Industry executives and experts share their predictions for 2023. Read them in this 15th annual VMblog.com series exclusive.
What 2023 Has in Store for Network Security
By James Karimi, CIO/CISO, GTT Communications
In 2023, IT departments will still be impacted by the
global COVID-19 pandemic, as the rapidfire digital transformation campaigns
kicked off in 2020/2021 will still continue as it's now expected employees will
be working from anywhere. On the networking side, these initiatives will
include the following: a software-defined
wide area network (SD-WAN) approach underpinned by internet connectivity. an
continued need for higher bandwidths, and 5G (and even 6G) to provide
alternatives for optimum business connectivity.
With end users need to access business applications from
anywhere at any time, IT staffs must mitigate the exposure of cyberattacks with
a new framework for their company's security posture. For example, cyber
criminals are monitoring updates on company websites as to which offices have
closed and matching them to the LinkedIn profiles of employees in those regions
now working from home to begin targeting them. This scenario is going to harm
companies that have been slow to adopt a Secure Access Service Edge framework,
including zero trust.
Despite these challenges, 2023 will present IT teams with
new strategies and emerging technologies to fight these threats - including
endpoint security, expanding training to partners and contractors, increased AI
in SIEM solutions, and the proliferation of enhanced internet services.
Security will move to the
endpoint
A ransomware attack can enter an
enterprise through any small crack in your defense and laterally spread
everywhere within minutes. A lot of organizations miss that, because they have
implemented a Virtual Private Network or an Endpoint Detection & Response
solution, and mistakenly believe that alone equates to zero-trust protection.
In response, many organizations
will move the security stack up to the application layer to the endpoint -
where we anticipate a 10,000% increase in attacks. Enterprises can install 5G
adapters right on the laptops, giving them more granular control of the
last-mile network to do source-based security policies no matter where the user
resides.
The focus will extend from
training employees to policing others with external access to enterprise
networks
There's been much focus on
providing cybersecurity tools and awareness training to employees to better
equip them to deal with cyberattacks such as phishing. But a lot of
organizations are falling short on dealing with external users such as
contractors and partners who generally are not governed under the enterprise's
policies and procedures. These partners often have access to some of the
enterprise's most critical information systems, especially when working with finance
teams and legal departments. That increases the risk of data breaches much more
than do incidents of employees inadvertently clicking a harmful link.
Over the past couple of years,
mature organizations have performed security assessments on vendors or
contractors storing their data. That's a great starting point, but there must
be ongoing efforts that provide security leaders with risk scores on a
continuous basis.
Many organizations that thought
themselves not equipped to do those evaluations in the past will be forced to
rethink their approach, starting with a basic understanding of which of their
business operations partners need to access, which partners and operations they
should monitor, and which are less worrisome. They should do a data check on
every vendor as part of the initial engagement.
AI and machine learning will
become a more prominent aspect of SIEM
Next year will see a huge jump
in vendors putting Artificial Intelligence (AI) and machine learning (ML) into
Security Information and Event Management (SIEM) platforms. SIEM has proven
adept at collecting information and allowing enterprises to filter and focus on
the most relevant alerts. But there's still a lot of noise coming in, and
typically enterprises still rely on analysts to build filters. If an
organization is getting thousands of the same inconsequential alerts every day,
they're going to start ignoring them. Building more AI/ML into log systems will
help security leaders to filter out the noise and prioritize the relevant alerts
to address. For example, the system can know to ignore alerts created due to
weekly server backups and not to tie up a high-priced security specialist to
analyze those.
We're never going to be able to
fully automate using AI/ML to determine all relevant threats. But tools will
begin appearing in the coming year to help limit the involvement analysts in
filtering out SIEM noise, taking us to the next level of managed detection and
response.
2023 will be the year of
enhanced internet
Enhanced internet services
gained popularity in the last few years as an offering that improves the
reliability and performance of internet-based traffic. First defined by
Gartner, it includes features such as telemetry-based routing and performance
optimization.
Tier 1 internet service
providers, with their ability to see the IP traffic trends before anybody else,
will formulate algorithms to start looking at traffic flows, providing clients
with continuous reports on potentially malicious traffic from certain
destinations to their IP ports that require investigation without the need of
additional security functionality.
Service providers will also
offer clients full vulnerability scans of their IP space on a timely basis to
provide visibility into risks. As organizations grow, they often end up with
shadow systems with vulnerabilities that aren't noticed as these systems are
quickly forgotten. Scans can easily reveal dozens of vulnerabilities on an
organization's public websites in seconds, just by checking a couple of IP
addresses they own.
2023 is still an opportunity to be safe
As always, the coming year will present both serious
challenges and opportunities to IT and security leaders. But by investing in
the latest frameworks such as zero-trust and leveraging the best solutions
coming to the market, they can keep pace with constantly evolving cyberthreats.
##
ABOUT THE AUTHOR
James Karimi serves as the CIO/CISO at GTT Communications
and is a seasoned engineering veteran in both telecommunications and enterprise
networks and systems. In a career spanning 27 years at various companies, he
has focused on multiple areas of technology and has been involved in
architecting several carrier networks; managing vast enterprise networks,
systems and applications; integrating network and systems; and managing
consolidation due to M&A activities. He has also participated in and had
oversight of many network-based projects, including network monitoring and
management with an emphasis on software-driven network automation. Currently,
James is focused on the transformation and automation of the GTT systems
platforms as well as continually evolving the GTT security program to limit
risk, exposure and to stay current with the evolving threat landscape.
Previously, he was the CTO and founder of IPNetZone Communications, the first
company to build an MPLS exchange platform in 2006. He also previously held CTO
positions at Amp Networks and United Network Services prior to coming to GTT.