Top 10 Trends in Cybersecurity in 2017

With the development of the internet, hackers have more and more motives and means to steal customers' information and resources, and even cause damage to assets. Cybersecurity issues are receiving increasing attention from government departments and various sectors of society. From 2011 to 2016, the annual compound growth rate of the domestic network security market was 21.6%. In 2016, the market size of China's network security industry reached 34.172 billion yuan, a year-on-year increase of 23.5%. According to the exponential growth model, the size of the domestic cybersecurity market is expected to reach 42.202 billion yuan in 2017, and the cybersecurity industry is showing a highly prosperous trend. In such a big environment, a clear understanding of the trends in the cybersecurity market is beneficial for seizing the opportunity in fierce market competition. Next, this article will lead everyone to take a look at the top ten trends in the cybersecurity market in 2017.

Trend 1: The Cybersecurity Law promotes increased investment in security in key industries

Interpretation of Trends
Two points can be drawn from the Cybersecurity Law: firstly, the protection and upgrading of critical information infrastructure. Article 31 of the Security Law stipulates that the state implements key protection for important industries and fields such as public communication and information services, energy, transportation, water conservancy, finance, public services, and e-government. Once the data of these high-quality units is threatened, it will bring incalculable losses. Secondly, the enhancement of the operator's safety responsibility. Articles 10 and 21 of the Security Law repeatedly emphasize the security responsibilities of network operators.


The changes brought about
Firstly, network operators need to invest more effort than in the past to ensure the security of the network environment. Taking app development as an example, in the past, operators only needed to consider capacity when purchasing cloud space, but after the implementation of security laws, operators also need to ensure that their security capabilities meet the standards stipulated by security laws. Secondly, the economic and official penalties for the institutions and responsible persons for safety accidents have been clearly defined in terms of legal responsibility. Under the promotion of security laws, customers' investment in network security will increase.

Trend 2: The release of Level Protection 2.0 brings new opportunities for compliance construction

Interpretation of Trends
The 5th National Conference on Information Security Level Protection Technology marks the entry of the level protection system into the 2.0 era, and the promotion of the construction of an integrated network security comprehensive prevention and control system with "prevention and control". The new "Basic Requirements for Network Security Level Protection" covers four major areas: cloud computing, mobile services, industrial control systems, and monitoring and early warning.


The changes brought about
Waiting for Security 2.0 requires the division of security responsibility boundaries, where the platform side is responsible for platform security and the tenant side is responsible for tenant security. At present, a large number of cloud platforms only focus on underlying security, without security for tenants, and there are many opportunities waiting to be met with technology.

Trend 3: User data and privacy security incidents will become more prominent

Interpretation of Trends
There will be an increasing number of incidents related to user data and privacy security. Last year's ITRC report showed that the total number of data and privacy security incidents exposed in the United States in 2015 was 781, while in 2016, this number rose to 1093, an increase of 40%. In 2016, the market size of the black industry chain reached the order of billions of yuan, with phishing, telecom fraud, ransomware, and other major forms of crime.




The changes brought about
In the future where data privacy breaches occur frequently, customers will adopt more diverse security defense measures, ranging from upgrading network security equipment and solutions, to collecting hacker threat intelligence, to popularizing social engineering knowledge, and deploying them in various links to reduce the probability of user data and privacy being stolen.

Trend 4: IoT security will receive more attention

Interpretation of Trends
The popularization of the Internet of Things brings new challenges. According to Gartner's statistics, there were 6.4 billion devices connected to the internet worldwide in 2016 (excluding smartphones, computers, and tablets), a year-on-year increase of 30%. Gartner predicts that this number will reach 20.8 billion by 2020. HP's research shows that currently 70% of connected devices are highly vulnerable to attacks. A large number of IoT terminal devices suffer from vulnerabilities and low attack thresholds, which could potentially lead to a global "worm" outbreak. At the same time, traditional network security boundaries are broken, and various devices connected using multiple protocols including Bluetooth create more attack points, providing convenience for hackers to launch new types of internal network springboard attacks.


The changes brought about
In the era of the Internet of Things, there are already a large number of IoT terminal devices in enterprise intranets, most of which have security risks. Therefore, in 2017, users need to increase their attention to IoT security, upgrade IoT security technology solutions as soon as possible, and improve protection capabilities quickly.

Trend 5: Existing security solutions slow down users' migration speed to the cloud

Interpretation of Trends
The migration of users to the cloud is a major trend, and we are often concerned about cloud security technologies, such as east-west traffic. After conducting extensive user research, it was found that the real needs of users are not technology, but new security construction, management, and operation models in cloud security scenarios. In the past, network security was mostly self built for personal use, but now on cloud platforms, the roles of users have become more diverse, including platform providers, regulators, and tenants, and each tenant's needs are different.


The changes brought about
The security and hardware security built in the past were designed for the traditional self built and self used model, which is difficult to help users meet personalized needs. To better assist users in migrating to the cloud, cloud security solutions need to be further upgraded, so that regardless of the business scenario, underlying architecture, and platform used, they can safely, flexibly, and efficiently complete cloud business delivery, enabling IT architecture to quickly move towards cloudification.

