Security Predictions for 2016 or “Let the internet security prognostication begin”

It’s that time of the year, when security pundits make their security predictions and comment on trends for 2016. Of course, it would be great if the pundits who came out with predictions for 2015 came out with a report card in early 2016. 

Trying to predict the future is like trying to drive down a country road at night with no lights while looking out the back window - Peter Drucker

Consolidation in the Security Sector

Look for continued security consolidation as some of the larger vendors utilize the strategy that it is quicker and easier to buy a technology to broaden their security portfolio than to develop the technology internally. At the same time, some larger companies will sell off their (incomplete) portfolio of security products to focus on other sectors. There are rumors, for example, about SonicWall being put on the market by Dell.  Of course, FireEye rumors are making the rounds after their Q3 results.

Look for other vendors to analyze the market, do a make/buy analysis and then license missing technology from smaller, more agile, companies.  

“If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.” – Bruce Schneier

Bubble Will Burst on Some Newly Public Security Vendors

At some point in time, companies have to generate cash and after working through the wonders and options of tax accounting, companies have to show a bottom line profit.  Look for investors getting tired of “but we’re going after market share” and selling their stock. For others, shorting activity will increase.  An offshoot of this is that these companies will become less expensive to acquire. Happiness is positive cash flow.

Splitting (breaking?) of Humpty Dumpty. Symantec and Hewlett Packard

Symantec has retired their vision (several years old) of becoming a widely diversified company (begun by John Thompson) and is splitting/divesting into security focused Symantec, and back up and recovery, SDN, and governance focused Veritas. Hewlett Packard has split into two companies. HP Inc.   holds the printing and personal systems side of the business, selling printers, scanners, displays, personal computers (laptop, desktop, and tablets),  and the supplies and services associated with them.  Hewlett-Packard Enterprise will handle the hybrid cloud, servers, storage, converged systems, networking, management software, and the services necessary to run an enterprise.    They are both Fortune 100 companies, the latter led by Meg Whitman, and the former by Dion Weisler.  Not bad for a company that began in a garage in Palo Alto, selling to Disney.

One of these splits will work out much better than the other one.   That one being….Symantec. HP Enterprises, and HP, Inc. are still battleships.   

Life is a Breach

There will be at least one major security breach, for a number of reasons.  Some companies have still not gotten the memo about cybercriminals, thinking, “It can’t happen to us” and are being slow in their investments.  There are a number of bright cybercriminals out there. They design their own methods of attack.  They may rent use of a botnet as part of their attack strategy.  If the CIO/CEO want to maintain their title, look for full transparency, accepting the blame, laying out the groundwork to prevent this from happening again (hopefully), and protecting their customers. Classic disaster recovery procedure, often not followed.

Cybercriminals Will Broaden Their Target Base

Cybercriminals will increase the number of vertical markets they go after and the size of the typical breach will be smaller. The number of breaches (reported anyway) will decrease. From a CSO Online article - Jody Westby, CEO of Global Cyber Risk, “it is the data that makes a business attractive, not the size – especially if it is delicious data, such as lots of customer contact info, credit card data, health data, or valuable intellectual property.”  http://bit.ly/1BcYw8W

The Identity Theft Resource Center (ITRC) reported in October that there has been 606 data breaches recorded through October 13, 2015, and that more than 175 million records have been exposed.    The top 4 sectors with respects to incidents, business (39%), health care (36%), banking (10%), and government (8%) 68% of the records exposed were in the health care sector. There were over 780 data breaches in 2013.

We Will Continue to be Our Own Worst Enemy

“Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain.”- Kevin Mitnick

 A warning from your browser not to visit that site?  A found thumb drive?  New pictures of (fill in the name of your favorite celebrity) on the web or as an attachment to your email.  These are the internet equivalent of wet paint signs. Some people just have to check for themselves. More security aware companies will do more than have people look at a slide presentation on security and take a quiz once a year. They’ll send their own employees phishing emails, among other tactics.

The Wisdom of Crowds

James Surowiecki, in the book “The Wisdom of Crowds”, speculated that large groups of people are smarter than an elite few, no matter how brilliant–better at solving problems, fostering innovation, and coming to wise decisions. In 2016, market share of consumer AV/Malware purchases will probably still continue to be more a reflection of how many “likes” a product receives, rather than how they are reviewed by a PC Publication,  or test organizations AV-Comparatives, or AV-Test. Scary. Whom are you going to trust? Your doctor or your Facebook friends?

