As an eventful 2016 draws to a close, what should we expect in cybersecurity for 2017? In this blog series, Morphisec’s security experts predict trends and technologies in 2017.
Today’s post is from Michael Gorelik, Morphisec VP R&D. He takes a look at the future in endpoint technology developments, both from a security and attack point of view.
Prediction No. 1: Despite limitations, ML capabilities will be incorporated into more big name security tools.
Although behavioral detection solutions are prone to false positives and carry a high performance impact, more big player AV solutions will add NextGen capabilities based on machine learning / behavioral analytics. This will lead to consolidation in the market as startups primarily focused on developing machine learning-based NextGen products will lose momentum.
Prediction No. 2: Detection tools will get faster, but so will malware.
Detection tools will shorten the time between infection and detection. However, malware and especially ransomware will continue to outpace these tools with more sophisticated and much faster infection.
Prediction No. 3: Hackers will step up the pace on new evasive maneuvers.
Enterprises will be hit with new targeted attacks and new evasion techniques on a daily basis (we already see weekly trends of new targeted attacks with new evasion techniques). They will increasingly include new evasion techniques to bypass AI/ Machine learning-based products.
Prediction No. 4: We will see new attack waves based on Flash zero-days, although the trend will probably shift to Flash exploits delivered through document files and not web exploit kits unless RiG is replaced by a more advanced exploit kit.
Prediction No. 5: The MS Office macro-blocking feature will not affect the attack landscape.
Macro and OLE-based attack vectors will remain more or less the same despite Microsoft’s new macro-blocking administrative capability, simply because employees in certain sectors, such as finance, need to use macros for their daily operations.
Prediction No. 6: Attacks on VDI networks will increase.
We will see an increase in attacks targeting Virtual application delivery servers or virtual desktops (e.g. Citrix XenApp/XenDesktop, etc.). Such platforms make an attractive target as they are often under protected due to their performance sensitivity and the high performance impact of adding more security solution capabilities.