2014 is behind us, which means it’s a great time for us to reflect on the past year, and take a look at what we can expect in 2015.
Let’s start with a look back on our 2014 predictions, and moves Barracuda made to address the trends.
|Growth of network virtualization||Barracuda Offers Integrated Security; Boosts Portfolio with Consolidated Network and Content Security Solution (Barracuda Security Suite)|
|Security virtualization in public cloud||Barracuda expanded our security offerings in Amazon Web Services and Microsoft Azure.|
|Online file sharing being embraced by corporate IT||Barracuda expands Copy file sync & share services for companies, and launched the Barracuda Copy Site Server appliance (in both physical and virtual deployment options).|
|Growth in data and availability demands make cloud storage more appealing||Barracuda launches cloud-connected archiving and federated search for the Barracuda Message Archiver, and makes cloud-connectivity an integral piece of Data Protection Plus.|
|SMB next- generation firewall becomes cloud-connected||Barracuda’s next-generation firewalls leverage the cloud for multiple functions: both Barracuda Firewall and Barracuda NG Firewall offload web filtering functionality to the Barracuda Web Security Service to improve performance and scalability, and the Barracuda NG Firewall employs cloud-based Advanced Threat Detection to prevent sophisticated, targeted attacks.|
|End user and mobile app usage continues||Barracuda launches Mobile Device Manager and adds features to the Barracuda SSL VPN to extend private cloud access to mobile devices.|
|Cloud for offsiting, mobility and elasticity||Cloud connectivity is integrated into Barracuda Data Protection Plus and Barracuda Total Threat Protection.|
As you can see, Barracuda has had great success in alignment with our predictions for 2014.
There were a handful of high-profile threats last year, such as Heartbleed, Shellshock, and Cryptolocker. If there’s one way to describe what we can expect next year, it’s this: It’s not about the threats, it’s about the threat vectors.
There are six threat vectors that need to be secured for total threat protection. We’ve created this chart to make it easier for you to view the threat vector, type of threat and examples:
|Types of Threats||
Examples of Attack Surfaces
|Spoofing, Phishing, Directory Harvest Attacks, Spam, E-mail Borne Viruses||Different locations and Internet breakouts
Virtual networks that are constantly changing
New, Internet-connected devices (“Internet of Things”)
|Web Applications||SQL Injections, OS command injections, Cross-site Scripting, Cross-site Request Forgery, Session Hijacking|
|Remote Access||Brute force attacks, Stolen credentials|
|Web Browsing||Social engineering, hacked Web sites, downloaded malware, drive-by downloads|
|Mobile Internet||Phishing, black hat apps, public networks|
|Network Perimeters, including public and private clouds||DDoS, brute force attacks, IP spoofing|
Many System Administrators are trained to learn how to mitigate historical threats, and defend their systems accordingly. The problem with this is the automated threat landscape attacks all threat vectors simultaneously. Administrators must protect all network and data protection vectors. Any threat vector that is exposed will be found and attacked.
The general trends we predicted in 2014 will continue in 2015. Accordingly, we will see four specific trends in 2015:
As companies move from physical to virtual to public cloud to SaaS, their attack surfaces change accordingly. An infrastructure upgrade may add multiple attack surfaces, all of which have to be secured. For example, companies that migrate from an on-site Microsoft Exchange Server to Office 365 have added a new attack surface across multiple threat vectors, including email and web application threat vectors.
Mobile internet is particularly vulnerable to phishing and social engineering attacks. Mobile devices are constantly moving between secure corporate networks and unsecure home or public wifi.
The web application vector is the attack surface that is currently the least understood by most IT administrators and is generally the most exposed. Many companies attempt to secure this threat vector with the wrong technology, like a network firewall, which can protect Layer 4 protocols and even do deep packet inspection. However, truly protecting Web application layer attacks generally requires terminating the HTTP or HTTPS protocols and often rewriting traffic to identify and mitigate threats. Just as a network firewall is not designed to stop spam, it is also not designed to stop web application attacks. This type of misunderstanding leaves the threat vector exposed to attack, and gives the administrator a false sense of security.
Administrators will continue to be required to do more work with fewer resources, and attempts to either “go without” protections along key threat vectors or to manage a patchwork of disparate security systems will leave their organizations at risk.
Our approach to securing these threat vectors is summarized in our Total Threat Protection initiative. Barracuda Total Threat Protection integrates several best-in-breed solutions into a common management interface and a single point of support – all at an affordable price point..
This chart details how Barracuda security solutions work together to provide Total Threat Protection:
|Barracuda Email Security Gateway|
|Web Applications||Barracuda Web Application Firewall|
|Remote Access||Barracuda SSL VPN|
|Web Browsing||Barracuda Web Security Gateway|
|Mobile Internet||Mobile Device Manager|
|Network Perimeters, including public and private clouds||Barracuda Firewall|
Barracuda can help organizations with resource-constrained IT professionals secure all of their network threat vectors with this approach. If you’d like to learn more about this, please visit our Total Threat Protection web page.