Dimitri: Data loss prevention will never happen if organisations focus purely on managing devices. Network DLP will continue to be effective within the confines of the corporate network, but Apple is outpacing Moore's law, making portability even easier, and CPU power isn't a limiting factor in what data can be transported and accessed – though you can still run out of battery! The focus has to be on how the data can be accessed and implementing controls over who can see it and how it can be shared. Only when all data is housed in a safe, secure environment can data loss prevention be achieved.

Contextual Mobility

John: Context in mobile will continue to grow, because the number of components able to determine circumstances on the device will increase, both from a security perspective and a collaboration standpoint.

Nicko: Contextually aware security and functionality means that if an employee's device leaves an area or is accessed outside certain hours, then they may be asked for another level of authentication. On the other side of that coin, employees and HR can be more active in defining the work/life balance.


Dimitri: 2013 is the first year that the cloud is deprioritised in comparison to mobile. The cloud is no longer new and its more pervasive, many of the people using it don't even know that they are using it. But what it does do is open up a much bigger range of applications that can be used anytime, anywhere.

John: The growth of cloud means that the internet of things (pervasive computing) is only set to continue, but the right level of security must be provided. There are billions of things connected the internet, which are growing at a steady rate and the combination of wireless and cloud makes connecting to these devices easier than ever. The challenge is securing the devices so that it doesn't put more at risk in the event of device theft or loss