2017 Security Predictions and Themes

More of the same..

Simple attacks due to un-patched systems, mis-configurations, ‘standard’ app issues like SQL injection and Cross Site Scripting, phishing links etc. will continue to be the cause of the vast majority of breaches.

Advanced attacks will still make the headlines, even when just in terms of ‘it could have been xx nation using advanced methods’..  Advanced attacks will still be heavily promoted by vendors to sell products and services.

DDoS will continue to get bigger due to the increasing proliferation of insecure connected devices (cue first IoT reference!).

Big data and analytics will continue to be big.  Security use cases such as behaviour analysis across all the log data will continue to mature and start to show the value of “big data” from a security monitoring perspective.  Will need to work on moving from just behaviour monitoring in logs and alerting, to proactive blocking.  ‘Big data’ should start to become the ‘big brain’ that instructs the enforcement tools like IPS and end point agents (they will obviously continue to do their normal job as well).

IoT. I am waiting (note I don’t want there to be one!) for a serious incident in this space.  Not just the DDoS stuff, but actual direct harm to people from the hacking of cars or medical equipment.  This will shortly be followed by a LOT of knee jerk regulation.  No idea if this will happen in 2017 or later.  Unless something fundamental changes in how the devices covered in the wide IoT umbrella are developed, deployed and managed it will.

  • As a side note, we should stop just referring to IoT and start prefixing it with what we are actually referring to, in the same way as you have SaaS, IaaS, GovCloud etc. etc. for cloud ‘things’.  IoT is far to broad, and also has far too many different applications that will have vastly different security implications and requirements.

Blockchain.  Like IoT, no predictions list would be complete without something blockchain in it.  We are already seeing blockchain use cases expanding from currency to DRM and music management etc.  This will continue, it’s very much in the ‘hypecycle’ at the moment with everyone rushing to be at the front with use cases and ‘thought leadership’.  It would be great to see some really beneficial use cases – could a blockchain be used to track and guarantee that charity finances or food or medical supplies went to the right people?

Automation.  Combine environments that are becoming more complex and more dynamic (think DevOps, agile, containers, cloud etc.), increasing numbers of attacks, along with the much reported skills shortage and you have a perfect storm!  Automation will be key for organisations to stay secure.  Automating more of the basic security tasks will also enable better careers for the SecOps guys – they will have more time to focus on more advanced security issues and hunting for threats etc.

Simplification.  In a similar vein to the above, simplification must be a key strategy I’m talking from a security perspective, but this generally makes sense as well!  How many security conversations have started or ended talking about implementing a tool / solution?  We should be having more conversations about how we can rationalise the tooling we use.  How we can meet the security requirements of our organisation with the minimum set of tools and processes.  Thus with the maximum simplicity.

Likely millions of things will happen, that we can’t predict, but these are the current themes I am thinking about.

It would be great to hear your thoughts on the key security themes for 2017!


Puppet introduction

Puppet is currently being deployed in the environment where I work, so I thought it would be a good idea to get at least slightly up to speed around how it works.  Like I am sure quite a few of you I am familiar with Puppet in terms of what it is and what it is commonly used for, in terms of it being an IT automation tool written in Ruby that can manage both *nix and Windows systems.

I didn’t however know much of the detail around exactly how it works and can be configured.  Given that there are probably others in a similar position who either need or want to learn a bit more about Puppet and system management and automation I thought I’d share a couple of the better introductory resources I found.

If you are completely new to Puppet and want to find out what it does the ‘What is Puppet page is an excellent starting point;


The next link is a good introduction to coding with Puppet and nicely covers the fact Puppet is Declarative.  This can be a challenge for some people especially those with coding experience as most languages are Imperative which is quite a different style of explaining what you want the application to do.  Read on to find out more;


I also found this three part series that covers what you need to set up and get running with Puppet with the minimum of extra information.  This is great if you need to get up and running quickly as much of the full documentation is more book like;

Part 1;


Part 2;


Part 3;


Finally if you want a full understanding of Puppet and have the time the Puppet Labs documentation is excellent and should remove any need to buy a reference book;