Emerging technologies such as Cloud Computing, Artificial Intelligence (AI), Automation, and the Internet of Things (IoT) are creating unprecedented opportunities for businesses to unlock new value. However, this value is not assured. Cyberattacks at a record high and attackers making use of every vulnerability, including the current situation in the pandemic world. Data that were once contained within enterprise systems are traveling through a dizzying variety of routers, data centers and compute hosts. The old IT world is dying due to a combination of digital transformation and the current work-from-home scenario that has made perimeter-based network defenses obsolete. As technology landscape evolves, so does the cyberthreat landscape. Enterprise cybersecurity teams have been forced to grow-up overnight and the situation has caused a general shift in attitude towards security - every environment is now considered breached unless it is secured, every action suspicious, and every user unauthorized, sort of like a “don't-trust-anything” policy. Cyber security experts now must deal with threats created by the Cloud, the Internet of Things, Mobile/Wireless and Wearable Devices. As companies look to transition to a new normal in 2021 and beyond, here are some key cybersecurity innovation trends we are keeping an eye on:
Zero Trust Network Architecture (ZTNA)
First on our list of cybersecurity innovations is Zero Trust Network Architecture (ZTNA), focused on disrupting the traditional VPN/Firewall market. Premised on the principle that trust itself is the vulnerability and network is always hostile, Zero Trust leverages network segmentation, restricts lateral movement, allows Layer-7 threat prevention, and ensures granular user-access control. These technologies take traditional networking and security and roll them into one easy-to-use software solution and provide users with secure remote networks based on zero-trust architecture. As opposed to the VPN/Firewall/Perimeter approach that assigns trust based on location in the network, the zero-trust model does not believe in IP addresses, and every action is basically unauthorized unless it is authorized. Deploying dynamic micro-perimeter and segmentation gateway, ZTNA allows multiple and dynamic levels of access controls. Through continuous trust evaluation, it ensures that legitimate users and applications have access to the protection surface, which safeguards the most valuable data and assets. Since ZTNA obscures applications from the internet, it rules out misuse of VPNs.
Unsupervised ML for Next Generation Breach Detection
Smartphones and IoT devices are causing cyber-attack surface to spread faster than it can be secured. Attacks becoming more sophisticated and many reports of AI being potentially weaponized are catching the attention of the experts. Hackers are using Zero-Day exploits to establish a foothold, mine data in networks and systems for months (Target’s stolen credit card numbers). We have a general viewpoint at Service Ventures that it is way too much work to keep attackers out with Firewalls and other IT resources, but it can be far more effective to manage the attackers once they are inside the enterprise perimeter. In this regard, unsupervised Machine-Learning under the broader Artificial Intelligence umbrella can help actively hunt the attackers once they are inside. Technologies that combine ML and behavioral analytics to detect breaches and trace them to the source will be in need. The ability to spot behavior patterns and trends across wide distributed environments like IoT and keep learning from every experience makes AI/ML a powerful weapon against cyberattacks. Instead of focusing on the first line of defense, next generation breach detection focuses on what happens once the criminal is inside the system. It takes behavioral analytics, adds more tools to identify the breadcrumbs that a hacker leaves behind. In addition to detecting threats, such AI/ML techniques can warn against potential future threats and give valuable insight on steps that can be taken to resolve or avoid such issues altogether. Such innovation can not only scan public cloud and SaaS systems like Salesforce, AWS, Office 365, and Azure but also emails and IoT devices.
Attack Surface Discovery
As we already mentioned, work-from-home has considerably increased the attack surface in a relatively short period of time, not really giving security personnel much time to gear up. Cybersecurity solutions that focus on proactive and continuous attack surface discovery and testing will be crucial. Like how an attacker would look for weaknesses or paths of least resistance, such innovation uses a combination of big data and machine learning to find such vulnerabilities first before hackers come to. Proactive is the keyword here, and unlike a VPN/firewall combination that stands guard i.e., when the solution is not dealing with potential breaches, it is constantly, extensively, and proactively mapping all organizational assets and endpoints that are exposed to the Internet. This kind of continuous attack service discovery will be key to staying ahead of cybercriminals.
