Rethinking strategies to accommodate a new security landscape

The seemingly overnight transformation from office-based activity to remote work across the globe, now screams for the adoption of robust network security protocols, and is more critical and time-sensitive than ever before. This unprecedented paradigm shift was inevitable in mitigating the spread of the physical virus, but in doing so, has left many enterprises vulnerable to viruses of an electronic nature, such as malware and ransomware. Clearly, in this climate, and since many jumped into the world of online operations without adequate preparation, network security is now a critical priority.

The attacks are increasing in frequency and sophistication, with businesses attacked by ransomware every 11 seconds. Many small-to-medium-sized enterprises do not have the resources to recover from a data breach or ransomware attack, with a sobering 60 percent going out of business within 6 months. An alarming USD 6 trillion in damages is predicted for 2021.

The situation is not forecasted to improve, unless deliberate and sustained action is taken – swiftly and broadly. Cybercrime costs are expected to reach a staggering USD 10.5 trillion per year by 2025 – just around the corner! According to AT&T’s cybersecurity insights guide for CEOs, 50 percent of enterprises have not updated their security strategy in 3+ years. Their lack of action will be expensive, especially as cyber criminals continue to iterate new strategies to keep up with evolving security innovations.

The network security market size is anticipated to register at a CAGR of 10.2 percent, to attain a valuation of USD 273.58 billion by 2027. The market growth is majorly driven by the requirement for stringent data protection and increasing incidences of cyber-terrorism. On the back of rising incidences of hacking and data breaching, the market for network security has been gaining traction over the last decade.

It seems it is a vicious circle
IT budgets that were not spent last year are set to drive a rebound in spending in 2021, as CIOs restart digital initiatives put on hold during the pandemic. That money will likely be spent on security basics like rolling out multi-factor authentication to provide strong network and application authentication for remote workers, as well as increasing VPN capacity.

But here is the problem. Most companies’ revenues and profits have taken a hit – often a severe one – thanks to the pandemic, and that means that budgets are under pressure. When that happens, the security budget is often the first to be cut. The obvious areas which look like tempting candidates for budget cutting include advanced long term security projects around security orchestration, automation and response (SOAR) systems, behavioral analytics, and AI-assisted detection systems. And, spending on more familiar networking security equipment including firewall equipment and intrusion detection and prevention systems (IDPS) is expected to be most severely impacted by spending cuts this year.

And therein lies the bigger problem. The pandemic has led to spending on securing remote workers being prioritized, because that is where the biggest risk is. But it is important not to forget that the old security risks have not gone away. Hackers are attracted to wherever the biggest opportunities are, and once remote workers are no longer the easy targets that they may have been for the past few months, the hackers will circle back to corporate networks.

That means IT departments need bigger budgets, not smaller ones, if they are to continue to prioritize pandemic-related spending while controlling all the other security risks at manageable levels. Of course, COVID-19 might disappear overnight – as if by magic – and this security problem will disappear. But reality suggests that securing an adequate network security budget should be a priority for every CIO and CISO.

On the starting blocks of the new network
The increasing dependence on IT infrastructure was shown by the number of companies that struggled to cope when the COVID-19 pandemic struck. It was striking how many large enterprises had not prepared their networks for such large numbers of employees working from home even though their disaster-recovery plans should have covered such an unlikely eventuality.

However, as Gartner Group has pointed out, hybrid IT architectures that include both on-premise and cloud are becoming more widely adopted: Organizations must set a strategy that will become the new normal in these uncharted waters. It remains true that no single security technology provides a complete prevention solution, and organizations still require a defense-in-depth approach.

Therefore, a key requirement for setting an organizational network security strategy is to understand the available controls in the marketplace and ascertain if they remain relevant in hybrid and multi-cloud infrastructures. Security and risk management leaders are not able to prepare for every scenario. Therefore, they must make intelligent, risk-based decisions about which security technologies they may choose to defend their organization from threats and to maintain their day-to-day operations.

Meanwhile, attackers are becoming far more sophisticated. More than ever, the need for preventive security technologies that are agile and compatible with a broad spectrum of the enterprises’ IT infrastructure models is paramount. Given the threat these attackers pose to every enterprise, prevention must be high on the corporate agenda.

Taking the unified threat management approach
Unified threat management (UTM) systems are a popular way for enterprises to fight the ever-present, ever-evolving threats to their network security. Benefits like protection from combined security threats, including malware and attacks that simultaneously target separate parts of the network, make the unified threat management option worthy of serious consideration for organizations of all sizes and shapes in today’s threat-infused landscape.

Businesses in 2021 are anticipated to face myriad threats from malware to ID theft to ransomware to full-court network attacks. UTM can provide a central control center from which security can be monitored. It has become an increasingly popular tool for enterprises which want to shave costs of onsite network security while understanding the increased need for visibility and centralized responsiveness.

