Freely subscribe to our NEWSLETTER

According to Michael Hamelin, chief security architect with Tufin, the predictions - and recommendations - represent the considered thoughts of his research team, who develop leading edge solutions covering a variety of areas, including PCI DSS compliance and automatic security policy generation strategies.

"After six years of hard work in the security space, we now partner with a number of leading vendors - including Check Point, Cisco, Juniper Networks, Palo Alto Networks, Fortinet, F5, Blue Coat, McAfee and BMC Software - and are well known our technological innovation plus dedicated customer service," he said.

"It’s against this backdrop of IT security knowledge and understanding that we have developed our predictions for the industry for 2012. We hope they prove useful to our clients - as well as anyone involved in the increasing complex area of defending their organisation’s IT platform against the rising tide of security threats," he added.

Tip #1 is on the subject of firewall operations, with the prediction that next generation firewalls will continue their strong adoption by mid- to large-size organisations. As a result of this trend, Tufin sees the operations management challenges of multi-vendor firewall environments as calling for increasing levels of automation of daily change management tasks.

Tip #2 covers the area of firewall compliance and auditing - a key requirement in the increasingly regulated IT security space we now live in. Continuous compliance, says Tufin, will become essential for many more organisations that are striving to keep an always-compliant security status, without waiting for a third party auditor to carry out an annual check,

Tip #3 will see CIO’s needing to show their CEO’s - and their board of directors - a 360-degree and holistic report on the state of their organisation’s IT resources that clearly outlines the business’s network security status.

Regulatory compliance requirements - particularly in the PCI DSS space - and the consequent legal implications, will drive more companies to automate their network security audits and rely less on periodical audits.

Tip #4 also covers the firewall compliance and auditing domain - and Tufin predicts that even those organisations who are not bound to the need for direct regulatory compliance standard will still adopt standards like PCI DSS as a methodology to create a robust network security framework.

Tip #5 involves the field of security change automation, with Tufin predicting that organisations will embrace even more workflow and ticketing solutions designed to provide a comprehensive pro-active risk plus compliance analysis process.

Taking this path will, Tufin believes, allow hard-pressed IT security staff an easy way to achieve a robust continuous compliance process.

"Although it’s been 23 years since the first worm - the Morris worm - appeared on November 2, 1998, a lot more has happened in the malware arena in the last two years then the first 21 years. This escalating change in the threat landscape is something that drives the need for comprehensive security ever-forward," he said.

"And it’s for this reason that we’ve come up with our top five security tips for 2012, which we sincerely hope will assist IT security professionals in planning their defence strategies for the year ahead, which promises to be a challenging one for all concerned," he added.