Network security is the topic du jour in this episode of The SecurityANGLE, our series covering the cybersecurity sector, featuring theCUBE Research managing director and principal analyst Shelly Kramer, and Jo Peterson, CUBE Collective community member and VP of Cloud and Security Services at Clarity360.
5 Network Security Predictions for 2024
As mentioned, this episode focuses on all things network security, and our discussion centers on network security predictions for 2024.
For starters, as you’re thinking about network security, lasering in on cloud architecture and developing a holistic, integrated, scalable, and adaptable strategy and approach to cybersecurity that spans the organization as a whole, ensuring consistent and objective policy implementation is key. This includes implementing access control, software integrity, and vulnerability response measures to protect network infrastructure from threats.
Why do we need these things? As we’ve transitioned to a more distributed, hybrid workforce, strengthening internet security measures like Web Application Firewalls (WAF) and Distributed Denial of Service (DDoS) mitigation is also top of mind for cybersecurity pros. That’s why we’re seeing a focus on network security, including implementing network segmentation, isolated segments, and micro-segmentation, all of which provide various levels of security for different segments of the network.
It’s also essential to have multiple layers of defense at the edge and in the network, in both hardware and software. There are other key areas where user privacy and corporate data protections are top of mind, and you’ll hear more about this in this episode.
Network Security Prediction #1: SaaS Security Will See Increased Focus
SaaS Security. SaaS Security tops our list of network security predictions for 2024, and we expect to see increased focus on and interest in SaaS Security as the year progresses. As enterprise apps become more widely adopted, the dangers of misconfigured SaaS are very real.
Research from a recent Cloud Security Alliance (CSA) report shows a significant rise in investment in SaaS and SaaS Security resources. CSA data indicates a massive 66% of organizations report they have upped their spending on apps, while 71% have increased their investment in security tools for SaaS.
It’s also estimated that 55% of all SaaS users have some sensitive data inadvertently exposed on the internet owing to the mismanagement of SaaS usage, and security misconfiguration.
CSA survey repondents shared more that than half (58%) of their organizations’ SaaS security solutions only cover 50%, or less, of their SaaS applications. This is significant, as this is a gap that can’t be filled using manual audits and cloud access security brokers. Other key concerns coming out of the CSA report are:
- Misconfigurations of SaaS apps are the most common security issue, followed by cross-site scripting, which involves injecting malicious code into web pages that end users see/have access to.
- Insider threats, including employees not paying attention and those with malicious intent, can leak data, exposing SaaS apps and the organization’s data in the process.
- Data stored in the cloud is a network security risk and the regular use of weak passwords and/or credential sharing poses an outsized risk.
- Identity theft is also a pressing network security threat. Many SaaS companies use online payment methods, which can present an identity threat risk and require protecting credit card data and user identities.
Upping Your SaaS Security: Fundamental Practices to Follow
So, how do IT leaders combat SaaS security concerns? Here are some fundamental practices to follow:
Choose your vendor partners wisely. Start by choosing a reputable SaaS provider, and one that you can be assured bakes security into the very foundation of the products they build and sell. Research from Trellix (a company formed by the merger of cybersecurity giants McAfee and FireEye) showed that while most customers simply trust their service providers to “handle” security, only 18% of SaaS providers support MFA, and only 10% encrypt data at rest. Yikes.
Don’t Skimp When it Comes to Due Diligence. Dig deep as you evaluate potential vendor partners, review their audits to ensure compliance, and ask questions about data encryption, data segmentation, and cyber protection.
Certifications Matter. Look for certifications like SOC 2 Type 2, PCI DSS, and Cloud Security Alliance Verification. Also, look for other important components like data protection, access management, and third-party integration.
Track, Track, Track. Keep a usage inventory, use automated tools to track usage of SaaS applications and track who is using what throughout the organization.
CASB Solutions Add Value. Consider using a Cloud Access Security Broker (CASB) solution as part of your network security stack to add security controls that some SaaS providers don’t natively offer.
