Industry executives and experts share their predictions for 2023. Read them in this 15th annual VMblog.com series exclusive.
Don't Worry About Predicting the Future, Focus on What's Happening Now
By Martin
Roesch, CEO of Netography
We are currently on
the cusp of another major movement and are facing a reckoning - The dispersed,
ephemeral, encrypted, and diverse Atomized Network is presenting new
challenges, and the old rules and technologies are now unsuited for the
security requirements.
While the
fundamentals of security haven't changed, the environment security
professionals operate in-the composition of the networks we need to protect,
the categories of attacks we face, the teams we operate within, and the
effectiveness of the capabilities we've relied on historically, have all
changed.
To be able to defend
our environments, we must fully appreciate what today's networks really look
like and the doctrinal shift that's required in enterprise security. Some of
the core approaches to network security are being obsoleted. Nothing has
replaced them. And no one seems to appreciate this.
I have always looked
at current, real-world customer challenges to architect approaches and
technologies that address issues that some may not even yet recognize. Rather
than predicting the future, I've been identifying emerging issues that need to
be solved today, in order to empower security teams and businesses tomorrow.
There are several
critical cybersecurity issues that businesses need to prioritize as they look
to the new year.
Current network environments are creating chaos. The pandemic kicked off a rapid evolution of networks that have become
chaotic - composites of multi-cloud, hybrid-cloud, and on-premises
infrastructure, with mobile and remote workers accessing data and applications
scattered across this environment. Without addressing this, attackers have
plenty of places to hide and threats will be more imminent.
Traditional
solutions have limitations. Several of the core
technologies scoped and responsible for network security -specifically NGFW,
IPS, and NDR-are losing potency and at risk of becoming obsolete because of
three evolutionary pressures on DPI technologies delivered on appliances:
deployment, encryption, and cost.
- Today, comprehensive appliance
deployments are impossible
- Zero Trust and
software-as-a-service have accelerated the broad usage of encryption, blinding
many of the capabilities of DPI
- The costs of an appliance-based
architecture are considerable and the benefits are diminishing
New
solutions are creating unforeseen visibility issues. While
endpoint detection and response (EDR) and Zero Trust architectures are
critical, the importance of network visibility and control has gotten lost in
the hype, and new categories of attacks reveal the consequences of the
reduction in capabilities.
- Zero Trust architectures and EDR were supposed
to obviate the need for network-based threat detection and protection. But Zero
Trust identity-based access permission models can be bypassed or circumvented.
- And while EDR provides unique
value for dealing with client-side attacks, attackers continue to have plenty
of places to hide on the network.
Organizations
are lacking visibility. Attackers live in these gaps. Many
devices connecting to the atomized network include personal devices, critical
infrastructure assets and rogue smart devices. Organizations have lost
visibility of these devices and the resulting gaps now allow attackers to enter
and dwell.
The industry continues to raise the bar
for attackers with aggressive measures to make networks more difficult to hack.
Yet history shows us time and again that controls can be abused,
vulnerabilities in software can be exploited, and user error invariably
happens.
Network security will always be important
to limit the "blast zone" of a compromise, reduce attacker dwell time, minimize
the cost of breaches and downtime, and prevent future intrusions. However, to
be effective, it needs to be architected for the Atomized Network.
Organizations must evolve or their ability to protect will only get
worse. Adversaries are succeeding because defensive limitations have become
predictable. Corporate infrastructure has changed drastically over the last
couple years with applications and data scattered across complex environments. We need to recognize the world for what it is, not what it used to be,
and build for that world.
##
ABOUT THE AUTHOR
Martin Roesch is the CEO of Netography, Inc.
with over 25 years of experience in information security and embedded systems
engineering. Marty is a pioneer in the industry as one of the first
entrepreneurs to successfully commercialize open source software in addition to
creating the global standard for describing and detecting network-based
attacks. In 2001 he founded Sourcefire, serving as CEO/CTO until the 2013
acquisition by Cisco for $2.7 billion, and is the original author and lead
developer of the Snort Intrusion Detection and Prevention System that formed
the foundation for the Sourcefire product suite.