The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/696855
24 PEER TO PEER: THE QUARTERLY MAGAZINE OF ILTA | SUMMER 2016 BEST PRACTICES Cybersecurity's Uncertain Future: More Threats Call for New Defense Strategies Containers The popularity of using containers such as Docker will grow as they can isolate an application from the host environment and other container-bound applications. If a hacker breached an application, he could be prevented from moving laterally to any other part of the network when Docker and Linux best practices are correctly implemented. Aacks can be mitigated by scheduling which container to use at a certain time. Docker allows users to run one application in many different containers. Using the cluster manager, you can schedule the app to run in different containers at different times of the day. For example, if the app is set up to run in 24 containers, schedule it to run in one container at noon, and then close that container and run in the second container at 1:00 p.m. and so on throughout the day. Each time the application starts up in a container, it starts up with a new IP address. If a hacker were in container one, the most time he could spend in that container would be one hour, then it would be shut down. When the container is run again, it would start up a new instance of the application. With the container system running on a rotating cluster, it is very unlikely to be breached. First, aackers would have to break into the network, then into the Docker system and then into the application. And Beyond… Keeping systems separated will become a big way to secure networks in the cloud and on-premises. Companies will use soware that works similarly to that of virtual machines to separate servers, each server in its own microzone. Each server would be surrounded by a bevy of soware security controls, such as firewalls, web app firewalls and intrusion detection/protection systems. If an aacker were to break into one server, he would still have to break through all the security controls surrounding another server before he could break into it. Because these security controls will be soware technologies rather than hardware devices, they will be less expensive than today's hardware controls, so companies will be able to afford to purchase separate controls for different servers. Machine learning will become commonplace as the aack data will be too overwhelming even for a team of security experts to analyze manually. Once anomalous activities and paerns of activities have been analyzed by security professionals and shown to be malicious, those data will be fed back into a detection device so next time the device recognizes the threat. The future of cybersecurity isn't prey, but with security experts and a variety of detection technologies, new defense strategies on our ever-increasing number of things connected to the web can help minimize the effects of a breach. P2P Keeping systems separated will become a big way to secure networks in the cloud and on- premises.