Visibility Matters: You Can’t Fix What You Can’t See. Network observability and visibility are key – monitor all usage and security logs. Make sure your IT team knows that SaaS solutions aren’t set and forget it – they should be continuously monitored, and you should have a risk management strategy in place that ensures users are safely handling these apps.
Network Security Prediction #2: Hackers Never Tire of DDoS Attacks
We talked a little about Distributed Denial of Service (DDoS) attacks in our last show, and they continue to be one of the primary tactics threat actors employ, presenting serious network security challenges. While DDoS attacks have been around for a long time now, what’s old is definitely new, and the fact that DDoS attacks, spurred by threat actors embracing AI and automation, are on the rise is evidence of that.
Per NETSCOUT’s latest DDoS Threat Intelligence Report for 1H 2023, a staggering total of ~7.9 million distributed DDoS attacks were observed during the first half of the year — a 31% increase year over year. This represents an unbelievable 44,000 DDoS attacks every day.
Zayo recently announced its annual Distributed Denial of Service (DDoS) Insights Report, which analyzed DDoS attack activity and its impact across industries in the first half of 2023. The report found that DDoS attacks in the first part of 2023 were up 200% from 2022. Activity had increased nearly four-fold from Q1 to Q2 in 2023, which Zayo insinuates has been caused by increased automation in the digital world.
As attackers continue to exploit the sophistication of AI and automation, the report also found that there was a 387% increase in attack activity from Q1 to Q2 of 2023 alone.
The most attractive attack vectors are Education, Cloud, and SaaS companies, all of which saw a significant increase in the frequency of attacks. The biggest attacks happened targeting retail, telecommunications, and media companies.
According to Zayo’s data, “2023 reached a fever pitch” of attack activity, largely due to the use of AI and automation. Their survey data showed a 387% increase in attack activity from Q1 to Q2 2023.
Network Security Prediction #3: Convergence is the New Black
Network security prediction #3 is all about convergence, a key trend we expect to see more of in 2024. We are seeing organizations actively work to consolidate the number of cybersecurity vendors (and tech stacks) throughout the organization as a whole, driven by concerns about operational complexity and a need to mitigate risk.
Cybersecurity vendors have taken notice of this trend. We are seeing CrowdStrike, Cisco, Fortinet, Palo Alto Networks, VMware, and Zscaler, all fast-tracking product roadmaps to turn consolidation into a growth opportunity.
Some of the products that are top of mind when we look at turning consolidation into growth opportunities are SASE and XDR.
The SASE model consolidates numerous networking and security functions — traditionally delivered in siloed point solutions — in a single, integrated cloud service. SASE, for the most part, is delivered as-a-Service and is generally one of the ways an organization gets their first taste at Zero Trust via Zerto Trust Network Access (ZTNA).
Unlike a VPN, which just recognizes a device, ZTNA recognizes a user, and combines that recognition with real-time context. For example, if a user is US-based but is logging in from Italy, it will send up a red flag. It knows the geolocation where the person works regularly and recognizes this is an anomaly that should be investigated.
When discussing VPNs and network security, we are reminded of comments made by Zscaler CEO Jay Chaudhry in a recent interview with theCUBE at RSAC 2023. Chaudhry was giving an example of the risks posed by VPNs, which he called “the biggest security threat to enterprises out there.”
He went on to share an example of what happens when users get on the network using a VPN, or being on the network with firewalls, and a VPN that was particularly salient:
“I come to see you, they stop me at the reception, they check my ID, they give a badge and they say, “Jay, go inside. Your meeting is on seventh floor, but go wherever you need to go.” I am inside. I could wander around wherever, snoop around, not even go to my meeting room and leave. That’s what happens with network security and VPN. In the Zero Trust model, sure they stop me at reception, check my ID, give me a badge. Then they’ll say, “Jay, stop. You will be escorted to room 22 and 22 only. You don’t even need to know the room number. Once your meeting happens, we are going to escort you out, period.” And if you are really security savvy, like the DOD, you’ll say, “Jay, we are going to blindfold you and take you to the meeting room.