Trend 6: More and more users are accepting "cloud based security services"

Interpretation of Trends
Network attack and defense is a battle between hackers and security talents, with equipment and technology being the automated weapons of both sides. Although weapons are essential, ultimately, security talents are still needed to win the battle. However, the reality is that it is difficult for enterprises to recruit senior security talents, and the gap in security talents is difficult to fill in a short period of time. Cloud based security services are an effective way to solve this problem, referring to security services delivered through the cloud. Simply put, top security experts help enterprises solve log analysis, threat analysis, cloud monitoring, and other problems in the cloud.


The changes brought about
Currently, there are many mature cloud security service providers in Europe and America, and more and more enterprises are adopting this holistic delivery approach. Unlike Europe and America, the implementation of cloud based security services in China requires the inclusion of security service integrators to jointly achieve the cloudification of security services.

Trend 7: Greater investment in security detection technology

Interpretation of Trends
Protection has become difficult to prevent hackers from invading, and post detection has become a key focus of security construction. In 2016, Gartner analysts released four of the top ten security technologies related to detection, namely endpoint detection response (EDR), unsigned endpoint defense, user and entity behavior analysis (UEBA), and intelligence driven security centers.

The changes brought about
Gartner's survey shows that real-time threat detection and response technology has the fastest growing market share in the entire security market, reaching 15.8%. The most popular keyword in the domestic enterprise level security market in 2016 is "situational awareness" that requires discovering attacks that bypass defense, predicting attack behavior and objectives. In 2017, products and solutions related to detection, such as the network wide security awareness platform and endpoint EDR, will better provide security services.

Trend 8: Artificial intelligence will be widely applied in the field of security

Interpretation of Trends
In Gartner's "Top 10 Technology Trends of 2017," artificial intelligence and machine learning rank first. In fact, many models in artificial intelligence, machine learning, and even deep learning were proposed many years ago. The reason why they have become popular in recent years is mainly due to the gradual maturity of two conditions: the accumulation of a large amount of data and the upgrading of computing power. In the past, users' security data was distributed across various devices, which was fragmented and scattered. However, now with threat intelligence, all of this data can be collected to form massive amounts of data. The development of cloud computing and parallel computing technology provides powerful computing capabilities, making artificial intelligence a growth environment in the field of security.


The impact it brings
In the future, on the one hand, new forms of attacks such as "zero day attacks" (0Day) are increasing, and the forms of attacks are constantly evolving. Relying solely on features or rule libraries is difficult to effectively respond to new unknown threats. Using artificial intelligence technology to shift from feature recognition to behavior analysis is an effective means of responding to new threats. On the other hand, artificial intelligence can easily handle massive security logs, assisting security professionals in analyzing the security status of enterprises faster and better.

Trend 9: Automated response drives the linkage between various products

Interpretation of Trends
Detection is certainly important, but simply detecting intrusion is not enough. We need to respond to truly eliminate threats. In the past, the response was done manually, such as debugging login devices, issuing policies, fixing system vulnerabilities, etc. Often, the response work was not completed and the data had already been stolen. Automated security response means that once a threat is detected, it automatically responds through security policy orchestration to quickly eliminate the threat.


The changes brought about
One major challenge in automated response is the linkage between devices from different manufacturers. In 2017, we will see that even devices from different manufacturers can achieve linkage as long as they comply with API standards, thereby quickly issuing strategies to all network devices to intercept threats. Foreign companies such as DFlabs have set an example, and in China, this new technology solution of automated response driven linkage between products will be explored and attempted by more innovators.

Trend 10: Security vendors continue to acquire and integrate delivery is the trend

Interpretation of Trends
When enterprises adopt devices from different manufacturers, the overall security effect is not ideal due to the insufficient interconnectivity between devices from different manufacturers. In 2016, there were over 40 mergers and acquisitions in the field of cybersecurity in the United States, among which, IBM、 Cisco and Oracle are both acquiring a large number of high-quality security startups. The driving force behind mergers and acquisitions is actually user demand. What users need is simple security, and as much as possible, a complete security solution should be provided by one vendor, rather than the "Eight Nation Alliance" style of purchasing equipment from multiple vendors.


The changes brought about
From an industry perspective, mergers and acquisitions by security vendors will continue in the future. At the same time, users will prefer the simplification of security construction, delivery, and integration of security solutions. Therefore, vendors with comprehensive security capabilities will be better equipped to provide users with integrated security services in their future development. Finding a vendor with integrated delivery capabilities for long-term cooperation and jointly building an industry ecosystem will be a wise move.


The above ten trends in the network security market cover different aspects such as laws and regulations, user needs, and the latest technologies. To seize these opportunities, innovation and exploration are essential, such as piloting new security models, exploring the shift from traditional security hardware sets to service-oriented delivery of security as a service, and so on. I hope the above ten trends in network security can provide some inspiration and help to everyone.