CyberSecurity.  2014.  What is going to be out there in terms of threats, products and trends?  There’s plenty of opinions about this because security in the industry is so widespread by disciplines.  That’s the modern security environment.  So we sought out companies in leadership positions, we sought out the people that are out on the front lines and driving security in the year ahead.  Our 2014 CyberSecurity projections kick off with Alert Logic Co-Founder  – Misha Govshteyn, VP Emerging Products.  Govshteyn is responsible for security strategy, security research and software development.  Alert Logic is a Security-as-a-Service provider which has unmatched capabilities as a security platform based on its truly native cloud nature.  Regardless of the customer’s own platform, whether on-premise, completely in the cloud or somewhere in between, Alert Logic’s technology is designed to deliver top-notch security seamlessly.  Their product is rather unique because of this software in the cloud nature and their extensive and significant partnerships with the likes of Amazon Web Services (AWS), Rackspace and Windows Azure.

• What are the biggest cybersecurity threats in the business?  How does 2014 look?

There are many difference perspectives out there, but overall it is certain that everything is on the rise.  We do lots of research on incidents and threats and it turns out that biggest threat not really much of a surprise – it’s web app attacks.  This is something that is growing because the complexity is growing and the scale is accelerating.    We as an industry spend a lot of time focused phishing, malware, external attacks – while not enough focus is put on web application security.  Our research shows a web app threat trend that is growing for on premise and cloud customers, for example – it is the #3 threat for on premise environment, and #1 for cloud-based environments  We’re not seeing a decrease in amount or level of attacks, which many people did not expect in fact, it’s the opposite.

• Statistics show that Cybercrime and the costs associated with dealing with it are on the rise – Talk about the prepared organization vs the unprepared and the consequences

Five years ago, cybercrime was the only real significant motive out there. But now there’s a new truth in that everything is up and things are much more multifaceted.   Things like cyberwarfare and hacktivism are major areas and no signs of abating.  Cybercrime hasn’t slowed down and now you have these threats that are just as critical, as big of a risk with a totally different motivation.  There are increased risks in certain areas from a blend of risk factors – how somebody worries depends on what business they’re in.  The threat depends on target.  So an organization needs to be aware of multiple motivations, understand the adversary – some are persistence based while others are opportunistic threats.  Also we must be aware that in general, Hacktivist attacks can be associated with much more likely higher skills and sophisticated attacks, as found in the data from our security trend reporting, web attacks often come from simple attack tools.  40% are simple the rest are tied to specific weaknesses within the application.

Here is one thing that we don’t see people doing enough of – and it’s something unfortunately reinforced by industry – vendors pound you with products that want to be the silver bullet but there isn’t enough done to prioritize assets in light of threats.   There’s just not enough emphasis on identifying and protecting those things that are most critical and working from there.  We need to get back to that

• State-sponsored CyberWarfare

Once again it goes back to identifying your risks, what business you are in and what the corresponding threat is.  The number one thing Alert Logic is doing here is making a big dent in weaknesses that are typically exploited in these situations, protecting industry from the elevated threats that come from flaws and weaknesses.  We enable enterprises to get the basics that need to be figured out.  Almost all enterprises are understaffed, that’s where we help.  Erase inefficiency as much as possible.

• Is there enough technology and personnel to meet all of these threats right now?

When you look at the research, all the attack data points –and this has happened with malware – antivirus has been a victim of its own success, it was proficient in stopping the virus.  So in response, malware has gotten better at doing what it is designed to do, working around endpoint security.  We don’t see that with web applications –there are lots of bugs and lots of custom code..  The industry doesn’t have enough eyes on this and resources to do this job well yet.  Needs to be priority.

• We will continue with the conversation in a follow-up and find out what Alert Logic is up to in 2014, talk a little bit about the NSA, the partnership with Amazon Web Services and other cloud providers and we’ll get a glimpse of what Alert Logic will look like in 2015.  Govshteyn is an alumni of theCUBE, as seen below in a video from AWS Summit 2013.

photo credit: Don Hankins via photopin cc