Reuven Harrison, Chief Technology Officer
Joe Schreiber, Technical Director, Business Development
Welcome back to our two-part series exploring the technology trends that will impact network security in 2018. In the first part of the series, we talked about the automation tipping point and its main drivers, as well as our predictions for cloud adoption. Let’s kick off the second part of the series with a look at containerization.
Containerization was certainly a technology buzzword 2017. With the rise of containerization, the notion of network segmentation moves from the network to the realm of containers. Containers provide more flexibility; however, because they can exist anywhere, it’s not possible to isolate them off with traditional network segmentation based on IP subnets. Our prediction is that in 2018, network segmentation goes to the services level.
Taking the topic of containers a step further, we predict that immutable infrastructure will get more attention as it leverages the rise of containerization. Software updates and patching are time-consuming and not always foolproof. Instead, wouldn’t it be easier and more secure to remove it, recreate it, and bring it back as new? That is the idea behind immutable infrastructure. In theory, this approach provides more consistency and reliability, and containerization has the inherent means to take advantage of this new paradigm. The continual decoupling of application from infrastructure gives new freedoms. People will take more notice of this in 2018 and begin to invest; as a longer-term prediction, immutable infrastructure will take off around 2019-2020.
As we mentioned in the first part of the series, 2017 was a seemingly endless stream of cyberattacks. Will next year bring the same? In 2018, we predict an increase in attacks that directly cause human injury or extreme congestion. WannaCry is good example of this scenario as the attack took down airports, and we’ll see more of that in 2018.
Other likely scenarios: people will take advantage of everyday, real-world technology that depends on algorithms of machine learning that are built on a very static environment. For example, self-driving cars expect stop signs to look a certain way. They are easily confused, and bad guys will exploit this, distorting traffic signs to confuse self-driving cars, causing severe traffic and chaos on the streets – or worse, traffic accidents.
In extreme cases, SCADA attacks could turn off power and water, leaving countless people without these essential systems that are necessary for their everyday life and safety.
That brings us to our final security prediction: the security cat-and-mouse game will extend into machine learning. Machine learning isn’t immune to cyberattackers; it is not foolproof and can still be confused or “fuzzed.” Machine learning can be tricked into thinking something is normal and allow access, or even create a DOS attack by feeding misinformation. Also, the machine learning engine is often separate from the application (as a service, for example), so it can be used as another point of attack or another way to blind an adversary.
In addition, machine learning allows attackers to study and better understand the behavior and identity of their targets. Some examples: attackers can learn their target’s password habits to launch a brute force attack in a more focused way, or learn the writing style of their target and imitating it in a spear-phishing attack. Machine learning makes these techniques much more focused and efficient.
What can organizations do to overcome these challenges and develop and maintain an agile, secure network? We recommend a two-step process. First, start by establishing a basic network security policy. Having a security policy that is written, understood, and properly managed is essential to plugging any holes in the network, managing requested changes, and eliminating the risk of human error. If you don’t have a well-understood and documented security policy in place, you probably don’t have very good security – you most likely have blind spots and are more vulnerable to making mistakes due to human error.
Next, organizations should consider a zero-trust model. Without such a model, many organizations find themselves in reactive mode – responding as necessary. A zero-trust model coupled with a security policy in place ensures that access is granted only to those who need and are allowed access, enabling organizations to take a proactive stance to security.
Learn more about how Tufin can help you address your network security challenges in 2018 and beyond.