The world never stands still. In the technology space, this means that constant innovation and discovery is the key to a solution provider’s survival and growth.

In the cybersecurity arena, this creed is even more vital. Many hackers are brilliant people. There’s only one way to get the better of them – be even more brilliant. And faster and more creative.

Which is why R&D is crucial in the security technology business. Cybersecurity solution providers must deliver open, integrated security and networking technologies that enable enterprises to see and react rapidly to changing attack techniques, increase proactivity, and scale and provision their security along with business growth. To cope with this breadth of demands – sometimes in very short time spans − technology providers need to be able to cross traditional boundaries, allowing them to innovate across the entire ecosystem.

Fortinet is at the forefront of such innovation. In 2016 alone we were granted close to 80 patents in such diverse areas as CASB, malware detection techniques, data leak protection, virus detection, hardware acceleration, DDoS, cloud services, and more.

However, the cyber threat landscape is continuing to become more challenging from a researcher’s perspective in 2017. Here are a few areas that Fortinet has identified for intensive R&D during the coming year:

1. Deep learning for attack analysis

Different types of detection technologies have emerged over the years. It started out with signatures (a technique that compares an unidentified piece of code to known malware), then heuristics (which attempts to identify malware based on behavioural characteristics in the code), followed by sandboxing (in which unknown code is run in a virtual environment to observe if it is malicious or not), and machine learning (which uses sophisticated algorithms to classify the behaviour of a file as malicious or benign, before letting a human analyst make the final decision).

Now, the latest technology − deep learning − has come onto the market. Deep learning is an advanced form of artificial intelligence which uses a process that is close to the way human brains learn to recognize things. It has the potential to make a big impact on cyber security, especially in detecting zero-day malware, new malware, and very sophisticated advanced persistent threats (APTs).

Once a machine learns what malicious code looks like, it can identify unknown code as malicious or benign with extremely high accuracy, and in near real-time. A policy can then be automatically applied to delete or quarantine the file, or to perform some other specified action, and that new intelligence can then by automatically shared across the entire security ecosystem.

In 2017, Fortinet will continue to develop technologies designed to make our appliances learn more intelligently and identify unknown malware more accurately.

2. Big data for log correlation

IT is deeply entrenched in both our businesses and personal lives, leading to an increasing amount of data being generated, collected, and stored around the world.

And since the working principle is that the more things a security solution provider sees, the more opportunities there is for it to connect the dots, understand the threats, and hence protect the network, leveraging big data to make sense of exponentially growing event logs will be an important area of research for us in 2017.

We will continue to refine our Security Information & Event Management (SIEM) capabilities in the new year, and increase our solutions’ ability to harness FortiGuard Labs threat intelligence data for even deeper insight into cyber attacks.

3. Strengthening container security

Running applications in containers instead of virtual machines (VMs) is gaining momentum. At the heart of this ecosystem lie solutions like Docker, an open source project and platform that allows users to pack, distribute, and manage Linux applications within containers.

There are several benefits to Docker technology, including simplicity, faster configurations, and more rapid deployment, but there are also some security downsides. These include:

·Kernel exploits − unlike in a VM, the kernel is shared among all containers and the host. This amplifies any vulnerability present in the kernel. Should a container cause a kernel panic, it will take down the whole host, along with all associated applications.

·Denial-of-service attacks − all containers share kernel resources. If one container can monopolize access to certain resources, it can cause denial-of-service (DoS) to other containers on the host.

·Container breakouts − an attacker who gains access to a container should not be able to gain access to other containers or the host. In Docker, users by default are not name-spaced, so any process that breaks out of the container will have the same privileges on the host as it did in the container. This could potentially enable privilege escalation (e.g. root user) attacks.

·Poisoned images – it’s difficult to ascertain the sanctity of the images you are using. If an attacker tricks you into running his image, both the host and your data are at risk.