Industry executives and experts share their predictions for 2018. Read them in this 10th annual VMblog.com series exclusive.
Contributed by Patrick MeLampy, COO and co-founder, 128 Technology
Routers Get Session Smart
Benjamin Franklin in 1789
said in part, "two things are certain in life, death and taxes." If he were
alive today, he might add a third, "and data breaches."
I predict that the industry will recognize the inefficiency
of the onerous corporate tunnel overhead tax. IPSEC VPNs and SD-WAN tunnel
techniques currently have up to a 30 percent overhead. In 2018, corporations
will begin to recognize they need to seek alternatives to tunneling and that
bloating their wide area bandwidth by 30 percent will no longer be acceptable.
I also predict the death of
anywhere-to-anywhere networking. The costs incurred by corporations when data
is stolen is growing without bound and represents an unbounded risk going
forward. The data thieves sneak past firewalls, and security apparatus that
delay getting inside data networks, but once inside a network, there are no
security capabilities to prevent data from being exfiltrated. Nearly all data
thefts are cloaked in encryption. Data is trickled out disguised as legitimate protocols.
This is all enabled by networks that route packets from anywhere-to-anywhere.
I also predict a dramatic
increase in security events that occur laterally in data centers, i.e. security
events where one data center cluster of servers is infiltrated by another. Data
center services used to be separated by layer two techniques, but as data
centers have scaled and replicated, many of the separation techniques have become
soft-state or advisory separations such as MAC databases, VxLANs and VRFs.
These segmentation techniques offer new vectors of attack with the physical
switched infrastructure providing wide open highways to steal data. Application
owners rely on the data center infrastructure to prevent lateral attacks with
blind trust. In 2018, I predict this will change as more corporations begin demanding
proof of security within data centers.
These predictions are
related. If network routers were session smart, they would be able to route
packets without tunnel overhead saving 30 percent of the bandwidth. If network
routers were session smart, they would be able to understand the direction of
traffic, and by extension detect exfiltration. Network routers that understand
services could greatly reduce the surface area of attack. If network routers
were session smart, they would be able to authenticate each and every session.
The future isn't about new
network layers on top of old. It's about the old bottom layers becoming session
smart.
##
About the Author
Patrick MeLampy, one of the co-founders of 128
Technology, has served as the company's chief operating officer and director
since the company's inception. With Andrew Ory, Patrick co-founded Acme Packet
Inc. and served as its chief technology officer since August 2000. He served as
vice president of engineering of Priority Call Management (PCM) since 1989. At
PCM, Patrick developed and supported the company's network telecommunications
products and grew the engineering team from two to 75 members. He has
developed intellectual property portfolios at PCM, LHS, PCM, and Acme
Packet. Patrick earned a B.S. degree in mechanical engineering from the
University of Pittsburgh and an M.B.A. from Boston University.