We at Hillstone Networks would like to wish you happy holidays to you and your loved ones. Today, we’d like to discuss 6 dynamic topics we believe will be forthcoming in 2022. From the big picture perspective, we believe a couple of topics to watch out for in 2022 are the threat landscapes, AI in security, cloud security, security for the distributed workforce, compliance, and our high-level solution to these problems: cyber resilience.
Transitioning into 2021, we still believe ransomware and data leaks are going to be primary concerns for enterprises, as ransomware offers a very direct and quick pay-off for hackers. Additionally, when ransomware attacks are executed, there could be problems in the supply chain, also known as OT security. For example, recently, when a large pipeline was attacked via ransomware, gas prices skyrocketed. Data leaks, on the other hand, have an immediate negative impact on the brand name of the enterprise in question, which in turn can affect perception and value of a brand. Though we are no longer in a full lockdown, the remote work force status quo is becoming widely accepted and the new norm is now the hybrid work model. In such a scenario, CISOs now must concern themselves with how to secure this new environment. Are VPN solutions good enough? What about IoT devices, home networks, branch offices, and others? We believe these topics will be challenges in the coming year. Finally, we cannot discuss the changing threat landscape without discussing the expanded attack threat surface and how delivering the fundamentals of security is still imperative. New technologies and new forms of connectivity are continually sprouting up left and right. Despite that, don’t forget the fundamentals. Studies have shown that phishing is still the leading methodology utilized by hackers to infiltrate networks. Hackers are also still using malware, inserting viruses, and hunting for exploitations of commonly used programs, such as the recently discovered log4j2 vulnerability. We recommend enterprises to follow security best practices, keep up with the common vulnerability patches, and identify their critical assets that require protection.
AI in Security
In the past year, AI has proven to be promising technology that is sure to make a splash in the cybersecurity industry. Nearly all products in this space claim to implement elements of AI. Some may use machine learning, whereas others may use statistical methods. However, it should be noted that we are nowhere close to AGI. Such claims should be carefully reviewed before any serious consideration is made. That being said, AI still has many shortcomings. Current AI technology is capable of flagging many questionable events, but is often unable to explain the causal reasoning behind said triggers. This can become a burden for users because it now rests on their shoulders to sift through mounds of metadata and decipher which events are false positives. As it currently stands, we at most believe AI can be a powerful tool that points you in the right direction, but it’ll be some time before an AI-enhanced solution is capable as a standalone product. In the meantime, keep an eye out for how AI will continually be integrated in solutions, such as an XDR’s ability to digest and correlate more forms of data efficiently.
Just like how AI is being leveraged to bolster defenses, AI is similarly being leveraged to augment attack schemes. Oftentimes, hackers will simply purchase the latest detection engines, and train their algorithms and malwares to avoid detection protocols of a specific detection engine. This is additionally why we believe the future of AI implementation isn’t so much for augmenting signature-based detection, but rather, to be used in behavior-based detection. Whereas signatures can be hidden, there is certain behavior of a malware that is going to exist, no matter how the malware attempts to disguise itself. In terms of a potential new point of vulnerability when it comes to AI, data used to train AI can be at risk. This data could be poisoned by malicious actors, thereby rendering your detection engines ineffective.
One major development in the cloud is the increased adoption of container technology. Containers are more dynamic than VM’s because they are deployed and retired at a much faster rate than even VM’s. The sheer volume of containers is much greater than the amount of VM’s deployed. Whereas a VM partitions a large portion of the physical CPU to operate as a separate “machine within a machine”, a container simply partitions a small portion of the physical device’s CPU for small tasks, such as running specific applications. It isn’t efficient to create a whole VM for just one application that only takes a few megabytes to run. A container, specialized for deploying said application, would be much faster, much smoother, and much more efficient. With this rise in use of container solutions, comes the need for container security, such as increased visibility within containers, a micro-segmentation solution for the container space, or the ability for a device to scan container images. The industry has evolved to support such adjustments.
