NetEvents hosted a webinar titled ‘Network and data center security’ in partnership with Dell’Oro Group on October 7.
The virtual event featured a panel of industry experts including Gail Coury, senior vice president, and chief information security officer, F5 Networks; Jordan LaRose, director of consulting and incident response, F-Secure; Dr. Ronald Layton, vice president, converged security operations, Sallie Mae Bank; Vivek Bhandari, sr. director of product marketing, networking and security business unit, VMware.
The discussion was moderated by Mauricio Sanchez, research director, network security & data center appliance, SASE Market Research, Dell’Oro Group.
Starting the conversation, Sanchez presented their market research perspective to the network security landscape. He said that the Covid-19 pandemic over the last 18 months had specifically accelerated three tectonic IT shifts – enterprise digitalization, workplace reinvention, and online business experience. He said that the most prominent one given this scenario has been the shift towards the cloud in the enterprise digitalization with massive movements of workloads for a distributed setting with remote working becoming the new normal. He said that in the future some form of hybrid work format would be important for keeping the online business experience, especially for enterprises without digital presence, really having to dial in that environment.
He pointed out that security became daunting for many of the security practitioners coping with misconfigurations that lead to data leakage and highlighted human error often being the culprit of cloud data center breaches. He said that during this period, cyber threats have accelerated. In contrast to the current scenario, he said that a lot of enterprises are still on ‘legacy network architecture’ but given the tectonic shifts in enterprise digitalization with strong online business presence, a lot of enterprises have started to understand that the legacy architecture no longer fits.
He added that their research has shown that organizations are rethinking network connectivity and security strategies that aim to provide the agility that allows the reconfiguration of networks to have dynamic scalability in case of additional network and security processing requirements. He said that both from a networking and security perspective, the Secure Access Service Edge or SASE architecture was best suited to address some of the pain points of the legacy architecture and service of enterprises. According to him, the vendor community has responded to this new intersection of networking and security by providing a converged (software-defined WAN (SD-WAN) and secure web gateway (SWG) networking security solution under the SASE umbrella.
Sanchez also added that as enterprises embrace the cloud-first and mobile-friendly approach, there is a significant opportunity for the vendors participating in SASE market which is expected to hit double-digit billion-dollar revenue by 2025.
With that perspective set, the first question for the panelist explored the first topic of the top security threats faced by enterprises today.
Taking on the question, Gail Coury felt that the challenges were multi-faceted as technologies changed “literally overnight” due to the Covid pandemic. She said that the extended attack surface resulting from remote working and multiple cloud applications have put pressure on the security aspect of enterprise networking and stressed the importance of a zero-trust approach. “We’re in multiple clouds across the world to be able to not only manage our employees but to support our customers, so that attack surface is quite large. These are the threats to the applications and devices your users are connecting from. This brings us back to having to get into a place of zero trust.. that's a challenge of defense ,” she reiterated.
Jordan LaRose pointed out that the biggest threat to enterprises was ransomware attackers. He said, “They (ransomware attackers) are not just targeting computers anymore to expand their access across the network, deploy the ransomware. But what they'll also do is target key servers, key users on the network, exfiltrate intellectual property, could be blackmail information, could be anything they see as valuable,” he said. “Classical ransomware for it to be effective needs to target the entire network. It needs to affect the backups and stop everything in its tracks. But for this more targeted type of attack, they only need to compromise that one critical server, or that one key user account before they're able to ransom and threaten the business,” he stressed.
Adding to that perspective, Vivek Bhandari said that protecting the apps and users of distributed organizations has become a complex and difficult process. “The apps architectures are fundamentally changing with containerized applications and the modern app phenomena where we have these apps sitting across with so many more components and across multiple clouds. It's created a field day for the attackers,” he said. In addition, he also pointed out that remote desktop protocol (RDP) ports were also commonly used by attackers to move laterally within the network once making their way through the initial gate. “We are beginning to see phishing, and email remains one of the top vectors from an end-user perspective for delivery of malicious code,” he said. “What's also growing and worrisome is the use of zero-day exploits. Compared to the last two years, in 2021 alone, we have seen more than two times the use of zero-day exploits in the world.”
