As the new year starts, it’s natural to think about the network security challenges and opportunities that organizations are likely to face over the next 12 months – and how they will address them. Of course, we are likely to see brand-new threats emerging and unpredictable events unfolding. But here are four key security challenges that I believe will be at the top of enterprise agendas this year.
The first challenge that organizations will address is data and security breaches due to misconfigurations. These have been a constant problem for enterprises for decades, with the most recent example being the large-scale incident which impacted Capital One in 2019. These are usually caused by simple human error, leaving a security gap that is exploited by actors from outside the organization. Unfortunately, humans are not getting any more efficient in avoiding mistakes, so breaches due to misconfigurations will continue to be a problem that needs to be fixed.
At the same time, the technology environment that the network security staff is working within is getting ever more complex. There are more network points to secure – both on-premise and in public or private clouds – and therefore a much larger attack surface. The situation is getting worse – as highlighted in our 2019 cloud security survey, which showed that two thirds of respondents use multiple clouds, with 35% using three or more cloud vendors, and over half operating hybrid environments. The only solution to this growing complexity is network security automation. Humans need tools to help them set and manage network configurations more accurately and more efficiently, so the demand for security automation is only going to increase.
Achieving and maintaining regulatory compliance has long been a major challenge for networking staff, and as networks become more complex it is only getting harder. In recent years, we have seen a raft of new compliance frameworks introduced across multiple verticals and geographical regions. Regulators worldwide are flexing their muscles.
The crucial point to understand is that new regulations typically don’t replace existing regimes – rather, they add to what is already in place. The list of regulatory demands facing organizations is getting longer and achieving and demonstrating compliance is becoming an ever-larger commitment for organizations. Once again, the only solution is more automation: Being in “continuous compliance”, with automatic creation of audit-ready reports for all the relevant regulations, delivers both the time and resource savings that organizations need in order to meet their compliance demands.
The turn to intent-based network security
What do I mean by intent-based network security? It is ultimately about asking a simple question – why is this security control configured the way it is?
Understanding the intent behind individual network security rules is crucial for a wide range of network maintenance and management tasks, from responding to data breaches to undertaking network cleanups, from working through vulnerability reports to dealing with planned or unplanned downtime. In every scenario, you need to understand why the security setting is the way it is, and who to notify if something has gone wrong or if you want to amend or remove the rule.
And the answer is always that a particular business application needed connectivity from point A to point B. The organization “just” needs to find out which application that was – and that’s 95% of the intent.
The trouble is that organizations are usually not diligent enough about recording this intent. The result is a huge number of undocumented rules whose intent is unclear. In other words, organizations are in a ‘brownfield’ situation; they have too many rules, and not enough information about their intent.
So, I believe that this year, we will see more and more deployment of technologies that allow a retrospective understanding of the intent behind security rules, all based on the traffic observed on the network. By listening to this traffic and applying algorithms, these new technologies can reverse-engineer and ultimately identify, and document, the original intent.
Public cloud vendors are providing more and more security features and controls, and this trend looks set to continue, with more security controls becoming available as part of their core offerings. This is a good thing. The more controls available, the more secure organizations can be – if they take advantage of the additional capabilities.
But this doesn’t mean less work for IT and security teams. They need to take ownership of these new capabilities, and to configure and manage them properly – and this takes us straight back to the misconfiguration issue I outlined earlier.
In conclusion, to distil my predictions for network security over this year into a single point, it would be the need to embrace more automation across all security and compliance-related processes. This is at the core of enabling organizations to manage the ever-growing complexity of their networks and responding to the constantly evolving threat landscape.
About the author: Professor Avishai Wool is the CTO and Co-Founder of AlgoSec.
Source: infosec island