A  Growing use of Something Other Than Passwords

The top 20 list of passwords for 2016 may not vary greatly from 2015, look for more people to use some sort of biometrics or Multi-factor Authentication (MFA), to enhance the security of their devices. This will occur in businesses more quickly than in the consumer marketplace. According to an article in CNET at the beginning of the year, the top 10 passwords of 2014 were 123456, password, 12345, 12345678, QWERTY, 1234567890, 1234, baseball, dragon, and football. If your password looks anything like this, or is your pet’s name, change it immediately. There are a number of articles on creative ways of making up passwords or using different figures you can draw on your keyboard. At minimum, consider reading a few articles and select a method that works for you.

“Showtime” - The Government or a Large Security Vendor will take the Offensive

At some point in time, negotiations just aren’t cutting it.  Look for a concerted attack against some cybercriminals, whether they’re independent, being treated with benign neglect in their native country, or being subsidized.  This is despite any negotiations taking place with some countries on an international level. Sometimes the best defense is a good offense.  “The Darknet: Is the Government Destroying 'the Wild West of the Internet?” is a November Newsweek article that’s an interesting read. http://bit.ly/1MR5kAX

Government Takes the Lead in Sharing of Information between Security Vendors

The bragging right for many security companies is how quickly they identify and react to threats, and update their existing customers almost immediately.  They are not going to want to share this information with competitors as quickly.  Look for the government to be the driver in information sharing. One question that arises – how open will this table be for all security vendors or will it be a selective group?   “Senate passes cybersecurity information sharing bill despite privacy fears.” Washington Post, October 27. http://wapo.st/1KFbFIc   

The News of the Death of Endpoint Security Has Been Greatly Exaggerated

To paraphrase a quotation by American humorist Mark Twain.  The reliance of AV/malware products on signature files to detect threats has been declining for years. The endpoint   is the last line of defense. Technologies relying on heuristics are not the whole solution. Look for endpoints to use such techniques as artificial intelligence and machine learning, whether powered at the endpoint or in the cloud to lead the way. Despite statements by Symantec and others, do not look for AV/malware protection provided at the endpoint either installed their or involving technology in the cloud to disappear anytime soon.

Who will be Among the Top New Innovative Security Companies in 2016?

Good question.

On November 3, SINET announced their top 16 innovators (revenues under $15 million) for 2015. These companies were:  Bayshore Networks, Inc., BehavioSec, Gurucul Solutions, Lastline, Netskope, Onapsis, Inc., Palerra, Inc., PFP Cybersecurity, Pindrop Security,  QuintessenceLabs, RedOwl Analytics, Secure Islands,  SecurityScorecard, Sqrrl Data, Inc., TaaSera, Inc., Vectra Networks, Inc., You may be hearing from these companies over the course of 2016. Gartner and others will be coming out with their lists.

A mantra for 2016, “Friends don’t let their friends be mindless about security.”

Av-Comparatives Summary Report – 2014

For those who haven’t made a habit of downloading and looking at the many test reports  test group AV-Comparatives publishes, their AV-Comparatives Summary Report of anti-virus products has been released.  Some of the products in the test were the company’s internet security offerings. The report lists the winners in a number of categories:

• Overall winner
• Top rated products
• Real world protection test
• File detection
• False positives
• Overall performance 
• Proactive (heuristic/behaviors)
• Malware removal

Congratulations to BitDefender for being product of the year, receiving 3 stars in all the tests! Two other companies achieved this level with their products, Kaspersky, and Eset.

Most of the products tested were “paid” versions, products from Panda, LavaSoft, and Avast being the exceptions.  Among these three, Panda was the “winner”, finishing twelfth overall.  In alphabetical order, the bottom three companies were AhnLab, McAfee, and ThreatTrack Vipre.

This 151 page report also contains an extensive user interface review section of almost two dozen products.  One of the companies on the list even begins with an S.  Sorry. It’s not Symantec.  One of these days, they’ll step up and be tested.

The demise of anti-virus products and companies offering them  is vastly pre-mature.  The endpoint needs protection. The level of protection provided by these products is superior to that provided years ago, when heuristic technology wasn’t in many endpoint solutions, and there were no cloud solutions for the endpoint. Leave your laptop or tablet unprotected at your own risk!

This report demonstrates quite clearly that the market share leaders in the endpoint security space are not necessarily providing the best security nor performance.  Kaspersky, and Eset, are known in the industry but not as much to the public.  But you can buy them online and in some stores.  

