New attack vectors will grow precipitously
We witnessed damaging malicious code attacks like Sober (U, V and W) and Zotob in 2005. But these outbreaks tended to cluster around e-mail or Internet worms. The bad guys will get more creative this year. Look for a big increase in the number of attacks via instant-messaging clients, Internet Protocol telephony, cell phones, Bluetooth and XML. Spyware will also become stealthier and continue to escalate from a nuisance to a real threat. Anticipate more attacks on non-Windows platforms (Linux, Unix, Macs), network infrastructure (BGP, DNS, IOS), and specific applications (backup software, databases, and so on).
Rootkits become familiar to the masses
A rootkit is an extremely clandestine type of malware that hides itself within operating system kernels or application binaries. Rootkits present a huge threat because they make subtle changes to systems to open vulnerabilities and they cover their tracks. Rootkits are also extremely hard to detect and remain invisible to most of the security software we all depend upon.
Now here's the scary part: We will see more and more rootkit attacks in 2006, so you'll likely read about them everywhere, from an internal e-mail to The Wall Street Journal. By next year, expect your retired parents in Florida to ask you about preventing and remediating rootkits -- with a real sense of urgency.
Secure development processes become mandatory
Users are simply fed up with sloppy vulnerability-ridden code and weak security support from most independent software vendors. Look for large organisations to clamp down by placing contractual demands on software providers mandating that they implement security processes and metrics or take a hike.
Microsoft is ahead of the pack in this area, while "unbreakable" Oracle lags way behind and could lose major contracts as a result.
It is important to note that mandates for secure development processes impact all software vendors, not just application and OS providers. Popular software like Hewlett-Packard's OpenView, EMC's VMWare and SAP's products will face the same scrutiny.
Security management moves to network operations
At an enterprise level, network security depends on spotting anomalous activities and capturing security events. These requirements are not unique; network operation centers have the same needs to keep the network up and running, so it is logical that these two activities move under the same roof.
As network ops takes over security oversight, expect a lot of market consolidation. Security vendors that focus on network "flow" (for instance, traffic analysis -- Arbor, Lancope, Mazu and Q1 Labs) and security incident/event management (eIQ, Intellitactics and Network Intelligence) will be scooped up and added to tools from Computer Associates International, Compuware, HP or IBM.
Database, networking, storage and firewall vendors either have or will add encryption to their solutions in 2006. This, of course, will set up the old information technology scenario, where there are oodles of point key management and policy management systems scattered throughout the enterprise.
Multiple key management servers create a slew of problems like redundant controls, excess overhead, security weaknesses and disaster recovery issues. As Ross Perot might say, "that dog don't hunt." The IBM mainframe group is already pitching the wisdom of centralised key management as are other pioneering start-ups. By 2007, this discussion will become commonplace.
More security outsourcing
It's hard enough to administer a firewall and intrusion detection systems, to also deal with abundant security solutions for e-mail, IP telephony, Web services, wireless devices, and so on. Complexity is the enemy of strong security, and most companies do a really poor job here. Smart companies will recognise this weakness and outsource some of their security grunt work. Dumb organisations will experience security breaches instead.
This is the just the tip of the iceberg. Suffice it to say, 2006 will likely be an ugly year. The number of attacks will probably decrease, but the severity will continue to rise -- think one step forward and two steps back.
On the plus side, large organisations will finally start to implement real enterprise-class security solutions or outsource pieces that are just too onerous to own. In the meantime, look for at least one killer security breach that tanks a large -- and previously well-reputed -- organisation.
Jon Oltsik is a senior analyst at the Enterprise Strategy Group.
Well think www.whitedust.net provides an excellent source of security news.