Is IT team’s worst security nightmare unfolding with rampant BYOD due to unsurpassed mobility, adoption of cloud and exploding interconnections foreseen in the world of Internet of Everything? Gone are the days when the most effective policy was to build a controlled environment, and secure oneself through limited access to the external world.
Increasingly sophisticated attacks, dynamic nature of threats, advanced persistent threats (APTs), thriving underworld hacking industry, attackers innovating in lockstep with evolving technology and cloud-based solutions stress the need for enhanced, integrated and scalable security solutions focused on prevention, detection, mitigation and remediation of attacks, across the entire span of user and network touch points, without leaving any security gaps due to fragmented solutions stitched together using disparate products.
Integrated security solutions, aimed at protecting network resources and content, could be on-premises or cloud based offerings. In the new paradigm of SDN, these solutions should allow for central policy management and distributed policy enforcement.
Security solutions typically build an intelligence ecosystem by analyzing and aggregating extensive telemetry data including web requests, emails, malware samples and network intrusions, to protect networks, endpoints, mobile devices, virtual systems, web and email from known and emerging threats.
Protecting Network and Virtual Resources
Network Security Solutions have evolved beyond traditional firewalls that control ingress and egress traffic flows according to predefined rules that help enforce a given security policy, be it through packet filters or application proxies. Traditional firewalls resort to stateful packet inspection (SPI) as against deep packet inspection (DPI), and are not capable of distinguishing one kind of web traffic from another. DPI is helpful in managing application and data driven threats by looking deep into the packet and making granular access control decisions based on packet header and payload data.
Secure site-to-site and remote user connectivity can be enabled through IPSec, SSL, L2TP or PPTP based VPNs. User authentication for remote access VPNs are typically carried out through RADIUS, TACACS, LDAP, Active Directory, Kerberos or SmartCards.
While earlier-gen Intrusion Detection Systems (IDS) passively scan traffic and report on threats, Intrusion Prevention Systems (IPS) sit directly behind firewalls, actively analyze traffic, thwart any denial-of-service (DoS) attacks & application hijack attempts, by dropping malicious packets, blocking traffic from the source address, resetting the connection and additionally notifying the administrator as IDSs do.
Unified Threat Management (UTM) systems perform multiple security functions such as DPI, IPS, IDS, NAT etc. in a single platform. Given that this approach involves multiple devices and separate internal engines that examine a packet multiple times to perform individual security functions, it adds packet latency resulting in degraded network performance, apart from increasing operational management overhead.
Next-gen firewalls (NGFWs) – With security requirements being critical to businesses, IT managers had to sacrifice on network performance to achieve network security using UTMs, until the advent of next-gen firewall solutions. NGFWs are application-aware and so can differentiate traffic flows, even if they share a common protocol/port combination. They perform optimized DPI to detect anomalies and known malware, by examining the packet only once and thus ensuring performance. In addition to DPI enabled application-awareness/granular control, and traditional firewall functions of NAT and VPN, NGFWs come with integrated signature-based IPS engine and ability to integrate intelligence from outside the firewall such as directory based policy, blacklists and whitelists.
Most important of all, apart from identifying and controlling use of predefined applications based on their signatures, NGFWs can learn new applications by watching how applications behave and alert administrators if there is any deviation from base-lined normal behavior.
NGFWs perform packet inspection and SSL decryption in high-performance hardware and so can perform full packet inspection without introducing latency.
Network Access Control (NAC) – Traditionally, NAC can restrict what devices get on a network and thus were intended to work well in a closed static environment with company-owned devices. The phenomenon of BYOD has caused security to move up to the application layer with IT teams enforcing access controls through mobile app wrappers and installation of device management profiles.
In addition to solutions for physical resources, Sandboxing is increasingly being used in virtual environments, to improve security by isolating a given application to contain damages due to malware, intruders and other users, especially in virtual desktop infrastructure solutions.
Network Security Solutions – Sourced from opennetworking.org
Securing Content
Content Security Solutions protect users, email and data from inbound and outbound web security threats, and have evolved from standalone to hosted offerings.
Email Protection – Email security appliances keep critical business email safe from spams and malwares, with good spam capture rate, minimal false positives, fast blocking of new email transported viruses to avoid proliferation in the network, effective zero-hour antivirus solutions, and ability to scale threat analysis.
Web Security – In addition to effective malware protection, complete web security requires solutions to provide granular and nuanced policy knobs to control how end users access the internet, and implement proprietary and confidential data access controls through deep content analysis. Thus businesses can control access for specific features and applications such as messaging, audio, video based on user’s business requirements, without blocking access to entire websites or internet.
Security Market
While the overall security market opportunity is very strong, content security and traditional appliance/software markets are seeing a decline. Growth in hosted/SaaS solutions is offsetting the above downward trend to keep the overall security market flat.
Network security and content security market TAMs are at $6.5B and $2.8B respectively, with each growing at around 4% YoY.
Cisco leads the network security market with nearly 35% market share, followed by Check Point with 15% share and Fortinet, Palo Alto, Juniper and McAfee capturing between 5-8% of the market each.
Leaders in the content security market are Blue Coat, McAfee (Intel), Cisco, Websense and Symantec with each of these players having captured about 10-15% market share. While no single player currently dominates the market, top vendors have been extending their market reach through strategic partnerships and acquisitions.
Where do we go from here?
In the new world driven by SDN and Big Data analytics, security solutions will be evaluated on their ability to glean and integrate threat intelligence from the ever-growing ecosystem, dynamically update privileges and trust profiles of any user, device or application in real time to thwart or remediate any attack, and most importantly scale to actualize IoE, while hiding solution complexity for IT operations. Unlike other technology areas, majority of the security innovation is embedded deep inside the hardware/software offering with no inkling to the operations team or network user. Security is also a field where solution effectiveness is evaluated on the misses and not on instances of job well done, and so is quite often relegated to the back burner until a major flare-up.
What important aspects of security landscape have I missed out?
Can Enterprises and Service Providers fully mitigate personal data risks due to mobile apps, social networks and cloud hosting? If not, what measures do end users have to take, and what are the technology gaps?
What insights do you have into the mobile security market, or security needs of IoE?
Feel free to share your views in the comments section.
Anything Connected 