BitDefender has an active and successful OEM program for their antimalware engine. Download and take a look at the AV-Comparatives Anti-Virus Comparative Report.  It’s free. And in 2015, do look at their other reports.  You can also go onto their site and view their results from their dynamic  Real World Test.    http://www.av-comparatives.org/dynamic-tests/   

About AV-Comparatives (www.av-comparatives.org )

AV-Comparatives is an independent organization offering systematic testing that checks whether security software, such as PC/Mac-based antivirus products and mobile security solutions, lives up to its promises. Using one of the largest sample collections worldwide, it creates a real-world environment for truly accurate testing.  AV-Comparatives offers freely accessible results to individuals, news organizations and scientific institutions.  Currently, the  AV-Comparatives' Real-World Protection Test is the most comprehensive and complex test available when it comes to evaluating the real-life protection capabilities of antivirus software

Gartner Magic Quadrant for Endpoint Protection Platforms- 2013

 Gartner  has  released  their 2013 Magic Quadrant for Endpoint Protection Platforms,   ID:G00247705.  Five performers are in the Leaders Quadrant.  Their approximate order in the report: McAfee, Symantec, Kaspersky, Trend Micro, and Sophos.  This is a little bit of a switch from 2012 when the order was Symantec, McAfee, Sophos, Kaspersky, and Trend Micro Microsoft, like in the 2012 report, was the only company in the Challenger portion of the grid.   Analysts for the report - Peter Firstbrook, John Girard, and Neil MacDonald.  Congrats to all in this portion of the quadrant.

Probably not so pleased with the report are Threatrack Security, Beyond Trust, and Check Point Software Technologies.  These were    the bottom three in the Niche Players portion of the quadrant.  Beyond Trust was the overall lowest in the quadrant with respect to ability to execute.  Check Point Software  slipped from the Visionary portion of the grid to this quadrant.  Not good.

McAfee continues its assimilation into Intel, who purchased them a couple of years ago.  The McAfee name will disappear and become   Intel Security.  Kaspersky continues their assault on Trend Micro. Sophos is aggressively expanding their business offerings, has revamped their channel program, http://channelnomics.com/2014/02/18/sophos-revamps-simplifies-partner-program/  remaining (and probably will remain)  a business focused security vendor.

The   Gartner Magic Quadrant for Endpoint Protection Platforms report is available for purchase on their website.  Some vendors such as Symantec have it available on their website for those who register.

Regarding the Leaders quadrant from the Gartner Magic Quadrant Endpoint report - “However, a leading vendor isn't a default choice for every buyer, and clients should not assume that they must buy only from vendors in the Leaders quadrant.  Some clients believe that Leaders are spreading their efforts too thinly and aren't pursuing clients' special needs.”

For more details on the Magic Quadrant and how it is created, read “Magic Quadrants and MarketScopes: How Gartner Evaluates Vendors within a Market”.     Sometimes a leader is not the best solution for a particular customer.  Despite that, you will see many   presentations where the vendor uses being in the Leaders quadrant   as a reason to buy from that particular vendor.  www.gartner.com

To see a blog on last year’s results - http://kensek.blogspot.com/2013/01/gartner-magic-quadrant-for-endpoint.html

ckensek on Twitter.

  

AV-Comparatives File Detection Test of Malicious Software - March 2013

Test group AV-Comparatives has released their March 2013 File Detection of Malicious Software report.  Ten pages of nice reading.  The three star performers, in order, were Avira, F-Secure, BitDefender, BullGuard, and Kaspersky.  Congratulations to these five vendors for their performance!  G Data had the top detection rate, 99.9% but suffered in their overall performance due to false positives.  ESET finished 17^th in detection rate, which may have precipitated  their drop in the standings.  The only free product in the test was from Panda. 

There was some movement from the av-comparatives 2012 summary report.  The companies receiving Top Rated designation were,  in alphabetical order - Avast, Avira, Bitdefender, BullGuard, ESET, F-Secure, G DATA, and Kaspersky.  

The company with products in the yellow box, otherwise known as Symantec, was included in this report.  This was the first time in a long while.  Suffice it to say, Symantec has nowhere to go but up, finishing in the “tested” (not even one star) category.  They had the lowest detection rate of all products tested.  Shout out to CEO Steve Bennett; that is okay.  Next test. Eva, get those engineers out of the cloud and working on the engine and file detection ;)

What this report is showing is that the products with the most name brand recognition are not always the top performers.  Trend Micro only received one star, and McAfee two stars.  Average these scores with Symantec and you get one star out of three.  Ouch.  For the complete report, you will have to go to the www.av-comparatives.org  web site. 

