Network Security in the New Service Provider Reality
We are standing at the cusp of a new digital era. Everything is in flux -- business models, data, networks, devices, applications, and services. BYOD and IoT are just the tip of the iceberg: Networks don't just need to be bigger and faster -- they need to be dynamic, fluid, and intuitive. They need to become part of a larger, global meshed Internet, where data and intelligence is shared dynamically between traditionally isolated users, devices, and organizations. And not just in response to demand, but also in anticipation of it.
To meet this demand, networks are being redesigned from the ground up to accommodate hyper-virtualization, smart applications, services-based networking that abstracts the physical layer, and three-dimensional data processing across an exponentially growing set of devices.
For this to work, two things need to happen. First, many of the activities and decisions that currently require human intervention need to be automated. Anytime someone needs to click a button, drag and drop a service, find a file, or respond to an alert, they become, by definition, a bottleneck. And second, individual organizations (no matter how big) need to acknowledge that they are not going to be able to do this on their own.
Service providers play a pivotal role in this new paradigm. More data than ever is going to be pushed through their networks. Content will be increasingly denser and require more bandwidth. More users and devices than ever will need instant access to data wherever it is located, from virtually anywhere else on just about any device imaginable.
With the influx in data and devices, the opportunities for cyber criminals are expanding in parallel. Thus, service providers need to closely examine their levels of protection for not just themselves, but for their customers as well. To provide the protection that is required, service providers will need to consider three aspects of their security infrastructure.
1. Policy: You need to ensure that security policy follows the data, no matter where it goes. You cannot secure every device along a data or transaction path. And you cannot count on users to make good decisions about security.
If data is moving between a corporate network and service provider environment, itís a good idea for you to both have the same sort of security solutions in place. If done right, this can ensure that security policies and enforcement requirements are consistently applied as traffic moves back and forth between the domains the organization owns and the ones they don't. Management and orchestration tools can also work together, which means that threat intelligence can be collected and correlated no matter where a threat may appear.
2. Procedures: Stop thinking about security as a bunch of discrete devices deployed around the network. Instead, think of security as the function of a single, interactive security fabric that permeates the entire distributed environment, from IoT to the cloud. The average IT security manager is monitoring up to 14 dashboards, and often hand-correlating events and data between them. This is simply not sustainable, especially as the time to respond to threats gets smaller and the scope of the network continues to expand.
Add the security skills shortage to the mix and you are brewing a perfect storm of escalating vulnerability combined with increasingly complex security deployments that have actually reduced visibility and control. This is an opportunity made for service providers and presents openings for you to provide value-added security services to organizations that lack the scale, skills and technology necessary to effectively manage and deliver security across dynamic and highly distributed network environments.
3. Technology: Use solutions designed to meet the next generation of threats. Most security solutions do a pretty good job of identifying and preventing threats that happen in predictable ways. They come from places known to be a problem. They are nice enough to pass their traffic through the firewall or IPS device, fitting known patterns so they can be quickly filtered out.
But the really good attacks are anything but predictable. They require coordination between multiple devices to recognize multi-vector attacks. Tools need to collaborate to provide appropriate responses and dynamically segment the network to intelligently contain threats. And they canít wait for human intervention.
While service providers need to take note of the cyberattacks of today, they also need to be aware of the emerging threats that will soon impact the integrity and security of their networks and those of their customers.
The first is that the emerging IoT means that there are new threat vectors that need to be addressed. Many IoT devices are 'headless', so you can't install an endpoint client on them. The first line of defense is access control. But with the volume of traffic and devices increasing, organizations need a single access control strategy that covers local, remote, and cloud-based access points with a unified access policy. This may require that policy be centrally managed, but provide distributed enforcement, including coordination with service provider access policies.
A second issue is that new threats and critical threat intelligence are beginning to hide in the vast amounts of data that flow largely uninspected through the network: IDC estimates that companies examine only about 10% of the data that crosses into their networks. The rest is "unstructured" or "qualitative" data from things such as online surveys and response forms, customer forums and social media, documents and videos, and helpdesk calls and anecdotal evidence gathered by sales teams.
This data tends to be contextual rather than numerical, so it's not easy to inspect or correlate. But unstructured data can provide the context organizations need to make good decisions and predict problems.
Additionally, sharing threat information with others in the industry will help keep organizations aware of the evolving attacks and threats taking place in real time. Gone are the days where an attack happens and months later the details of the attack are shared. By that time, it is too late. Cyber criminals are agile and are constantly changing their attack methods and approaches. As we enter the IoT age, service providers will need to be more transparent with each other and work together to share information on cyberattacks to better identify changes in attack methods and approaches.
As networked environments become more complex, security needs to adapt. The answer to complexity is simplicity along with dynamic and automated coordination of security elements, regardless of where they reside. Legacy security models will need to be refreshed. A new security architecture, capable of serving the distributed networks that span the IoT to the cloud and which adapts and responds to threats in real time, is a logical next step.
Deciding what changes to make to your network security to fit the new realities of your business will probably be one of your biggest near term challenges. Which path will you take? There are no easy answers but one thing is certain, doing nothing and sticking with the status quo is not a viable option.
ó Matthew Pley, Vice President Carrier & Service Provider Group, Fortinet