Looking at the security issues from a different angle, Dr. Ronald Layton said, “I would like to see budgets for security expand as much as a tech service has. So that would be a wonderful thing to see.” He also pointed out the importance of the adoption of a collaborative approach to deal with ransomware threats. “We are all better when we collaborate, and the threat actors have picked this up rapidly, and they've always been better collaborators on the offensive side rather than on the defensive side which is where we play,“ he added.
After the discussion about the threat aspect, the conversation veered towards solutions or technologies options for the enterprises.
Pushing the discussion further, Vivek Bhandari said, “What we're beginning to see is a lot of the organization start thinking of securing end-user traffic and use solutions like SASE and Zero trust network access (ZTNA) concepts to secure. “Securing the workloads within and across the clouds and all the traffic from the workload out to all the traffic that's happening is equally important. We have to start thinking of concepts like zero trust spanning from users and devices accessing the front door of these applications with all the access policy applied, but then taking that inside and across the clouds to make sure all the network traffic today is that East-West traffic. The battle today has shifted from North- South, which was the traditional perimeter to East-West which is the new battleground. We have to start thinking about solutions that can work at scale for this growing internal East-West traffic across all our applications and span out these workloads at Cloud scale,” he stressed.
“When you think about zero trust, it’s not only securing the application, whether it's a traditional application or an agile application, we need to think about how we integrate security,” said Gail. Agreeing with her co-panelist’s thoughts, she added that securing API security and how microservices connected were very important. “And this is why we have to change the way we think about security,” she added.
Jordan LaRose commented there were “many aspects to defense and so many potential technologies to consider in securing networks.” “There is no silver bullet to security. There's no one piece of software that's going to solve all of your problems.” He added. “However, if there was one piece of sector technology that I had to recommend for a wide-scale security strategy is endpoint detection and response (EDR). In my mind, it's the first step you should be taking, and trying to implement effective enterprise-wide security,” he added.
Adding to the conversation, Vivek Bhandari said, “Enterprise endpoint detection and response is evolving. But now what we're beginning to hear is the new architecture called extended detection and response (XDR). He said that XDR goes beyond typical detective controls by providing a holistic and simpler view of threats across the entire technology landscape by delivering real-time information needed to deliver threats to business operations for better and quicker outcomes.
“I agree, and the more we can use AI or machine learning to be able to make that response automatic, the better we're going to get at defense right,” added Gail.
This led the conversation to the final topic of the session which was about the operational aspect.
Driving his point in context to the conversation, Dr. Ronald Layton said, “So, the point is when we see the amalgam of techniques and tactics used by the threat organizations, they don't always have to use their fastball. Yes, they are highly advanced, but they can still use their low and slow techniques that still work, why would I show you my complex stuff, when the old stuff still works fine? But the reason that it works fine is because sometimes we've not done what we need to do to, to close the front and the back door,” he said. On the part about how the operations center should evolve, he stated organization may come up with a great strategy, but suffers because of poor tactics. “Zero trust is an approach, but everybody does it the same way. So, at the end of the day, there should be a sign hung up on all the organizations that says ‘you need to be tactically focused but strategically aligned’. Another way of saying this is that as the threat evolves, you need to build in the ability to be nimble, and the ability to respond as the threat landscape changes with the fastballs, but also with the low and slow stuff,” he explained.
Adding to the conversation, Vivek Bhandari said, “I think frankly, it is madness for us to continue to use yesterday's architectures, point black box solutions and appliance-based architectures to enforce security. We have to start looking at this from an operational scale, and a better security perspective. Let's not be constrained with the architectures and solutions of the past, we got to think of things that can be cloud-scale distributed, things that are built into the infrastructure, and give us that automation and operational scale, and then we can collectively combat this growing security challenge much better.”