Tests such as these are much more valuable than  looking at  “likes” on a company web site. People should look at the av-test and Virus Bulletin web site.  PC Magazine does extensive testing, as well.  Put something on your device.  You don’t have to install a toolbar to get a price break.  Look, also, for installing (in addition) one of the free products that helps protect you while surfing the web.  McAfee, Zone Labs, Blue Coat, are among the vendors providing these.  You may want to install an internet security product for more comprehensive protection than that provided by an antivirus product.

  

About AV-comparatives     www.av-comparatives.org

AV-Comparatives is an Austrian Non-Profit-Organization.  They provide independent Antivirus software tests free to the public.  Go to their website to view all the great comparative reports and surveys they publish.  A great number of their reports are free.

AVG Technologies 2012 Revenue - View Far From Investment Firms

The below is a quick look at AVG Technologies’ 2012 revenues.  The bulk of the figures below are from AVG Technologies Form 6-K, available on their web site.  Disclosure - I can comfortably talk with the “smartest guys in the room” and even own multiple suits.  This is not a look at the marketing strategy.  Just some bullet point observations from afar about revenue, net income, cash.

March 7 addendum -  CEO JR Smith  resigns -  AVG Technologies N.V. (AVG) said J.R. Smith will step down as chief executive after a six-year tenure at the helm of the Internet and mobile-security provider, which is conducting a search for his successor. http://online.wsj.com/article/BT-CO-20130307-715759.html  He is remaining  on the board.

• Overall revenue up 31% to $356 million - Good.  Subscription based revenue was up 12% while platform based revenue was up 65%.  Platform based revenue now comprises  45% of AVG’s revenue (Can you say Google?).  
  
• In a Seeking Alpha article - “AVG: Feb 1st Google Policy Updates Threaten AVG's Growth Engine, Signals Steep Downside”.  Google would require companies to make use of “opt-out” instead of having “opt-in” checked automatically on the customer’s behalf.  The author of the article, Eiad Asbahi, is forecasting reduced revenue for AVG because of this.  http://kensek.blogspot.com/2013/02/avg-technologies-ipo-one-year-birthday.html
• Net income dropped 44% to $46 million in 2012 from 2011.  This usually isn’t a good thing, especially when revenue is up 31%.  Not a sustainable model.
• Gross profit margin dropped 3% from 89% to 86%.  Most industries would be envious, even with the decline.
• From Motley Fool. Short shares as a percent of float 18.6%.  For Symantec, the figure is 1.6%.
• From Motley Fool.  Short shares increase between January 31 and February 15, 278.5%.  Ouch for both of the figures from Motley Fool.  One would like investors to have confidence that the stock will go up.  http://www.fool.com/investing/general/2013/03/04/shorts-are-piling-into-these-stocks-should-you-22.aspx
• Current ratio Symantec – 1.06.  Current ratio – AVG Technologies  - .54.
• Happiness is positive cash flow -AVG has been generating cash.

An interesting statement in the notes - "The Company’s profit and loss tax charge varies from period to period and has shown significant variations from its cash tax charge.  In particular, the Company’s entry into an innovation tax regime in the Netherlands resulted in a significant tax credit in June 2011, which will be reversed in future periods."  You have to love companies with offices in the Netherlands, and Ireland, and bank in the Cayman Islands.  All legal.  All companies with some combination of these should be required to state the number of square feet dedicated to the company  that they rent in these locations. No counting shared conference rooms. And a picture of the Post Office box.   For a discussion on some of this:  

 http://kensek.blogspot.com/2012/04/double-irish-with-dutch-sandwich-yummy.html

It should be an interesting year two for AVG Technologies as a public company following their IPO (initial public offering).  They appear to have an increasing reliance on securing mobile devices.  They just announced a deal with Samsung in the UK for purchasers of Samsung mobile users to download AVG’s mobile product for  free .  On the laptop/PC side and  on the free download side, Avast had 1.21 million downloads on www.download.com  versus 0.87 million for AVG Free Antivirus for the week ending March 3.  However,  CEO JR Smith has stated that AVG has been diversifying their product line. Perhaps this gap compared to Avast  is to be expected. Avast cancelled their IPO over a year ago.

A Lighter Look at RSA 2013 San Francisco

RSA 2013 San Francisco was well attended.  There were over twenty thousand attendees.  Over 350 vendors participated in the trade show portion AhnLab owned the view from outside Moscone Center with flags promoting  their presence at the event.  Former Secretary of State Condoleezza Rice was the featured keynote speaker, the last day of event.   You know you’ve been in security for awhile when you go to one booth and recognize a few people that you’ve worked with, at different companies.

