There is a devolution of what used to be a single cohesive network and the diaspora of valuable data into various parts of the cloud. Oliver Tavakoli, CTO, Vectra AI, talks about how the collection of technology formerly called “network security†evolved to keep pace.
If you surveyed IT organizations a decade ago, the majority of their security teams’ investment would have been dedicated to securing endpoints (anti-virus, VPN, etc.) and networks (firewalls, intrusion prevention systems, web proxies, email security, etc.) with proportionally smaller investments in areas such as identity and access management (IAM) and security information and event management (SIEM). This was at a time when laptops were generally used from an office network or connected via VPN when out of the office and applications were generally hosted inside the organization’s data center.
Evolution of Endpoint and Network SecurityÂ
In the intervening decade, endpoint security has progressed along an evolutionary arc. Anti-virus software turned into an endpoint prevention platform (EPP) and was subsumed into endpoint detection and response (EDR) which provides both initial prevention and post-infection detection capabilities.Â
VPN software is still around, but most organizations no longer insist on “always on†VPN connection when laptops are outside the office. And some organizations have replaced VPNs with zero trust network access (ZTNA) solutions.
In that same decade, what used to be called the network – the interconnected fabric which connected end user systems to corporate applications and the internet – has undergone radical transformation. Most organizations have eschewed running standard apps in favor of consuming them in SaaS form – Microsoft Office 365, Google Workspace (formerly G Suite), Salesforce, Slack, etc. are all reflections of this trend.
Many other applications have also departed the data center for public clouds like AWS, Azure and GCP. The de facto fabric which connects endpoints to applications in this brave new world is now the internet. Web proxies (now called Secure Web Gateways or SWG) have moved into the cloud and are being delivered in SaaS form as are zero trust interconnects.Â
Even the identity store, once considered a crown jewel and protected in the heart of the data center, has moved to the cloud with single-sign-on (SSO) and multi-factor authentication (MFA) being SaaS-delivered by the likes of Microsoft (Azure AD), Okta and Ping Identity.Â
The pandemic has only accelerated these trends as employees were sent home to work and IT organizations became aware of the downsides of running their own physical data centers.
Learn More: You Can’t Secure What You Can’t See: Defense In-Depth and Network Security
The Death of “Network Security†As We Know It
Given this devolution of what used to be a single cohesive network and the diaspora of valuable data into various parts of the cloud, how has the collection of technology formerly called “network security†evolved to keep pace? While sales of traditional firewalls seem to still be holding steady, it’s difficult to see how that will continue given the trends outlined above.Â
You can’t really put a firewall in front of a SaaS application – well, you sort of can, but then it’s called a cloud access security broker (CASB) and it provides different functionality and is delivered in SaaS form. And you can’t really utilize a firewall with proxy capabilities to protect users working at home from threats on the internet – again, you sort of can, but that’s really a SaaS-delivered SWG.
You can’t really ship your firewall to Amazon and ask them to place it in front of your VPCs – though you can utilize virtual versions of the same firewall that you used in your data center. But more and more companies are utilizing native and simple (and cheaper) firewall functionality supplied by cloud providers rather than relying on virtual versions of legacy firewalls.Â
And as noted before, VPNs have evolved into SaaS-delivered ZTNA. All of these technologies now have a place in what Gartner calls the secure access service edge (SASE) and this collection of services and the parts of the internet they ride on are no longer a “network†in the strict sense of the word.
Learn More: 5G Security: Simplicity and Risk Management Are the Key Constructs for Growth
From Network Detection and Response to Cloud Detection and Response Â
A few additional network-related trends are worth highlighting. One is the coming of age of a new product category called network detection and response (NDR) that covers ground on the network which EDR has covered on the endpoint. And while detecting attacks on your public cloud footprint (the parallel of detecting attacks against your data center) presents new challenges which require the analysis of a variety of activity logs, flow logs, and traffic to reach a high-fidelity conclusion, no detection-centric product category has emerged in this realm.
Attackers are becoming more attuned to this shifting landscape. Attacks on valuable data in common applications accessible via the internet are definitely on the rise. This was evident in the SolarWinds supply chain hack where private keys used to sign SAML responses were stolen from local networks and then were used to bypass all authentication checks (including MFA) to access an organization’s Office 365 data. It was also the subtext of the Microsoft Exchange Server hack which stole information from many on-premise Exchange servers exposed in organizations’ network DMZ.
Attacks on public clouds are clearly also on the rise over the past few years, starting with leakage of data from open cloud storage and progressing to attacks that clearly have a deeper understanding of how clouds are architected and the patterns-of-use which create natural fissures to exploit. So – will we end up with a new category called cloud detection and response? Time will tell.
The Emergence of AI to Tackle the Complexity of this new World Â
A final note on a technology topic – many of the changes outlined in this article have transpired during a time where the uses of machine learning (ML) and artificial intelligence (AI) to solve some gnarly security problems have also matured. The complexity of detecting threats across the breadth of a modern enterprise “network†is well suited to the judicious application of these data science techniques – they are not a silver bullet, but they can help tip the scales in favor of the defender.
Did you find this article helpful? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d be thrilled to hear from you.