April 28, 2019

Security Yearbook 2020

Security Yearbook 2020

History of the IT security industry.

For the first time ever a complete history of the development of IT security solutions is presented in one place. The focus is on the pioneers in the space and the companies that arose from their efforts. Individual stories from these pioneers are presented in their own voice while the overall story of the space is recounted as it grew from modest beginnings to a $100 billion+ industry with over 2,200 companies.

Because practical IT security is deployed in layers, it is logical to approach each major category, or bucket, with a separate recounting of its history:

-The history of the network security industry from the early days of bastion hosts and proxy firewalls like SideWinder and Gauntlet, to the invention of stateful inspection firewalls by Check Point Software in the mid '90s. The story arc from there is one of increased functionality as so-called Next-Gen, or UTM, firewalls became the norm.


-The history of endpoint security which predates network security because viruses existed before the Internet was widely adopted. Remember floppy disk born viruses?


-One could track the history of data security all the way back to Roman and Chinese ancient history. We opt to start with Diffie-Hellman and RSA.

-History of Identity and Access Management. The IAM space encompasses authentication means like two-factor tokens and biometrics, as well as the directory services developed to manage them.


-History of Governance, Risk, and Compliance (GRC). With an evolving industry comes regulation and the need to demonstrate compliance with a standard (ISO, NIST), a framework (ITIL, COBIT, NIST), or a regulation (GDPR, HIPAA, GLB).

Recent years have seen the rise of new categories too:


-Breach detection relies heavily on security analytics to ingest as many events and logs as possible, even complete network traffic, and often endpoint monitoring to detect when an attack is under way.

-Threat intelligence is the whole field of information that can enrich your understanding of threat actors. It could be Dark Web monitoring such as those provided by Groupsense or FlashPoint. It could be threat actor tracking as provided by Intel471. Or it could simply be hashes of malware and other Indicators of Compromise (IoC). There are also aggregators and managers of all these streams of data that help integrate threat intelligence with existing tools such as a SEIM.

 
Secure communications became a demonstrated need after Edward Snowden revealed the NSA's program to capture communications. Vendors such as Koolspan, Telegram, WhatsApp, Dark Matter, and Signal, are attempting to fight this battle.  

Deception is an exciting space that in one sense is just a way to enrich breach detection data. Decoy devices, fake documents, and fictional user identities, are deployed with the expectation that only attackers will find them. Instrumentation creates alerts when nefarious activity is detected.

Speaking of instrumentation another new category is security instrumentation. These are tools that are deployed to firewalls, IPS, SEIMs and decoy endpoints that can provide real data on the effectiveness of those tools. Security instrumentation can provide metrics on policies that have been deployed.

As in all research projects, new insights will be derived as the journey continues to catalog the entire IT security space and write the history of this ever growing industry.