Advanced Persistent Threats (APTs), seemed to be the acronym du jour for RSA 2013 San Francisco this year.  There were a number of firewall vendors, as well.  Websense had a huge wall touting the results of a Miercom   test with their Web Security Gateway Anywhere appliance, versus a handful of competitors.  In looking at 2.26 million URLs, they identified and blocked over 132 thousand bad URLs.  The least effective result was achieved by FireEye who blocked 171 with their Web MPS 1300 appliance.  The report is available on the Websense web site.  Other companies in the test included Blue Coat, Cisco IronPort, and McAfee.  Germany had a pavilion with a number of companies.  China did as well.  Huawei,  from China, had a large booth in the corner of the exhibition hall.  No 60 Minute people were around.  The usual antivirus and internet security vendors were present; Trend Micro, McAfee, Symantec, Sophos, and ESET were there. NSS was distributing their latest firewall report.  WatchGuard was probably not pleased with the result.

However, enough about security.  What were the tchotchkes like?  Dentists appeared to sponsor many of the giveaways, since candy was rampant.  The usual pens and stress balls were all over the place.  More than a handful of booths were giving away quite nice water bottles.  Three motorcycles, including a Harley Davidson, were being given away.  The event was lighter than usual on tee shirts this year, but they were available at the Check Point, Kaspersky, AhnLab, and Trend Micro booths.  .  AhnLab had a slot machine with the grand prize being $10 thousand.  Light sabers were being given away.  A wookie and Leia (cinnabon hairstyle and all) were hanging in one booth along with the white storm troopers.   

There was a huge line for autographed copies of Kevin Mitnick’s latest book, The Art of Deception.  Likewise for Bruce Schneier and his latest book.  A $35 mini speaker was another giveaway at one booth, a company branded Rubik’s cube at another.  One company gave away a 3 feet long remote control helicopter at the end of each presentation.  Very cool.  Copious amounts of food and alcohol was served Monday evening during the two-hour preview to the show.  One company had a box to put one of your tchotchkes in.  A lucky person was going to win the whole box.  Seinfeld’s “no soup for you” guy was at the show for people wanting to have their picture taken with him.  Kaspersky himself showed up at the Kaspersky booth.  The Kaspersky  booth was serving most excellent kaspertinis at the show on Wednesday.  Bravilna.

February Virus Bulletin RAP Averages Quadrant (Reactive and Proactive) July 2012 through February 2013

Virus Bulletin has released their   RAP Averages Quadrant for the July through February timeframe.  There was a little bit of movement from the previous test, but nothing too exciting.  Avira Free wins among the companies best known for their freemium solutions.  Avast was a little ahead of AVG Technologies for Praha bragging rights.   

Once again, some estimating was necessary to pick the below.

RAP Averages Quadrant July 2012 through February 2013

1. Coranti
2. Avira Free
3. G Data
4. Fortinet
5. Lavasoft, TrustPort, BitDefender, BullGuard, Huari

Hall of Shame awards for their performance – Total Defense (by far), SPAMfighter, Frisk, and Commtouch. All scored below 70% on Reactive Detection, with Total Defense at about 55%.  Where are the 800-pound gorillas awards go to Symantec and Trend Micro for not being in the test.  Come on, Steve Bennett.  This test and AV-comparatives.  Time to step up.  Symantec had a big booth at the RSA security show.  The company   should be willing to be in these. 

The previous RAP averages test  had clusters of companies, as listed below. 

1. Zeobit, Coranti (clear winners)
2. Lavasoft, TrustPort, G Data
3. Fortinet, Avira Free, Avira Pro, Roboscan, BitDefender, BullGuard, Emisoft, eScan

 Tests like these provide  useful information in evaluating the relative strengths of the products.  It obviously wins out over the wisdom of Facebook fans clicking on like!  You can view the RAP Averages Quadrant chart at

http://www.virusbtn.com/vb100/latest_comparative/index

Subscribers to Virus Bulletin's publications have access to more details on the results.

RAP Averages Quadrant

This test measures products' detection rates across four distinct sets of malware samples.  The first three test sets comprise malware first seen in each of the three weeks prior to product submission.  These measure how quickly product developers and labs react to the steady flood of new malware emerging every day across the world.  A fourth test set consists of malware samples first seen in the week after product submission.

http://www.virusbtn.com/vb100/latest_comparative/index

  

Virus Bulletin

UK based Virus Bulletin started in 1989.  They provide PC users with a regular source of intelligence about computer viruses, their prevention, detection, and removal, and how to recover programs and data following an attack.  The Virus Bulletin website is at www.virusbtn.com