Attivo Networks Blogs

What’s In Store For 2017… Predictions from Attivo CEO

2017 will be a year filled with twists on existing security challenges and undoubtedly filled with a few new surprises. As the year kicked off, we asked Tushar Kothari, the Attivo Networks CEO, to make five predictions for the New Year. Here’s what he believes:

1. POS malware breaches will increase.

It may appear that the number of breaches of retailers and the customer records being stolen is reducing. This in fact is a misnomer. The number of breached records is reflecting as lower only because less information is being disclosed on the number of records being stolen and since the attacks are shifting their focus on different segments, retail to travel to restaurants.

Attackers are also moving downstream and focusing more on smaller retailers and businesses as there are more of them and they have less sophisticated IT infrastructure. The core problem around Point of Sale (POS) breaches also remains largely unaddressed. There are still thousands of POS systems that are not running any form of anti-virus software because they are running on older Windows XP operating systems and there is a “trust” relation system with asset management servers. With one compromise to the asset management system, malware can be distributed un-noticed to POS terminals in mass. With this compromise, attackers can also open communications to continue to update new variants of malware, commands, and exfiltration of data. This is an extremely high risk vulnerability that can go undetected for months to years before the breach is discovered. Also, with the increased use of the TOR network and the value of data being sold on the DarkWeb commanding from $5-$30 per stolen credit and debit card, the incentive to continue to attack POS systems will remain high.

2. The ratio of detection and prevention budgets will change, with more money going to detection. Additionally, budgets will begin to have specific allocations for advanced threat detection.

As breaches continued this year, more CISOs started to consider more budget allocation to detection systems so attackers inside the network could be identified and stopped. Historically more than 75% of InfoSec technology budgets are spent on preventative solutions and their maintenance. However, a recent survey by Pierre Audoin Consultants among 200 decision makers showed they expected to spend 39 percent of their of their IT security budget overall on detection and response within two years. Gartner has also come out projecting that by 2020 60% of security budgets will be allocated for rapid detection and response approaches.

3. Deception technology will enter the mainstream for advanced threat detection.

The shift from Intrusion Detection and Prevention stand-a-lone solutions to inclusion in Next-Gen Firewalls will continue and a new category of Advanced Threat Detection solutions will emerge to close the gap for detecting signature-less or unknown attacks, in-network lateral movement, insider and stolen credential attacks. Deception technology will be a preferred solution for Advanced Threat Detection. Gartner has called out deception as an automated responsive mechanism representing a sea change in the capabilities of the future of IT security. They have stated that deception is the most advanced approach for detecting threats within a network and acknowledged it as a top 10 security trend for 2015, 2016, and we predict again for 2017.

4. The number of days before hidden attacks are discovered will decrease.

According to a variety of sources, malware continues to go undetected within companies for months—with some detections occurring after as many as 200 days. With more emphasis on detection technology, there will be a decrease in dwell time and an increase in the number of breaches being detected by the companies by their internal teams, whereas, historically, only 1 in 5 breaches are detected internally. I predict by the end of 2017 that this number will increase to 50% of all breaches being detected internally by customers, enforcement agencies, and other interested 3rd parties.

5. There will be an increased focus on improving incident response speed and efficiency.

Vendors will continue to collaborate in sharing information and on integrating their solutions enabling the sharing of data and to provide security teams with a single source for the collaboration of attack information. Collaboration will allow teams to see real threats they might have missed on their own based on a partial view of threat activity throughout the network. Operational efficiency will be increased significantly, providing better detection, quick remediation, and more effective incident response at the time of attack.

It will be exciting to see how the year unfolds and how these predictions turn out. We at Attivo, hope that everyone is off to a very happy and prosperous new year!

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

20 + 1 =

Ready to find out what’s lurking in your network?

Scroll to Top