The space as it is:
The Cyber Security market is alive and well. Recent trends remain the same.
Market is divided into
- Detection Solutions
- Protection Solutions
- Prevention Solutions
- Reaction Solutions
The Detection solutions space tries to become ever faster at detecting an attack. This still includes running files in isolated environments to observer their behaviour. It also includes looking for anomalies in logs and system traces in real time using A.I. and behavioural data. Some folks might also start to use A.I. to understand vulnerabilities and quality gates on source code. Never fields include mining and automated information retrieval on channels that might contain attack information – darknet, deep packet inspection, and endpoint monitoring (detecting vulnerable people).
Attached to the detection space is the inventory space. Identified vulnerabilities are shared, file fingerprints and information is shared and typically enters protection solutions who might block particular behaviour (anomalies), block communication routes (firewals and boundary protection, threat silation), block execution and activation of the threat, etc.
Prevention came more from policies and security tool installations, but also becomes more machine learning driven. Which installations, policies and so forth minimize the attack risk. Stuff like this. Identity and access management, permission management and the entire block is part of this solutions area.
The reaction mechanisms use treat detection mechanisms to orchestrate wider system reactions to an occuring threat and include failsafe and desaster recovery topics.
With new industries and verticals popping up, new focus areas also emerge. They include IoT, Blockchain, Privacy.
Possible new hot topics:
I think the radical shift we are all looking for isn’t there yet. That might include:
a) true end-to-end encryption between humans, with no masterkeys in between. Truely person/individual tied contenct access and control over distribution.
b) Stronger physical security assessment technology that shows when physical security is compromised by tampering, interception, etc.
c) Optimization of hardware security to a level where runtime exploits simply become less likely. A move away from general purpose kernels running on standard hardware to more specialized manufacturing of chipsets, operating systems, etc. Something that might come into play when the design processes become a bit more automated than today.
On the attack side, we will also see more things as A.i. is taking over a bit more:
1. Reverse Engineering from source to human readable code and possible direct duplicates of the original source code might come in and destroy the entire concept of proprietary code.
2. Using A.I. and Big Data to run systematic full-stack vulnerability assessments based on hardware design blueprints and source code and knowledge on compiler settings may come in as a new attack space and will make massive systems vulnerable to RAT poisening and new Botnets.
It is going to remain interesting.
Privacy and Anti-Government :
Also this space remains active. Protecting against government interception and surveillance remains a topic of interest for rogue actors and companies with very sensitive research and development data. I think we will see efforts of designing completely new systems from hardware to operating systems. Possibly the von Neumann architecture with its command and control center over all peripheral devices will cease to play such a strong role, with non-compromised peripheral controllers taking over and building smart applications to monitor anomalies directly at the device level. Who knows.
These folks recently started reaching out on LinkedIn regarding Cyber Security start-ups.
A bit older is here at Berkeley: https://scet.berkeley.edu/scet-explains-cybersecurity/
Momentum Partners offer yet another one: