Top 5 Security Predictions For 2012

Network Security

Although it’s been 23 years since the first worm – the Morris worm – appeared on November 2, 1988, a lot more has happened in the malware arena in the last two years then the first 21 years. This escalating change in the threat landscape is something that drives the need for comprehensive security ever-forward.

And it’s for this reason that I’ve come up with my top 5 security tips for 2012, which I sincerely hope will assist IT security professionals in planning their defence strategies for the year ahead, which promises to be a challenging one for all concerned.

Tip #1 – Firewall operations

Next generation firewalls will continue their strong adoption by mid- to large-size organisations. As a result of this trend, I see the operations management challenges of multi-vendor firewall environments as calling for increasing levels of automation of daily change management tasks.

Tip #2 – Firewall compliance and auditing

A key requirement in the increasingly regulated IT security space we now live in. Continuous compliance will become essential for many more organisations that are striving to keep an always-compliant security status, without waiting for a third party auditor to carry out an annual check.

Tip #3 – CIO’s needing to show 360-degree and holistic reports

Regulatory compliance requirements – particularly in the PCI DSS space – and the consequent legal implications, will drive more companies to automate their network security audits and rely less on periodical audits.

Tip #4 – Firewall compliance and auditing domain

I predict that even those organisations who are not bound to the need for direct regulatory compliance standard will still adopt standards like PCI DSS as a methodology to create a robust network security framework.

Tip #5 – Security change automation

I predict that organisations will embrace even more workflow and ticketing solutions designed to provide a comprehensive pro-active risk plus compliance analysis process. Taking this path will, I believe, allow hard-pressed IT security staff an easy way to achieve a robust continuous compliance process.

As Chief Security Architect, Michael Hamelin identifies and champions the security standards and processes for Tufin Software Technologies. Bringing more than 15 years of security domain expertise to Tufin, Michael has deep hands-on technical knowledge in security architecture, penetration testing, intrusion detection, and anomalous detection of rouge traffic. He has authored numerous courses in information security and worked as a consultant, security analyst, forensics lead, and security practice manager. He is also a featured security speaker around the world widely regarded as a leading technical thinker in information security. Michael previously held technical leadership positions at VeriSign, Cox Communications, and Resilience. Prior to joining Tufin he was the Principal Network and Security Architect for ChoicePoint. Michael received Bachelor of Science degrees in Chemistry and Physics from Norwich University, and did his graduate work at Texas A&M University.

  • Rob Dixon

    Nice article but a shame that the date for the Morris worm reads 10 years out distracting most geeky or detailed types from the 5 points below.

    • Ah, thanks for pointing out the typo Rob. Date updated to “1988” in the first paragraph.