What does year 2012 hold for us in terms of improving IT security? Here are just a few topics:
Log Management & Analysis
As we begin to understand how such information can be used to benefit security, log analysis is being included in security products by many vendors, for example, LogLogic, Logrhythm, and Tripwire. Both hardware and software logs on the computer network can establish evidence of malicious programs (malware), giving any computer network support company an upper hand against threats. Undervalued in the past, Vendors specializing in the field include Driving the need for security-related log management is the rise in advanced persistent threats (APT). Attackers using such methods target specific companies with sophisticated malware designed to operate unnoticed in infected systems.
PCI DSS – the Payment Card Industry Data Security Standard – is expected to get an update and become a version 2.0 in the year 2012. Most small businesses may not be prepared for this shift – and some may not even be aware of its coming. Compliance is still a prevalent issue in web users privacy, and it is expected to be tightened up, aiming for greater accountability for consumer data by increasing penalties for data breaches. 2012 should bring small businesses a wider range of best-practice IT security practices, with focus on risk assessment and standard IT security protocols. Tufin Technologies is an example of a vendor with focus on network security policies and regulatory standards compliance.
While clouds are always a target, many small businesses will turn to the cloud solutions because it will be a safer, and possibly more budget friendly place for the company data and mission-critical applications. More and more businesses are engaging in managed security and network monitoring, making it cloud service providers responsibility to perform upgrades and systems maintenance.
We will continue this topic during 2012 – come back for updates soon!