2021 was another year in which we truly realized the extraordinary value of our digital infrastructure. It has allowed us to stay connected, collaborate, and produce during difficult times, and will continue to do so in 2022. But this increased dependency has increased the risks. As our means of production become more and more virtualized, the attack surface for hackers is growing. Therefore, 2022 will be an important and challenging year for network security. Through adaptation and innovation, however, we will meet these challenges. These predictions reflect three of the ways we’re going to do it.
#1: Most network security is moving to the cloud
As applications, computing and data storage move to the cloud, security concerns for CISOs have naturally migrated there as well. And their concerns about cloud security have skyrocketed. In a survey of global CISOs conducted by Cybersecurity Insiders for the CISO Cloud/SaaS Security Report, an overwhelming 94% of respondents said they were moderately to extremely concerned about the security risks associated with the increased use public clouds.
A major driver of this anxiety has been the lack of visibility into traffic within and between public, private, and hybrid clouds. It’s no surprise, then, that in a survey of security professionals for Cybersecurity Insider’s Network Detection and Response Report 2021, respondents reported that 2 of the top 3 network visibility gaps were cloud-related: cloud workload traffic (46%) and SaaS applications. (39%).
But there are strong indications that this gap will close over the next few years. First, we saw a threefold increase in demand for reviews of our built-in traffic visibility software from cloud security vendors. This includes vendors that offer cloud security products to both enterprise customers and cloud service providers.
Given normal product development cycles, this increased demand translates to new or improved cloud security products hitting the market in 2022 and 2023. And, if venture capital funding is any indication, demand for these products is high. Consider, for example, the additional $350 million in funding just announced by Sysdig, a container and cloud security startup that has now hit a $2.5 billion valuation.
A second strong indicator is demand from CISOs, who are prioritizing investments in security products that they believe will improve their cloud security posture. In the CISO Cloud/SaaS Security Report mentioned above, a majority of respondents reported planned new investments in Software-Defined Wide Area Network (SD-WAN) for multi-cloud/multi-site environments (35 %) and SASE (Secure Access Service Edge), which provides integrated SD-WAN and cybersecurity as a cloud service) (25%). Other planned investments included next generation Cloud FWaaS (Firewalls-as-a-Service), (WAAF) Web Application Firewalls and SCG (Secure Cloud Gateways).
#2: All cyber defense will include network detection and response (NDR)
High profile incidents in 2021 like the attacks on Colonial Pipeline, JBS Foods, Acer, Quanta Computer Inc., CNA Financial Corp., Twitch, Microsoft and Kaseya have rattled everyone, and rightly so. They point to a future of exorbitant ransoms, massive data leaks, and ultra-sophisticated adversaries. These adversaries include hacker groups affiliated with nation states and international criminal networks. Groups are capable of producing slow, carefully staged attacks that are extremely difficult to detect. They are also very opportunistic, as shown by the almost instantaneous and massive accumulation of the Log4j vulnerability.
So it makes sense that 2021 saw a surge in the adoption of Network Threat Detection and Response (NDR) solutions. NDR solutions are designed to detect and respond to advanced cyber threats that have bypassed perimeter and endpoint defenses and can rapidly inflict undetected damage for months or years.
To combat these advanced threats, NDR combines the signature-based threat detection capabilities of Intrusion Detection/Prevention Systems (IDS/IPS) with Network Traffic Analysis (NTA), which detects unknown or hidden threats. through the identification of behavioral anomalies in network traffic. (often with the help of machine learning).
Vendors clearly see the value of anomaly detection in combating increasingly advanced cyberattacks, and in this case, they are fully aligned with their customers. In the 2021 Network Detection and Response Report survey, 73% of cybersecurity professionals agree that analyzing network traffic at the heart of NDR is important or critically important for detecting threats that have eluded traditional defenses.
Additionally, NDR solutions are experiencing a rapid adoption rate, with 55% of respondents in the same survey saying they have deployed or plan to deploy NDR in a standalone NDR product or full XDR solution.
Increased interest in adapting Suricata for NDR
A related trend we are seeing is a strong interest in using deep packet inspection (DPI) and traffic intelligence software to enhance Suricata’s capabilities for NDR use. Suricata is the most widely deployed IDS/IPS in cybersecurity. It is therefore natural that vendors often turn to Suricata to fulfill the IDS/IPS role in NDR systems.
However, Suricata’s signatures are not natively aligned with some of the recent developments in IP networks. Enhancing Suricata with traffic intelligence software helps close this gap. As a result, we expect these integrations to increase in 2022 to:
Expand Suricata’s protocol coverage for Cloud, SaaS, IoT and OT applications and protocols,
Provide important contextual metadata about content, connections, files, users, devices, and security risks to better tailor Suricata rules to customer-specific environments, and
Provide Suricata with visibility into encrypted and evasive traffic, without requiring decryption.
This last capability – providing visibility into encrypted traffic – is central to Prediction 3.
#3: Innovative security solutions will handle encrypted traffic
While data encryption is vital for safe and secure communications, it limits the visibility network professionals rely on to manage networks and detect cyber threats. So, for our survey of The Future of Deep Packet Inspection, we asked product managers of enterprise networking, cybersecurity, and telecommunications solutions if network encryption had an impact on their current product: 90% said it impacts their product now, or will soon, with 10% expecting their solution to be totally ineffective due to encryption.
This is partly due to the fact that the network traffic encryption rate has increased in 2021 to around 80-90%. And the adoption of stronger encryption standards like TLS 1.3 has also gained traction. Adoption of TLS 1.3 means that even if an organization wishes to use a proxy for decryption and inspection, it will be more complex and resource-intensive, and in some situations, impossible. At the same time, cyber hackers’ use of encryption to conceal malware and malicious activity has also increased.
Due to the importance of this challenge, we expect to see innovation in the strategies used to identify potential threats in encrypted network traffic and to provide the general visibility needed to support network operations without using decryption. .
Innovations released in 2021 provide a glimpse of the kind of new approaches we might see in 2022. These 2021 innovations include detecting potential interceptions of secure communications, or “Man-in-the-Middle” attacks, using multiple analytical techniques, and the use of machine learning to categorize encrypted traffic flows into application and service categories.
MITM innovation is important because these attacks are extremely difficult to detect, and they will increase in 2022 as attackers seek new ways to access data in encrypted environments. Using machine learning to categorize traffic streams into application and service categories is important because in TLS 1.3 environments, the limited data that normally remains clear in encrypted streams and is used for traffic classification encrypted are no longer available, rendering conventional classification methods unusable.
We hope that innovations like these, along with new and improved NDR and cloud security solutions, will help keep your organization safe and prosperous as you face the challenges and opportunities ahead in 2022.