Posts Tagged ‘NFC’

Browsing Security Predictions for 2012

January 8, 2012 4 comments

Update 01/11/2012: Year-to-Tear comparison with 2011 Security Predictions

The new year has just come, vacations are over, and, as usually happens in this period, information security professionals use to wonder what the new year will bring them from an infosec perspective. The last year has been rich of events, whose echo is still resounding, and as a consequence, if RSA and Sony breach were not enough, the main (and somehow obvious) question is: will 2012 stop this trend or rather bring it to unprecedented levels, or, in other words, which threat vectors will disturb the (already troubled) administrators’ sleep?

Unfortunately my divination skills are not so developed (in that case I would not be here), but security firms can give a crucial help since they started to unveil their security predictions for 2012, at least since the half of December, so putting them together, and analyzing them is quite a straightforward and amusing task. Maybe even more amusing will be, in twelve years, to see if they were correct or not.

The security prediction that I take into consideration included, at my sole discretion (and in rigorous alphabetical order):

•    Cisco;
•    Fortinet;
•    Kaspersky;
•    McAfee;
•    Sophos;
•    Trend Micro;
•    Websense;

That is the only leader vendors for which I found predictions issued with original documents (feel free to indicate if I missed someone and I will be very glad to include them in the chart).

In any case, the landscape is quite heterogeneous since it encompasses security vendors covering different areas: one vendor, McAfee, covering all the areas (network, endpoint and content security), two vendors and one half focused on network and content security (Cisco, Fortinet and partially Sophos thanks to the Astaro acquisition), and two vendors focused essentially on endpoint security (Kaspersky and Trend Micro).

The following table summarizes their predictions:

In order to correctly understand the chart a premise is needed: as you will probably have already noticed, in several cases the predictions reflect the specific security focus for the analyzed vendor. For instance, Websense is focused on DLP, and that is the reason why the adoption of DLP is one of its predictions. Analogously McAfee is investing huge resources for Security on Silicon, and this implies that embedded systems and Malware Moving Beyond OS are present among its predictions. Same speech could be applied for Trend Micro and its Cloud Prediction and so on.

Some trends for this year are clearly emphasized: easily predictable Hactivism appears on 6 of the 7 vendors, as mobile (with different connotations) does. Social Media is on the spot as well as are SCADA, Embedded Systems and, quite surprisingly in my opinion, cloud. I would have expected a greater impact for APTs, but for a complete and more accurate analysis one should consider them together with threats targeting embedded systems or ICS. Even because according to several security firms, for instance Kasperky, APT Stuxnet-like will be used for tailored campaigns, whilst more “general purpose malware”, including botnets will be used for massive campaigns (this item is summarized as Mass Targeted Campaigns).


Some “old acquaintances” will be with us in 2012: consumerization, at least according to Sophos and Trend Micro (even if consumerization is strictly connected, if not overlapped with mobile) and, if the Comodo and Diginotar affaires were not enough, Rogue Certificates, according to McAfee. Instead some “new entries” are absolutely interesting, such as the threats related to NFC (even if in this case I would have expected a greater impact) or related to Virtual Currency. Besides let us hope that the prediction to adopt DNSSEC be more than a prediction but a consolidated practice.

The most conservative security firm? In my opinion Cisco. The most “visionary”? Maybe Fortinet, I found the “Crime as a Service (CaaS)” absolutely awesome, and most of all not so visionary, since there are already some (even if clumsy) attempts.

In any case with this plenty of Cyber Nightmares is not a surprise the fact the Enterprise security market is going to reach $23 billion worldwide in 2012 with a 8.7% growth year-on-year.

Relazione Tavola Rotonda Mobile Security

Ho pubblicato su Slideshare la relazione da me redatta della Tavola Rotonda “Mobile Security: Rischi, Tecnologie, Mercato” tenutasi il 14 marzo a Milano all’interno del Security Summit 2011.

La relazione, che ho inserito all’interno di un thread del gruppo Linkedin Italian Security Professional, è visibile al link sottostante. Ancora un grazie al gruppo che ha ospitato questo interessantissimo appuntamento!

Paga in contanti? No grazie ho il telefono…

December 12, 2010 1 comment

Google ha appena rilasciato il Nexus S, nuovo terminale Androide costruito da Samsung. In attesa dell’arrivo nel Belpaese, il terminale, lanciato a San Francisco il 6 dicembre  scorso, sarà commercializzato il 16 dicembre oltreoceano e il 20 dello stesso mese nella “Perfida Albione”. Il terminale porta in dote Gingerbread, la nuova versione 2.3 del sistema operativo di Mountain View. Come anticipato in un post precedente la grande novità dell’Omino di Pan di Zenzero risiede nel supporto per la tecnologia NFC (Near Field Communication), in notevole anticipo rispetto a Coupertino, che viene gestita nativamente dal terminale e per la quale il video sottostante presenta una divertente dimostrazione.

Per tutti i terminali dotati di un apposito chip, NFC consentirà di effettuare, a detta dei produttori in modo sicuro, micropagamenti semplicemente avvicinando il terminale ad una distanza di circa 10 cm all’oggetto da acquistare, purché questo sia dotato di un apposito smart tag da cui si potranno leggere tutte le informazioni.

La tecnologia è già ampiamente utilizzata in Giappone, e ci sono i presupposti per una rapida diffusione in tutto il Globo semplificando notevolmente la vita dei consumatori (smanettoni e non solo). Spinta notevole per la diffusione della tecnologia sarà la disponibilità dei servizi e spero che almeno in questo caso l’NFC non diventi per il Belpaese l’ennesima occasione perduta come accaduto in altri casi (nell’ultimo viaggio negli Stati Uniti ho potuto constatare come ormai i biglietti aerei si facciano quasi esclusivamente con il codice QR da noi relegato per scaricare sul telefonino improbabili articoli da altrettanto improbabili giornali).

Categories: Mobile Tags: , , , , , ,

Get every new post delivered to your Inbox.

Join 3,710 other followers