Virtualization Technology News and Information
Article
RSS
Netography 2023 Predictions: Don't Worry About Predicting the Future, Focus on What's Happening Now

vmblog-predictions-2023 

Industry executives and experts share their predictions for 2023.  Read them in this 15th annual VMblog.com series exclusive.

Don't Worry About Predicting the Future, Focus on What's Happening Now

By Martin Roesch, CEO of Netography

We are currently on the cusp of another major movement and are facing a reckoning - The dispersed, ephemeral, encrypted, and diverse Atomized Network is presenting new challenges, and the old rules and technologies are now unsuited for the security requirements.

While the fundamentals of security haven't changed, the environment security professionals operate in-the composition of the networks we need to protect, the categories of attacks we face, the teams we operate within, and the effectiveness of the capabilities we've relied on historically, have all changed.

To be able to defend our environments, we must fully appreciate what today's networks really look like and the doctrinal shift that's required in enterprise security. Some of the core approaches to network security are being obsoleted. Nothing has replaced them. And no one seems to appreciate this.

I have always looked at current, real-world customer challenges to architect approaches and technologies that address issues that some may not even yet recognize. Rather than predicting the future, I've been identifying emerging issues that need to be solved today, in order to empower security teams and businesses tomorrow.

There are several critical cybersecurity issues that businesses need to prioritize as they look to the new year.

Current network environments are creating chaos. The pandemic kicked off a rapid evolution of networks that have become chaotic - composites of multi-cloud, hybrid-cloud, and on-premises infrastructure, with mobile and remote workers accessing data and applications scattered across this environment. Without addressing this, attackers have plenty of places to hide and threats will be more imminent.

Traditional solutions have limitations. Several of the core technologies scoped and responsible for network security -specifically NGFW, IPS, and NDR-are losing potency and at risk of becoming obsolete because of three evolutionary pressures on DPI technologies delivered on appliances: deployment, encryption, and cost.

  • Today, comprehensive appliance deployments are impossible
  • Zero Trust and software-as-a-service have accelerated the broad usage of encryption, blinding many of the capabilities of DPI
  • The costs of an appliance-based architecture are considerable and the benefits are diminishing

New solutions are creating unforeseen visibility issues. While endpoint detection and response (EDR) and Zero Trust architectures are critical, the importance of network visibility and control has gotten lost in the hype, and new categories of attacks reveal the consequences of the reduction in capabilities. 

  • Zero Trust architectures and EDR were supposed to obviate the need for network-based threat detection and protection. But Zero Trust identity-based access permission models can be bypassed or circumvented.
  • And while EDR provides unique value for dealing with client-side attacks, attackers continue to have plenty of places to hide on the network.

Organizations are lacking visibility. Attackers live in these gaps. Many devices connecting to the atomized network include personal devices, critical infrastructure assets and rogue smart devices. Organizations have lost visibility of these devices and the resulting gaps now allow attackers to enter and dwell.

The industry continues to raise the bar for attackers with aggressive measures to make networks more difficult to hack. Yet history shows us time and again that controls can be abused, vulnerabilities in software can be exploited, and user error invariably happens.

Network security will always be important to limit the "blast zone" of a compromise, reduce attacker dwell time, minimize the cost of breaches and downtime, and prevent future intrusions. However, to be effective, it needs to be architected for the Atomized Network.

Organizations must evolve or their ability to protect will only get worse. Adversaries are succeeding because defensive limitations have become predictable. Corporate infrastructure has changed drastically over the last couple years with applications and data scattered across complex environments. We need to recognize the world for what it is, not what it used to be, and build for that world.

##

ABOUT THE AUTHOR

Martin-Roesch 

Martin Roesch is the CEO of Netography, Inc. with over 25 years of experience in information security and embedded systems engineering. Marty is a pioneer in the industry as one of the first entrepreneurs to successfully commercialize open source software in addition to creating the global standard for describing and detecting network-based attacks. In 2001 he founded Sourcefire, serving as CEO/CTO until the 2013 acquisition by Cisco for $2.7 billion, and is the original author and lead developer of the Snort Intrusion Detection and Prevention System that formed the foundation for the Sourcefire product suite.
Published Friday, December 09, 2022 7:33 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2022>
SuMoTuWeThFrSa
27282930123
45678910
11121314151617
18192021222324
25262728293031
1234567