Your meeting happens, we blindfold you again, we take you out.” You really connect to a given party, a given application at a time.”
That’s a key part of Zscalers’s value prop: mitigating the ability for a threat actor to get into the network and move around laterally. With Zscaler’s Zero Trust architecture it doesn’t matter where your applications are: the factory, warehouse, data center, or AWS, Azure, GCP, or Oracle Cloud. Wherever they are, the Zcaler architecture connects users to the right application, without having to worry about extending the network to every place.
Network Security Prediction #4: Did Somebody Say Acquisition?
We’ve seen some significant acquisitions in 2023, one of the largest of which was Cisco’s $28B acquisition of Splunk.
We’ve also seen activity from SonicWall, in the acquisition of Security Service Edge (SSE) services provider Banyan Security, which provides cybersecurity services to both enterprise and SMB customers.
And in the last couple of weeks, SentinelOne announced the intent to acquire PingSafe, which has a cloud native application protection platform (CNAAP). This platform, when combined with SentinelOne’s cloud workload security and cloud data security capabilities, is expected to provide companies with a fully integrated platform that will provide better coverage, hygiene, and automation across their entire footprint.
These are just a few examples of acquisitions in the cybersecurity arena, as companies work to integrate comprehensive functionality into their suite of security offerings and find, in many instances, that they’re stronger together than operating as independent entities.
Network Security Prediction #5: Does Zero Trust Start with the Network?
Our network security prediction #5 is all about Zero Trust, and with good reason. As we say a lot here at theCUBE, “architecture matters.” Applications are out there: in the data center, warehouses, in SaaS apps, in the cloud, etc., and the architecture must be done correctly — Zero Trust architecture is where it’s at. As an industry, we got a wake-up call about network security when the SolarWinds attack happened. Then we had the Colonial Pipeline attack, which was enabled by a remote access VPN. These crippling attacks meant that it was time to get serious about Zero Trust.
We believe that Zero Trust Network Architectures (ZTNA) are the future of enterprise security, for several reasons:
- Changing Perimeter: Traditional security models rely on the concept of a trusted internal network and an untrusted external network. Zero Trust assumes that threats can come from both inside and outside the traditional network perimeter.
- Dynamic Work Environments: Modern enterprises have dynamic and distributed work environments. That is not going to change, and work environments will continue to be distributed.
- Least Privilege Access: Zero Trust follows the principle of least privilege, which means that users and devices are only granted the minimum level of access needed to perform their tasks.
- Micro-Segmentation: We touched on micro-segmentation earlier in the show, and with good reason. Zero Trust often involves implementing micro-segmentation, dividing the network into small, isolated segments which serves to limit movement.
- Authentication and Authorization: We mentioned the importance of MFA earlier as well, and Zero Trust places a strong emphasis on MFA, which limits access.
- Adaptability to Cloud Environments: Zero Trust is adaptable to cloud environments, allowing organizations to secure their data and applications regardless of where they are hosted.
- Regulatory Compliance: Many industries and regions have stringent data protection and privacy regulations. Zero Trust can help organizations comply with these regulations by implementing strong access controls, encryption, and monitoring.
In summary, as we wrap this show, our 5 Network Security Predictions for 2024 include:
- SaaS security will see an increased focus.
- DDoS attacks will continue to increase rapidly, and protecting against them is critical.
- Convergence is the new black. We expect to see organizations actively work to consolidate the number of cybersecurity vendors they use to both mitigate risk and reduce operational complexity.
- Consolidation within the industry is a given, and we expect to see more acquisitions as vendors look to add to the breadth of their solutions and become more holistically attractive to customers.
- Zero Trust Network Architectures are, without question, the future of network security.
Watch the full episode of The SecurityANGLE here:
and stream it wherever you get your podcasts.
In this series, you can expect interesting, insightful, and timely discussions, including cybersecurity news, security management strategies, security technology, and coverage of what major vendors in the space are doing on the cybersecurity solutions front. As always, let us know if you’ve got something you’d like us to cover. You can find us on the interwebs here: