2021 was another year in which we truly realized the extraordinary value of our digital infrastructure. It kept us connected, collaborating and producing through challenging times, and will continue to do so in 2022. But this heightened dependence has increased risks. As our means of production become increasingly virtualized, the attack surface for hackers grows. As a result, 2022 will be an important and challenging year for network security. Through adaptation and innovation, however, we will meet these challenges. These predictions reflect three of the ways we will do so.
#1: Most of Network Security Moves to the Cloud
As applications, computing and data storage shift to the cloud, CISO security concerns have naturally migrated there as well. And their concerns about cloud security have been sky high. In a survey of global CISOs by Cybersecurity Insiders for the CISO Cloud/SaaS Security Report, an overwhelming 94% reported being moderately to extremely concerned about security risks associated with the increased use of public clouds.
A major driver of this anxiety has been a lack of visibility into traffic within and between public, private and hybrid clouds. It is not surprising, therefore, that in a survey of security professionals for Cybersecurity Insider’s 2021 Network Detection and Response Report, respondents reported that 2 of the top 3 gaps in network visibility were cloud related: cloud workload traffic (46%) and SaaS apps (39%).
But there are strong indications this gap will be closing over the next few years. First, we’ve experienced a three-fold increase in demand for evaluations of our embedded traffic visibility software by providers of cloud security products. This includes vendors who offer cloud security products to both enterprise customers and cloud service providers.
Given normal product development cycles, this increased demand translates to new or enhanced cloud security products coming to market in 2022 and 2023. And, if venture capital funding is any indication, the demand for these products is high. Consider, for instance, the additional $350 million in funding just announced by Sysdig, a container and cloud security start-up that has now reached a valuation of $2.5 billion.
A second strong indicator is demand from CISOs, who are prioritizing investment in security products they think will improve their cloud security posture. In the aforementioned CISO Cloud/SaaS Security Report, a majority of respondents reported planned new investments in SD-WAN (Software-Defined Wide Area Network) for multi-cloud/multi-site environments (35%), and in SASE (Secure Access Service Edge), which delivers integrated SD-WAN and cybersecurity as a cloud service) (25%). Other planned investments included next generation Cloud FWaaS (Firewalls-as-a-Service), (WAAF) Web Application Firewalls and SCG (Secure Cloud Gateways).
#2: All Cyber Defense Will Include Network Detection and Response (NDR)
High-profile incidents in 2021 like the attacks on Colonial Pipeline, JBS Foods, Acer, Quanta Computer Inc., CNA Financial Corp., Twitch, Microsoft, and Kaseya have left everyone shaken, and rightfully so. They point to a future of sky-high ransoms, massive data leaks and ultra-sophisticated adversaries. These adversaries include hacker groups affiliated with nation states and international crime rings. The groups are capable of producing carefully staged, slow-moving attacks that are extremely difficult to detect. They are also highly opportunistic, as the nearly instantaneous, massive pile-on to the Log4j vulnerability shows.
It is logical, therefore, that 2021 has seen a sharp increase in the adoption of Network Threat Detection and Response (NDR) solutions. NDR solutions are designed to detect and respond to advanced cyber threats that have bypassed perimeter and endpoint defenses and can quickly go about inflicting damage undetected for months or years.
To combat these advanced threats, NDR combines the signature-based threat detection capabilities of Intrusion Detection/Intrusion Prevention Systems (IDS/IPS) with Network Traffic Analysis (NTA), which detects unknown or hidden threats through the identification of behavioral anomalies in network traffic (often with the help of machine learning).
Vendors clearly see the value of anomaly detection in combatting increasingly advanced cyberattacks, and in this instance, they are fully aligned with their customers. In the 2021 Network Detection and Response Report survey, 73% of cybersecurity professionals agree that the network traffic analysis at the heart of NDR is important or critically important to detecting threats that have evaded traditional defenses.
In addition, NDR solutions are experiencing a rapid adoption rate, with 55% of respondents in the same survey stating they have deployed or plan to deploy an NDR in a standalone NDR product or comprehensive XDR solution.
Increased interest in adapting Suricata for NDR
A related trend we are observing is a strong interest in using deep-packet inspection (DPI) and traffic intelligence software to enhance Suricata’s capabilities for NDR use. Suricata is the most widely deployed IDS/IPS in cybersecurity. It is natural, therefore, that vendors often look to Suricata to fulfill the IDS/IPS role in NDR systems.
However, Suricata’s signatures are not natively aligned with some of the recent evolutions in IP networking. Enhancing Suricata with traffic intelligence software helps to close this gap. Accordingly, we anticipate an increase in such integrations in 2022 to:
- Extend Suricata’s protocol coverage for Cloud, SaaS, IoT and OT applications and protocols,
- Supply important contextual metadata about content, connections, files, users, devices, and security risks to better adapt Suricata rules to customer-specific environments, and
- Provide Suricata with visibility into encrypted and evasive traffic, without requiring decryption.
This latter capability - providing visibility into encrypted traffic – is at the heart of prediction 3.
#3: Innovative Security Solutions Will Handle Encrypted Traffic
While data encryption is vital for safe and secure communications, it limits the visibility network professionals rely on to manage networks and detect cyber threats. So, for our survey on The Future of Deep Packet Inspection, we asked product managers of enterprise networking, cybersecurity and telecommunications solutions if network encryption was impacting their current product: 90% responded it was impacting their product now, or soon would, with 10% expecting their solution to be rendered fully ineffective because of encryption.
This is partially due to the fact that the ratio of network traffic encryption increased in 2021 to an estimated 80-90%. And, adoption of more robust encryption standards like TLS 1.3 has also gained ground. TLS 1.3 adoption means that even if an organization would like to use a proxy for decryption and inspection, it will be more complex and resource-intensive, and in some situations, impossible. At the same time, the use of encryption by cyber hackers to cloak malware and malicious activities has also increased.
Because of the importance of this challenge, we expect to see innovation in the strategies used to identify potential threats in encrypted network traffic, and to provide the general visibility needed to support network operations without using decryption.
Innovations released in 2021 provide a preview of the kind of new approaches we may see in 2022. These 2021 innovations include the detection of potential interceptions of secure communications, or “Man-in-the-Middle” attacks, using multiple analytical techniques, and the use ofmachine learning to categorize encrypted traffic flows into application and service categories.
The MITM innovation is important because these attacks are extremely difficult to detect, and they will increase in 2022 as attackers seek new methods to gain access to data in encrypted environments. The use of machine learning tocategorize traffic flows into application and service categories is important because in TLS 1.3 environments, the limited data that normally remains clear in encrypted flows and is used for encrypted traffic classification is no longer available, rendering conventional classification methods unusable.
We hope innovations like these, along with new and improved NDR and cloud security solutions, will help keep your organization safe and prosperous as you navigate the challenges and opportunities ahead in 2022.
