2021 was another year where we truly realized the extraordinary value of our digital infrastructure. It kept us connected, collaborating and producing through tough times, and will continue to do so in 2022. But this increased reliance has increased the risks. As our means of production become increasingly virtualized, the attack surface for hackers grows. As a result, 2022 will be an important and challenging year for network security. However, through adaptation and innovation, we will meet these challenges. These predictions reflect three of the ways we will do so.
#1: Most network security moves to the cloud
As applications, computing, and data storage move to the cloud, CISOs’ security concerns have naturally migrated there as well. And their concerns about cloud security have been running high. In a survey of global CISOs conducted by Cybersecurity Insiders for the CISO Cloud/SaaS Security Reportan overwhelming 94% reported being moderately to extremely concerned about the security risks associated with the increased use of public clouds.
A major driver of this anxiety has been the lack of visibility into traffic within and between public, private, and hybrid clouds. It is not surprising, therefore, that in a survey of security professionals for Cybersecurity Insider’s 2021 Network Detection and Response Reportrespondents reported that 2 of the top 3 gaps in network visibility were cloud-related: cloud workload traffic (46%) and SaaS applications (39%).
But there are strong indications that this gap will close in the coming years. First, we’ve seen a threefold increase in demand for evaluations of our integrated traffic visibility software from cloud security vendors. This includes vendors that offer cloud security products for both enterprise customers and cloud service providers.
Given normal product development cycles, this increased demand translates to new or improved cloud security products hitting the market in 2022 and 2023. And, if venture capital funding is any indication, demand of these products is high. Consider, for example, the additional $350 million in funding just announced by Sysdiga cloud security and container startup that has now reached a $2.5 billion valuation.
A second strong indicator is demand from CISOs, who are prioritizing investment in security products that they believe will improve their cloud security posture. in the mentioned CISO Cloud/SaaS Security ReportMost respondents reported new planned investments in SD-WAN (Software-Defined Wide Area Network) for multi-cloud/multi-site environments (35%) and in SASE (Secure Access Service Edge), which offers SD – WAN and cybersecurity as a service in the cloud) (25%). Other planned investments included next-generation Cloud FWaaS (Firewalls-as-a-Service), (WAAF) Web Application Firewalls, and SCG (Secure Cloud Gateways).
#2: All cyber defense will include network detection and response (NDR)
High-profile incidents in 2021 like the attacks on Colonial Pipeline, JBS Foods, Acer, Quanta Computer Inc., CNA Financial Corp., Twitch, Microsoft and Kaseya have left everyone in shock, and rightly so. They point to a future of sky-high ransoms, massive data leaks, and ultra-sophisticated adversaries. These adversaries include hacker groups affiliated with nation states and international criminal networks. Groups are capable of slow, carefully staged attacks that are extremely difficult to detect. They are also very opportunistic, as the almost instantaneous and massive buildup of the Log4j vulnerability shows.
It stands to reason, therefore, that 2021 has seen a sharp increase in the adoption of network threat detection and response (NDR) solutions. NDR solutions are designed to detect and respond to advanced cyber threats that have bypassed endpoint and perimeter defenses and can quickly inflict damage undetected for months or years.
To combat these advanced threats, NDR combines the signature-based threat detection capabilities of intrusion detection/intrusion prevention systems (IDS/IPS) with network traffic analysis (NTA), which detects unknown or hidden threats. by identifying behavioral anomalies in network traffic. (often with the help of machine learning).
Vendors clearly see the value of anomaly detection to combat increasingly advanced cyberattacks, and in this case, they are fully aligned with their customers. In it 2021 Network Detection and Response Report survey, 73% of cybersecurity professionals agree that network traffic analysis at the heart of NDR is important or critically important to detect threats that have evaded traditional defenses.
In addition, NDR solutions are experiencing a rapid rate of adoption, with 55% of respondents in the same survey stating that they have implemented or plan to implement an NDR in a standalone NDR product or comprehensive XDR solution.
Increased interest in adapting Meerkat for NDR
A related trend we are seeing is a strong interest in using deep packet inspection (DPI) and traffic intelligence software to enhance Suricata’s capabilities for using NDR. Suricata is the most widely deployed IDS/IPS in cybersecurity. Therefore, it is only natural that providers often turn to Suricata to fulfill the role of IDS/IPS in NDR systems.
However, Suricata signatures are not natively aligned with some of the recent evolutions in IP networks. Enhancing Suricata with traffic intelligence software helps bridge this gap. Consequently, we anticipate an increase in such integrations in 2022 to:
Expand Suricata protocol coverage for cloud, SaaS, IoT and OT applications and protocols,
Provide important contextual metadata about content, connections, files, users, devices, and security risks to better tailor Suricata rules to specific customer environments, and
Give Suricata visibility into encrypted and evasive traffic, without the need for decryption.
This last capability, which provides visibility into encrypted traffic, is at the core of prediction 3.
#3: Innovative security solutions will handle encrypted traffic
While data encryption is vital for safe and secure communications, it limits the visibility network professionals rely on to manage networks and detect cyber threats. So for our survey on The future of deep packet inspectionWe asked product managers of enterprise networking, cybersecurity, and telecommunications solutions if network encryption was affecting their current product: 90% said it was affecting their product now, or would soon, and 10% hoped their solution to become completely ineffective due to encryption.
This is partly due to the fact that the encryption rate of network traffic increased in 2021 to an estimated 80-90%. And the adoption of stronger encryption standards like TLS 1.3 has also gained ground. The adoption of TLS 1.3 means that even if an organization wants to use a proxy for decryption and inspection, it will be more complex and resource intensive, and in some situations, impossible. At the same time, the use of encryption by hackers to cover up malware and malicious activity has also increased.
Due to the importance of this challenge, we expect to see innovations in the strategies used to identify potential threats in encrypted network traffic and provide the overall visibility needed to support network operations without using decryption.
Innovations released in 2021 provide a preview of the kind of new approaches we may see in 2022. These 2021 innovations include detection of potential secure communications interceptions, or “Man-in-the-Middle” attacks, using multiple analytical techniques , and the use of machine learning to classify encrypted traffic flows into categories of applications and services.
MITM innovation is important because these attacks are extremely difficult to detect and will increase in 2022 as attackers look for new methods to access data in encrypted environments. Using machine learning to categorize traffic flows into application and service categories is important because in TLS 1.3 environments, the limited data that normally remains clear in encrypted flows and is used for classification of encrypted traffic is no longer available. , which makes conventional classification methods unusable.
We hope that innovations like these, along with new and improved NDR and cloud security solutions, will help keep your organization secure and prosperous as you meet the challenges and opportunities that lie ahead in 2022.