UTM has been on the radar of the enterprise level IT decision makers for some time because this type of system was (in the past) primarily used for hardware consolidation while also being easy to use and cost effective. As the unified threat management marketplace evolved, the top UTM vendors pushed out appliances that are truly ready to address the enterprise’s needs with features such as virtual local area network (VLAN) capabilities that can support a variety of security zones as well as offer load balancing and ease of scalability.

Making the leap to a UTM system can take a level of commitment and effort for IT professionals, who might be resistant to replacing standalone units that are performing well, shifting to one point of security control. The time to adopt a UTM approach may be right when a large enterprise has a need to consolidate its firewalls on a large network, such as when going through a merger or acquisition.

SASE: Securing the network edge
Dramatic growth in IoT devices and external users have forced IT departments to move storage and processing functions closer to the edge of the network to handle all the data and avoid performance hits for users and data center overload. Edge computing has created its own security problems, however, by spreading out data center risk over a wider area closer to the internet. One edge security tool has emerged in response to those challenges: Secure Access Service Edge (SASE).

Gartner coined the term SASE in its Future of Network Security in the Cloud report, identifying SASE architectures as a critical cybersecurity solution to protect cloud and data center infrastructure. Rather than individual standalone systems, SASE encompasses a suite of technologies, from SD-WAN and cloud access security brokers (CASB) to secure web gateways, zero-trust network access (ZTNA), firewalls as a service (FWaaS), VPNs, and microsegmentation.

There is a solid business case for investing in SASE. Traditional network security technologies are incapable of handling the increasingly advanced threats and vulnerabilities facing the network perimeter. As cloud and external access accelerates, enterprises need to implement advanced levels of access control to ensure they have the capabilities to handle the associated network security demands and risks.

SASE is being used to adopt a continuous adaptive risk and trust assessment (CARTA) strategy, allowing for constant monitoring of sessions. With enterprises keen to accelerate digital transformation in the way data is managed, especially amid the changes wrought by the pandemic, SASE will be a critical tool in making this process more agile and scalable, providing users – internal and external – with a secure and consistent experience and access to applications and services from anywhere in the world.

The industry is now at a stage when SASE is evolving into an all-encompassing network security tool. With a growing number of use cases and rising demand, SASE is set to become a critical consideration for organizations of all sizes, and is today a safe bet for IT administrators to ensure that cloud and network access remains secure, fast and available at all times across all geographies.

Role of SD-WAN in securing the expanding network perimeter
SD-WAN is one of the most rapidly adopted technologies of the past decade. According to a recent study published by Dell’Oro Group, the worldwide sales of SD-WAN technologies are forecasted to grow at double-digit rates to surpass USD 3.2 billion in 2024. This growth is certainly a testament to some of the more well-known benefits of SD-WAN technology, such as centralized network policy management, network flexibility, and application-aware routing.

With SD-WAN, branch offices are now part of an enterprise’s network topology, with their own internet egress. Corporate devices can access the internet via multiple endpoints, adding a layer of complexity to network security.

However, if properly configured, SD-WAN can simplify management, help improve security, and decrease threat vectors. In total, SD-WAN greatly improves an enterprise’s security posture and can ultimately decrease the stress and costs associated with a security intrusion.

Traditional security models were designed to support a walled castle approach where all of a company’s data, applications, and users operate behind a firewall at a centralized headquarters or data center. As more enterprises are moving to the cloud, infrastructure and applications are moving out of the traditional data center to the edge, so security perimeters are evolving – making every access point and network element a potential security breach. The basic firewall functionality is not enough to protect enterprise networks. Enterprises are better served by using an SD-WAN solution that integrates security into the network functionality.

Hence, SD-WAN with security simplifies management with agile network design that enables enterprises to transform in stages, allowing new and old networks to co-exist securely. This reduces the complexity and effort required to redesign networks, providing a smooth migration path for any deployment models, from flat networks to highly segmented ones.

And as this migration advances, special security rules and policies can be applied to reduce risk along the way. Optimally, advanced security and network architecture can work in harmony to deliver a network with enhanced performance, exceptional user experiences, and reliable connectivity with a strong security posture.

Network security efficacy in the age of pervasive TLS encryption
Most of the data traffic on the internet is encrypted for information security and protection. The problem: hackers are also using encryption to smuggle harmful malware past the network defense systems unnoticed. Methods such as SSL/TLS inspection or encrypted traffic analysis offer a potential remedy. These enable enterprises to examine encrypted data transmissions for malware.

