Edge computing represents a major shift in how networks, applications, and workloads on both are designed and deployed. Many organizations are looking for collaboration and guidance from third parties as they work to roll out these new initiatives and secure them. In this article, Tawnya Lancaster, lead product marketing manager at AT&T Cybersecurity, shares key considerations for choosing the right edge security tools.
New architectures are being designed that are highly diversified and distributed across multiple environments, likely using multiple types of networks (from private 5G to multi-cloud to on-premises to public 5G and more) and an increasing number of components, including more IoT/OT devices.Â
Already complex business network environments are getting even more complex, which is creating new challenges for the security practitioners tasked with monitoring, managing, and protecting them. Specifically, they are being tasked with ingesting more data into their security platforms from across their customers’ businesses and analyzing all that data to monitor, detect and respond to threats, manage policies, monitor, and prioritize vulnerabilities. It is here that artificial intelligence (AI), or more specifically machine learning (ML), can be useful, but ML is not the only technology — and certainly not the predominant one — at security teams’ disposal to help address threats at the edge.
Using ML to Help Augment Security at the Edge
Machine learning can be beneficial in many areas of security — ML automates learning processes and is used to identify patterns and deviations from those patterns. For example, because threat actors frequently re-use and evolve known malware, ML can be used in threat intelligence to create malware clusters that can detect and predict the behaviors of malware families, which then helps speed the detections of malware variations within those families. This helps security analysts in the SOC to identify malware variants that they have not previously seen more quickly. Machine Learning can also be used for User Entity Behavior Analytics (UEBA) use cases – for example, detecting anomalies in user/entity behavior on the network. These tools augment or supplement what the security practitioner is doing, thereby creating faster detection of anomalies and freeing up that practitioner to focus on other, more strategic tasks or higher-level work.
See More:Â How to Build Validated Patterns for Continuous AI Deployment at the Edge
Machine Learning can also play a role in access management and enforcement control to support risk and trust decision-making related to users and devices trying to access applications, workloads, or other devices. For example, this can be impactful in Zero Trust environments to help with continuous, dynamic risk and trust testing based on external security information, security policy, state of the network, identity, the request beings made, and threat intelligence. A “risk/trust†engine determines the trustworthiness of an entity making a request and feeds that data into a decision engine. The decision engine enforces “grant or deny†based on multiple factors. By continuously feeding this data back into the system and standardizing a set of user and devices actions common to specific applications, the system can use ML to detect anomalies from that behavior. However, it does not negate the need for explicit rules. It’s important to remember that this is a very sophisticated use case. Very few organizations – even those with the largest and most sophisticated cyber programs – have the maturity to implement this. As vendors simplify the use case with more advanced software, we may see more of this.
While ML can help address the “big data challenge†security practitioners are facing today (and increasingly so as organizations deploy more edge workloads), readers should note that it is not a silver bullet. Remember, ML is only as good as the algorithms trained by humans and, therefore, the data fed into those algorithms. If the data collected from an organization’s environment isn’t high enough in quality or the data sets are not large and diverse, then the ML output’s quality will be diminished.
Machine Learning is a niche capability today in most organizations’ security approaches. When considering the potential to use ML, security practitioners are typically thinking of it in the larger context of other non-ML technologies such as basic analytics and or automation, as well as in the context of the overall processes and systems in place for the organizations’ security program.   Â
Other Important Security Tools at the Edge
As mentioned above, ML is one tool, not the only tool and not even the most essential tool today, according to the data from the AT&T Cybersecurity Insights – Securing the EdgeOpens a new window report. It shows that even as organizations are looking to new, emerging technologies, they are not yet ready to relinquish some of those traditional workhorse security technologies that have proven effective over the years. For example, the following security controls were top across the six different types of networks for edge computing: intrusion and threat detection, data leakage monitoring, device authentication and network access restrictions (device-to-device).
Respondents also highly ranked new, converging categories of technology such as secure access services edge (SASE), which brings together networking and security controls including SD-WAN, CASB (cloud access security broker), SWG (secure web gateway), ZTNA (zero-trust network access), and firewall-as-a-service. In addition, there has been a lot of hype for approaches like “extended detection and response, XDR,†which makes sense because data shows that attacks against server/data within the network edge and attacks against user/endpoint devices within the network edge consistently rank as top concerns of respondents for their edge security.
Importantly, the report also notes that security controls are moving further down the into the development cycle with things like dynamic application testing (DAST) and the emergence of categories such as external attack surface management, which brings together overlapping technologies in vulnerability/risk discovery and prioritization, digital risk protection, BAS (breach and attack simulation), and more. These give organizations an even broader view of their attack surfaces, including those external-facing software vulnerabilities that could be exploited by threat actors, some of which the security and IT teams may not even be aware of. For instance, these could be found in shadow IT, assets or applications brought in through M&A, or infrastructure that has been deployed in the cloud without sanctions of the IT department. Again, the edge will bring an increasingly complex and diverse attack surface, so tracking and monitoring all the assets/applications/workloads within that will become ever-more challenging.
Furthermore, determining where these technologies are deployed is worth considering. Our report showed that companies increasingly use SaaS technologies for their security controls. However, many are still deploying security controls on-premises. In fact, 27% are still deploying single cybersecurity functions on-premises ( hardware or software), and 40% are deploying multiple cybersecurity functions on-premises (UTMs). This may be for various reasons: data residency requirements, data privacy, regional regulations, etc. Thirty-eight percent are deploying dedicated cybersecurity functions in the cloud. Data shows high interest in SASE (which technically is deployed in the cloud). However, it’s 50/50 when organizations want to deploy those controls completely in the cloud or a mixture of on-premises and in the cloud.Â
See More: Filling the Gaps in Edge Computing with Distributed SQL Databases
Closing Thoughts
The tools used to secure the edge will remain for today and the foreseeable future a combination of legacy and traditional security technologies and new, emerging technologies. Know that ML is has its role in security moving forward, though today it makes up a small percentage of tech capabilities — and it’s only as good as the humans who train the algorithms and the data that those algorithms ingest. So, for any ML being used within the security stack, there needs to be protocols or “checks†in place that are reviewed regularly. The truth is, ML is mighty, but the data scientists and practitioners with the expertise to execute on AI properly are few and far between, and this places them in high demand. This is another reason not to rely on ML alone, especially today when we are so early in developing use cases for ML in cybersecurity.Â
What edge security tools are you considering? Tell us your key considerations on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to know what you think!