In 2021, we’ve also seen an increased demand for a hybrid/multi-cloud security solution. AWS is no longer the only prevalent solution — Microsoft Azure has been growing much faster in the US as well. Incidents like AWS’s eastern region blackout have shown enterprises that multi-cloud or backups may likely be the safe solution moving forward to avoid blackouts.
As the cloud space is being utilized more, ZTNA and XDR are forced to evolve as well, with such solutions expected to support cloud technology. Additionally, as a result of this increased interest in the cloud, compliance responsibility isn’t as much a split responsibility between the Cloud Service Provider and the Corporation. Instead, it is now mostly resting on the shoulders of the CSP and has become a serious consideration when corporations look at CSPs.
Security for distributed workforce
When the pandemic struck, the global workforce was obligated to shelter-in-place, thereby launching the dawn of the remote workforce. Though society is trending toward normalization, some trends are here to stay. Whereas full-on remote work may not be the status quo anymore, hybrid work — a blend of remote and in-person work — has taken over as the new status quo. Because of this, connectivity, in tandem with security, is still at an all-time-high demand. VPN is still the dominant technology, despite a lot of interest in SASE and ZTNA. This is because legacy architectures exists, making it costly and inconvenient to suddenly migrate into new technology. Instead, enterprises are finding ways to work around VPN’s shortcomings by implementing user-based policies, such as ZTNA as a concept, or MFA. Outside of VPN technology, the logical solution that could fill the void here is SD-WAN. SD-WAN was originally widely accepted for branch office connectivity, but with the world trending toward a hybrid work force, the concept of the “branch of one” is being embraced. Home offices are now being viewed as branch offices, so SD-WAN benefits can be applied to such scenarios as well.
When it comes to ZTNA technology, it provides more secure access than VPN technology because it is controlled not just on the connection level, but also on the access level. Interest in remote work technology has boosted the interest in ZTNA. Although VPN may still be the dominant choice for legacy infrastructures, new infrastructures, such as the cloud, are privy to the implementation of ZTNA technology. Some advancements and increases in efficiency are still needed before ZTNA can fully replace VPN, but keep an eye out for advancements in ZTNA technology this coming year. Perhaps, if vendors can find a way to cure the learning curve and upfront costs, ZTNA will become the new norm. If such a move is on the horizon, then the SASE architecture will no longer be a popular theory, but will become a reality. SASE architecture is the true end goal that technologies such as SD-WAN and ZTNA can push toward. What SASE envisions is an edge. On one side of the edge rests the home offices, branch offices, and other IoT devices interconnected by a security fabric. This fabric can then be delivered through the cloud as a service. We definitely see the validity of such an architecture and it is one of the technical directions we are working to move toward.
The past year has moved toward a prioritization of user privacy, especially in terms of giving users more control over how their data is being used. Moreover, as the geopolitical environment worsens, laws dictating how data is transferred between geographic locations have become more stringent. Just this past year, large enterprises were issued massive fines for not being compliant, such as the infamous Amazon incident. Moving forward, even small and medium sized businesses won’t be exempt from these rules. We foresee continued struggles between major powers playing a large role in data privacy evolution in 2022.
Long gone are the days where a security infrastructure is erected and users can go on about their day worry-free. Nowadays, when security incidents pop up, they are no longer considered exceptions; rather, they are considered the norm. With such a reality, it is perhaps even more important to bolster our ability to respond to said threats. To be resilient is to be able to bounce back quickly and efficiently despite threats and breaches. The process of reaching cyber resiliency can be broken down into a few steps. First, mapping out all digital assets and determining which ones are critical to business processes. Second, determining potential vectors hackers can leverage for attacks, and understanding how your processes can be disrupted. Third, generating response plans to address various failure scenarios. Fourth and finally, monitoring your infrastructure continuously, and perpetually improving upon your infrastructure security solution. As you can see, these steps to reaching cyber resilience are similar to the five steps of successfully implementing a micro-segmentation solution.
Farewell 2021, and welcome 2022. We’re ready for you.