Secure Access Service Edge (SASE)
A big class of innovation that is likely to see traction, partly due to COVID-19, is an accelerated shift to cloud technologies. The associated security systems and services, away from the LAN era, eventually will culminate into what is called Secure Access Service Edge (SASE). With cloud as the cornerstone of remote work architecture, the traditional firewalls will not be enough. Companies will fortify their identity and access management (IAM) tools while employing automated monitoring and remediation capabilities with an eye on proactively countering any identity-related threats in the cloud. With cloud applications getting more dynamic, the cloud workload protection platforms will evolve to join with cloud security posture management (CSPM) for new-age security demands. The always-on SASE will thus secure workers-on-the-move and cloud applications by routing traffic through a cloud-based security stack regardless of the location of the users, applications they access and devices they use.
Behavioral Fuzz Testing
Like Netflix’s Chaos Monkey, which randomly attacks its own services to build resilience, fuzz testing is the process of inputting massive amounts of gibberish/fuzz to a SW program to make it crash. By throwing random data at a service before it is deployed, DevSecOps teams can learn in advance what the effects of a possible attack could be, and perhaps what countermeasures can be taken in advance.
Gitlab, best known for its repository solutions, has bought two fuzz-testing startups to double-down on security for DevOps teams – Seattle based Peach Tech and Israel based Fuzzit. Peach Tech’s contribution includes two offerings, Peach Fuzzler and Peach API Security. Fuzzit integrates with CI/CD workflows and provides a hosted fuzzing service to continuously test code for errors and bugs. These two acquisition and integration with Gitlab’s platform will make Gitlab the first security solution to offer behavioral fuzz testing, and shift fuzz testing left. We are on the lookout for the newcomers in this area.
Virtual Dispersive Networking (VDN)
Man in the Middle (MiM) attacks are cracking traditional encryption technologies and targeting intermediate nodes. MiM happens when a hacker can monitor, alter, or inject messages into a communication channel and are becoming a thorny problem for companies. Data that was once securely encrypted can now be broken by parallel processing power. SSL and Virtual Private Networks (VPNs) cannot always protect messages as they travel across intermediary pathways.
A new technology called Virtual Dispersive Networking (VDN) can help in mitigating MiM attacks. VDN splits the message into multiple chunks, encrypts those chunks and routes them over different protocols on independent paths, servers, computers, and even mobile phones. The data chunks flow dynamically through optimum paths that are randomized, considering congestion or other network issues. As a result, hackers are left scrambling to find the small data chunks as they whip through data centers, the Cloud, the Internet and so on. Networking industry is waking up to such innovation trends.
Cybersecurity Posture Assurance
Data protection and privacy are key elements of cybersecurity, and an organization’s ability to be compliant depends greatly on its posture. Misconfigurations and unprotected user accounts are the woes of cybersecurity teams and the usual suspects when it comes to breaches or data leaks. Cybersecurity Posture Assurance assesses constantly corrects, an organization’s cybersecurity posture. This is another example of an active solution that, in addition to constantly validating IT assets, also delivers continuous compliance and risk management. Security posturing not only helps with regulatory compliance in real-time but also helps continually monitor and improve security.
Active Defense Measures
Cyber criminals are becoming increasingly aggressive and use of techniques that can track or even attack hackers are new ways of mitigating cyber risk. The idea is - instead of sitting back and waiting for the hacker to come and get you, you take proactive measures to thwart them. Examples of active defense measures include:
Counterintelligence Gathering: Requires a cyber expert to go “undercover” to seek information about hackers and their tools and techniques. It might be as simple as reverse malware analysis; it might be as surreptitious as cloaking your identity and going into Internet malware storefronts.
Sinkholing: Designed to impersonate the real thing, a sinkhole is a standard DNS server that hands out non-routable addresses for all domains within the sinkhole. The goal is to intercept and block malicious or unwanted traffic so it can be captured and analyzed by experts.
Honeypots: Honeypots take the bait and trap approach. A honeypot is an isolated computer, data or a network site that is set up to attract hackers. Cyber security analysts use honeypots to research Black Hat tactics, prevent attacks and catch spammers. The concept has been around since 1999, but applications continue to grow in sophistication.
Active defense measures can lead into dangerous waters such as participating in illegal projects and frequent illegal sites. None of these things are legal.
There will be many other Cybersecurity innovations on the horizon as the world and work environment is changing rapidly. The space in general will be highly active in 2021.
/Service Ventures Team
Comments