2019: The Year of Endpoint Analytics, Cloud-optimized UEBA, and MITRE ATT&CK

A quick look at our predictions for the year ahead


The new year is underway, and we are seeing a lot of chatter about what lies ahead in 2019. In the cybersecurity industry, there’s no shortage of apprehension. What new ways will cyber criminals come up with to steal data this year? Will 2019 hold the next biggest data breach?

Despite the anxiety around the ever-changing threat landscape, we’re seeing a lot of excitement about the opportunity to change the game for the good guy! In that vein, we thought we’d share a few of our own 2019 predictions based on what we’re seeing here at Interset.

Prediction #1: Insider threats will continue to keep us up at night

Insider threats—malicious or negligent—have proven to be the most difficult security problem for companies to solve, and we expect this trend will continue. More than half of organizations experienced an insider threat-related attack in the last year. In fact, we took a look at some of 2018’s most troubling breaches, and it seems compromised accounts (i.e. a hacker gains access to sensitive data through a breached employee account) were the most common culprit. It’s important to remember that insider threats are not always malicious employees. Threats often exhibit “insider” characteristics once they’re in your network. Take a look at our infographic, “A Guide to Insider Threats and How to Prevent Them,” to learn more about how external threats can become insider ones.

Prediction #2: UEBA will move to the cloud

Customers are telling us in increasing numbers that they are not just willing, but eager to explore cloud deployments of user and entity behavioral analytics (UEBA) in an effort to reduce complexity and cost. But it’s not just a matter of throwing existing analytics into the cloud; it’s critical to understand how to optimize your analytics for a cloud deployment so that you can see a real difference in your cloud service bill and still provide the same powerful performance and accuracy. For Interset, this is a major priority; we’re architecting our math just for this purpose. On-premise deployments won’t go away (it’s a must for certain organizations and industries), but we expect 2019 to hold significant advancements for UEBA in the cloud.

Prediction #3: We’ll see a resurgence of endpoint data analytics

A few years ago, we saw major fatigue around endpoint—quite frankly, endpoint agents became a sore subject for many security pros who were running between five and ten of them at once. But in the last year, things have changed. The reality is that endpoint data is incredibly rich and holds incredibly important clues about security threats in your organizations. There’s been a rise in advanced analytics that lets you see more and do more with that existing endpoint data, largely due to a better technical and mathematical fit between the endpoint data being collected and the analytical models’ needs. Interset is front-and-center in this endpoint analytics renaissance, and we expect 2019 is going to hold even more opportunity here.

Prediction #4: The MITRE ATT&CK framework will continue to guide SOC and vendor priorities

The MITRE ATT&CK framework—a living knowledge database of real-world threat tactics and techniques—has quickly become invaluable for security professionals seeking to be proactive about protecting their organizations. We’re already seeing MITRE itself begin to evaluate security products against the ATT&CK framework, and security vendors can expect to increasingly be measured by their ability to combat the tactics and techniques specified by ATT&CK. No doubt, the framework is already playing a key role for product development at Interset, and we’re excited to see how the cybersecurity community continues to collaborate on and innovate around ATT&CK.

Prediction #5: Critical infrastructure cybersecurity investment will increase

No industry is immune to cyberattacks, and we expect that 2019 will hold massive cybersecurity challenges for financial services, healthcare, manufacturing, transportation, and—of increasing concern—critical infrastructure. The high frequency of attacks on critical infrastructure companies combined with the potential damage that could result from an attack is fueling a massive push for more spending and more innovation for the industry. Last year, the U.S. Department of Energy outlined a new strategy along with significant spending to better protect the country’s critical infrastructure against cyberattacks (read more about this in our recent blog), and Canada’s Department of Public Safety likewise included cybersecurity as a top goal in its critical infrastructure action plan. These initiatives are laying a good foundation, but we expect 2019 is going to see a (necessary) increase investment along with more collaboration across the public and private sectors.

All-in-all, 2019 is poised to be a busy one. At Interset, we have a hunch this year is going to be the most exciting year yet. We’re ready for it—are you? If you’d like to learn more about how Interset UEBA can help you prepare for security threats in the year ahead, send us an email at securityai@interset.com.