Firewalls and Antiviruses Not Sufficient to Protect Us in 2018

We live in an era of bigger, more complex networks, more serious security threats – cyber criminals, nation states, advanced persistent threats (APTs), fraud and espionage. Network defenses such as intrusion detection / prevention systems (IDS/IPS), firewalls, and antivirus are critical first measures of defense. But all these have limitations that prevent complete protection of enterprise networks.

Some of what we predict for 2018 in regard to network security are actually in response to a couple of the main disruptors we see in IT overall: IoT and artificial intelligence (AI):

The Internet of things and hyper connectivity will fundamentally disrupt traditional security safeguards

Thanks to the our increasingly hyper connected world, I believe that simply having a firewall to protect against your external enemies and threats will become a thing of the past. A security infrastructure that require data to traverse it to do its job will no longer be enough. In fact, the terms “dirty-side” and “clean-side” currently being used to describe network interfaces will have no meaning.  Tomorrow, threats will come from what seem like unlikely and trusted sources. It’s going to be second and third connected business partners that you will have to worry about. Someone that is once or twice removed from your infrastructure being hacked makes you just as vulnerable as a nefarious internal actor trying to compromise your data. There used to be only so many ways one could gain entry to a system, but now with the explosion of devices and access points, these traditional defenses are simply not going to work anymore. The cleanly delineated view of your network being secure through the use of a firewall separating trusted and untrusted traffic will be antiquated, and instead security will be better ensured by viewing the network much more holistically as well as having technology safeguards in place that monitor the behavior of users and handle anomaly detection.

In the near-term, crowdsourcing will be used more aggressively by IaaS providers as a means of improving their security

The crowdsourcing model works in regard to security because history has shown that the more eyeballs you have on a problem, the faster vulnerabilities will be found. WEP is exhibit A of this model, which was the initial encryption standard which was released as part of the first wireless networking standard. It was found to be riddled with vulnerabilities out the door because it was developed in a closed environment with no inputs from a broader base of people with an interest in identifying and shoring up any weaknesses. The lesson was learned from this example and these standards are now open for broader analysis. Bounty programs at Microsoft, Oracle and others also prove this out. Why? Because they ask for help from many people, numbering in the hundreds and more, who are motivated to find bugs or vulnerabilities in their products and make them better and more secure. Alternatively, if you develop in a silo, your defense against vulnerabilities is only as good as the 5, 10, 20 or so people that work on particular protocols and the one thing  the teams miss will lead to vulnerabilities. If you have hundreds or more people working on these problems, then chances of finding and securing vulnerabilities goes up dramatically. Therefore, as counterintuitive as it may seem, the more open you are, the more protected you can be. As more  and more companies adopt these bug, or vulnerability bounty programs, this crowdsourcing security model will prove to be one of the most  efficient,  economical and effective strategies for shoring up the security of the network as well as it has for software and browsers.

Network security will ultimately be driven by machine learning and Artificial Intelligence

Machine learning and artificial intelligence technologies at the security layer are going to be extremely dependable sentinels. Unlike todays network security systems which are largely human administered and maintained, ML and AI will be constantly vigilant against threats and vulnerabilities and will allow  us to use the “P” (prevention) in IPS with confidence. The current thinking as a security professional is that if you have an updated database, secure firewall, patched OpenSSL, etc., you’re secure – but this presents a false sense of confidence that can be fatal to the security of the network. Machine learning and AI technology don’t suffer from over confidence and preconceived notions of security.  It will simply do the job of identifying anomalies and mitigating threats, but far faster and better than today’s, largely human latency bound, security posture model.


profile-image

Hansang Bae

Guest Author Hansang Bae is Chief Technology Officer at Riverbed Technology, responsible for guiding company’s technology vision and strategy in the application performance industry, as well as SteelScript (open APIs) and Wireshark open source development.

Also Read

Stay in the know with our newsletter