Heading to a unified approach to security
Work-from-anywhere (WFA) requires multiple solutions to work together across a dynamic set of campus and datacenter assets, distributed home offices, and cloud-based applications, while simultaneously reducing the overhead of managing a sprawling set of isolated security solutions.
Never before has the concept of trust been so critical to business. As we are unable to physically interact, digital interaction has become, for many, the only way to conduct business and deliver work. This requires a new approach that relies on higher levels of trust, underpinned by a robust cybersecurity foundation.
The Indian market has witnessed a 30-fold rise in distributed-denial-of-service (DDoS) attacks, an attempt to crash a server or online system by overwhelming it with data during the festive season this year, as compared to the volume recorded in September 2021, says a new report by Tata Communications. Similar systematic attempts to derail critical infrastructure and services have been observed in other parts of the world too.
A recent spurt in supply chain attacks, whereby attackers attempt to breach the integrity or availability of critical providers in the enterprise value chain, eventually leading to high impact on businesses that depend on these critical services, has also been observed.
Also, while the attacks started with a few targeted broadband providers in early October 2021, the pattern has evolved, so that by the end of the month, attacks were targeting multiple broadband providers simultaneously. Most such attacks were designed to flood an ISP’s network with malicious traffic, consuming all available bandwidth and rendering the network unavailable to legitimate users. A deeper analysis of the data further found that these attacks were focused on services that are used extensively during the festive season, including media streaming, internet phone services, and online gaming.
Whether on purpose or accidental, a rise in insider threats and data-loss challenges amidst the continued remote-work environment is expected. From verifying identities to ensuring sensitive information is not stolen, it will remain difficult to control what employees do outside of the office as they remotely access files and systems. For example, organizations will need to grant access to employees but cannot always tell if their identity is legitimate. To secure remote work, it will require very strong identity and access-management controls, less privileged access, and more logging and monitoring, which are all challenging to execute. Due to these factors, it will remain very easy for threat actors to circumvent remote access controls in 2022.
With hybrid working now, the method of choice post-pandemic, security strategies must evolve. Businesses have already transformed, and security must progress in tandem. This translates to using modern services, such as managed detection and response (MDR) and extended detection and response (XDR), to act as a business enabler and push the boundaries of modern cybersecurity delivery.
By adding an additional protective layer to accompany zero-trust technologies, XDR tools consolidate the large numbers of vendors within the average SOC, bringing down operational overheads, associated with managing multiple siloed systems. Plus, when there are more gaps than overlaps in technology tools, security teams risk many benign and false-positive alerts, eventually leading to alert blindness. Tight integrations of systems, such as endpoint detection and response, cloud-access security broker, SIEM, to name a few, extend visibility and deliver valuable insights that help identify more persistent or advanced threats that could have previously been missed.
Organizations in finance, healthcare, manufacturing, energy, and utilities, and the public sector will all grow their cybersecurity investments in 2022. Manufacturing, in particular, is a prime area for disruption with the increase in the number of IoT devices during the pandemic to protect their global supply chain and support the convergence of IT and OT.
Supply chain attacks are likely to peak in 2022. Software supply chain security will need to be reinforced. These programs will move beyond just the code you write and code you import to start including all the tools used in the software development process, such as build tools, test environments, and develop laptops.
New technology as Metaverse or a new machine learning algorithm will see investment in critical IT infrastructure to support these new systems. With innovations like these, there comes a whole new set of challenges ranging from regulations and compliance issues to security. The proper fundamental infrastructure and functions like CLM still need to be maintained for these companies to avoid added risk and legal liability. Facebook has amply demonstrated over and over again that ignoring best practices for legal and compliance can lead to massive government fines and damage brand regulation, regardless of the size of the company.
As the world is increasingly digitized, maintaining the security and privacy of data is more important than ever. New technologies, such as artificial intelligence and machine learning can improve user authentication security. AI-powered computer vision and speaker verification capabilities can enable authentication systems to use biometric traits to solve common password problems like vulnerability, frequent changes, complexity, and length. With biometrics, face or voice identification cannot be duplicated, forged, or forgotten, and it can be used across any connected service.
Rather than relying on the end-devices to implement these authentication services, CSPs can prevent unauthorized access to data by using these technologies to deploy in-network real-time voice and video analytics in a scalable and cost-effective manner. CSPs can quickly and efficiently process speech and video streams that enable these reliable biometric authentication services.
Network-as-a-Service (NaaS) is finding favor with many. A result of the growing availability of cloud-based options that address the demands of increased connectivity, agility, speed, and security has changed the dynamics, NaaS, like Software-as-a-Service (SaaS), allows network providers to deliver network services and functionality as a managed cloud offering.
This can include smaller functions like hosting virtual firewalls or routers, content delivery, bandwidth on demand, or as big as providing the entire network (as a service) for mobile virtual network operators (MVNOs).
With the right NaaS platform, operators can bundle advanced security, enterprise productivity applications, IT, and even IoT services with cloud connectivity into digital offerings. At the same time, it also enables enterprises to use their network with greater flexibility and dynamism, adjusting to application and service needs as they emerge, and providing opportunities for CSPs to fill the growing need in the enterprise market.
NaaS also comes with security benefits since it provides total network visibility with monitoring capabilities of both on-premises and cloud resources. In fact, on-premises resources across different locations can be monitored without any additional security layer at each site. It encrypts all data and traffic sent over the network, and enables zero-trust access policy based on qualifiers, such as role, device, and location.
The benefits are further boosted with a sophisticated array of security tools on top of regular networking features like multi-factor authentication, automatic Wi-Fi security, DNS filtering, and advance firewall protection.
Today’s enterprises are not just looking for a unifying architecture that can bring their fragmented infrastructure and deployments under control. They need a system that makes deploying new technologies and services secure and straightforward. This requires more than workarounds connecting disparate security technologies. They need a broad, integrated, and automated cybersecurity mesh platform that provides centralized management and visibility, supports and interoperates across a vast ecosystem of solutions, and automatically adapts to dynamic changes in the network.
So, it should come as no surprise that Cybersecurity Mesh Architecture (CSMA) by Gartner® – an integrated set of security tools and APIs combined with centralized management, analytics, and threat intelligence – made it onto their list of top cybersecurity trends for 2022.
Gartner analyst Felix Gaehtgens predicted that by 2024 security mesh technology will lead to huge savings in the cost of breaches. “Organizations, adopting a cybersecurity mesh architecture to integrate security tools to work as a cooperative ecosystem, will reduce the financial impact of individual security incidents by an average of 90 percent,” he said.
Instead of SIEM and SOAR integrating security tools, the security mesh will use security analytics and intelligence, he said. The mesh will also include identity, policy, posture and dashboard layers.
Gaehtgens recommended that organizations start building the supportive layers for a cybersecurity mesh strategy, including security analytics, identity fabric, policy management, and dashboards. Distributed security technologies offering interoperability will be key to the security mesh, so users should evaluate features such as inversion of control APIs, standards support, and extensible analytics.
Security strategies that were written even three years ago will become – in large part – a thing of the past. It was probably written when the company had physical offices, and most employees worked there. As we wave goodbye to 2021, offices are still largely empty. The concept of networking is increasingly difficult to define. Security teams are having to deal with a security sprawl that complicates management, fragments visibility, and limits the ability of organizations to respond effectively to threats. And worse, detecting and responding to a cyber incident leads to complex workarounds that need to be constantly managed and reconfigured every time a device is upgraded.
You must be logged in to post a comment Login