The importance and complexity of building a decryption strategy cannot be overemphasized. Enterprises slow to adopt web traffic SSL decryption best practices risk exposing their infrastructure to targeted malware campaigns and data loss. Evolutions of ransomware that leverage encryption for malware delivery and command-and-control communications will have higher financial costs because of the typically longer times before they are detected within an organization’s network.

According to zscaler, many people assume that encrypted traffic means safe traffic. But that false sense of security creates risk because it means that the majority of enterprises allow encrypted traffic to go uninspected, and attackers know this. The problem is that most security teams cannot fully inspect SSL traffic, as their legacy tools lack the processing power to decrypt, inspect, and re-encrypt packets without bringing performance to a standstill.

Is network and security convergence desirable?
Is it actually desirable? And is it even possible? To answer the second question first: Of course, such convergence is possible, to some extent at least. But what does to some extent actually mean? It is pretty clear that adding some security functionality to networking hardware and software is desirable, practical, and easy to achieve. It may even be the best place for it. But there is a problem.

The problem is that many security vendors’ products are best of breed, and many network vendors’ products are also best of breed. And while a large enterprise may only need one network vendor, the chances are that it needs multiple security tools, from a wide array of security vendors, to achieve the security posture it requires. There is, in other words, a great deal of heterogeneity when it comes to security setups. One size does not fit all.

Now one could argue that security is simply an expensive necessity that every enterprise needs to have in place, not something that provides a competitive advantage to a business.

For that reason, companies should mold their operations to fit a standard security package in order to benefit from the economies of scale that a standard security package could offer. It is the same argument that prompts companies to use standard cloud-based software services for things like HR, sales, and marketing automation, and so on.

But that argument does not hold water. Security is an expensive necessity, and different organizations are subject to different regulatory requirements and reporting procedures, and different types of activities have different security needs. These needs can be very nuanced: the security requirements of a company operating in one industry in one country can be radically different from one operating in a fairly similar industry in another country.

So, while network and security convergence sound sensible, to be effective it would have to be far more complicated than it first looks. There are some big networking companies, and some of them also offer powerful and sophisticated security products. But very few have the depth and breadth of security capabilities that many enterprises require.

So that leaves two possibilities. The first is a networking landscape that involves partnerships spanning multiple security vendors working together. That might be possible, but does not that deprive enterprises of the ability to choose best of breed solutions for their specific security problems? The second is that network security is rethought out from scratch. The aim would be to produce a networking solution that truly has security functionality baked-in, not bolted on and called converged. And that is not something that will happen any time soon.

There is a third option. Networking and security remain, to a large extent, unconverged. There may be a consolidation of networking companies, and some networking companies may gobble up some security companies. And with this option, the boundary between networking and security may become blurred, but it does not even begin to disappear completely.

Way forward
IT leaders need to not only begin planning for the impact of this surge in the volume, variety and velocity of data this will generate, but also decide how they provide the security and management needed. One challenge from a security perspective is that many of these new edge networks are both ad hoc and temporary. This means that security has to be able to be deployed simultaneously in both virtual and physical environments so that interactions between edge devices, the physical network, and the cloud, along with WAN, LAN, and broadband connections, are automatically inspected and protected. And security must also provide deep inspection and policy enforcement at the 5G speeds the expanding edge network is operating at.

The challenge is that few enterprises have access to the kinds of security solutions that can automatically deploy, scale, and adapt to these new highly volatile environments, which means that many of these ad hoc networks will either be unsecured or undersecured. And even should they find a solution, they will find that it is not integrated into their larger security framework, which means they will have further sacrificed centralized visibility and unified control in favor of performance and digital transformation. History demonstrates that ad hoc solutions lead to gaps in visibility, integration and control, and these gaps are often exploited by cyber adversaries.

What organizations need is a security-driven networking approach that combines networking and security into a holistic solution that can begin protecting any edge the moment it is created. And this is for any edge, not just new smart edge platforms.

The one thing in common for the next generation of networks is that they will all require security across the LAN, WAN, and cloud edges. The practical reality is that the number of edges will expand, scaling up and out to meet shifting business needs. And they are highly sensitive to issues like latency and jitter.

Solutions that integrate networking and security are needed to ensure business outcomes and end user experiences. They cannot afford security solutions deployed as an afterthought or as an overlay. Adding complexity will only undermine the power and usefulness of edge networks. Indeed, an overlay security system constantly struggling to keep up with dynamic changes in the network will introduce security gaps that can be easily exploited.

A security-driven networking strategy addresses all of these challenges. It is much more than simply integrating security into the network. Instead, networking and security have to be conceived, deployed, and operated as an integrated solution. Security needs to be woven into the DNA of the network so every decision to change a connection, add or remove a device, collect or transmit data, or access an application includes a security component that is also monitoring and inspecting and enforcing security policies every step of the way.