Skip to content ↓ | Skip to navigation ↓

If you think the Oculus Rift is just about gaming, Facebook just put up 2 billion reasons why you are wrong. Virtual reality (VR), a perennial future trend that never became reality, is about to come into play in a big way. It is going to change the way we compute, and we better start thinking about how this will affect the security industry before we are left playing catch-up.

The explosion of smartphones, and the growth of social networks, both brought major changes in security. New risks, new ways attackers could leverage and exploit the technology, and new security controls to detect threats and protect against attacks all emerged. The changes also brought new opportunities to leverage these platforms to better communicate.

If I am going to get the boss to pay for a VR headset, I had better have a strong use case for why this will be valuable for security. The first, and most obvious choice is for visualizations. In 1996, I wrote a software module that converted vulnerability scan data into a VRML file. Nobody was quite sure why you would want it, but it sure looked cool!

Today, there is an explosion of data in security – big data is all the rage, but big data is rapidly turning into too much data. We ask security analysts to sift through volumes of data every day. If they miss a crucial indicator of a compromise among a sea of low-value information, the vendors stand up and say “see, our product found the problem”, instead of taking responsibility for not more clearly assessing the risk and presenting the information in a way that could be easily understood and digested.

There is a clear need for better tools for analysts to use, and there is no doubt in my mind that an experience that expands the field of vision and immerses an analyst in the data creates new opportunities for understanding. The companies that figure out how to leverage emerging VR technology to address this real security business problem will create a great product – and have the coolest security demo anyone has ever seen!

There is no doubt this will happen. Faster and more naturally intuitive access to information is coming, and it is going to create a huge strain on existing security infrastructure. In gaming, one of the key elements of an effective virtual reality experience is low latency. For assessing large volumes of information, this is also relevant.

Think about old style web interfaces where you had to reload data from the server for every page you view. Now imagine each page has to be re-loaded each time you move your eyes or shift your head. Practically speaking, this does not sound like a low latency system.

To give an analyst a real-time experience, orders of magnitude more information is going to have to be preloaded and instantly available to an analyst. This in turn will strain the big data stores and data extraction capabilities of these systems.

Now imagine this data expansion is happening all over the network and across every application that every user is using. The next order of magnitude increase in network traffic on a corporate network is probably not coming from higher bandwidth Netflix streams – it is from enterprise applications moving out of the old standards of simple text communication and into 3D interactive virtual reality.

What can you do about this now? If you are an enterprising software developer, recognize that there is a game changing platform for visualization coming soon. So start planning how you can take advantage of it. Even if you are dealing with plain old boring 2D computing for years to come, there is still a lot to be learned and applied from seeing where the future is headed and getting a glimpse of that future.

Faster access to data, lower latency interfaces, and more intuitive ways of dealing with large amounts of information that needs human processing are all big challenges in the information security industry that need solving. For $350, is it time for a little research?

 

Related Articles:

 

Resources:

picCheck out Tripwire SecureScan™, a free, cloud-based vulnerability management service  for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology.

 

picThe Executive’s Guide to the Top 20 Critical Security Controls

Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].

 

Title image courtesy of ShutterStock