The cybersecurity space is getting complex with each passing day because of:
- A proliferation of end points and blurring perimeters: BYOD, tablets, cloud, smartphones, RFID card readers, POS terminals, and a range of IoT and connected ecosystem of devices:
- The sophistication of attacks affecting network security due to disruptive technologies: artificial intelligence (AI), IoT, Big Data, and quantum computing to name a few. The attributes database of security solutions can be defeated faster than you can imagine with machine learning, deep learning, neural networks, search algorithms, and quantum algorithms (in the near future)
*It is well known that Shor’s quantum algorithms for factoring and discrete logarithms completely break the RSA and Diffie-Hellman cryptosystems
- Newer threat vectors impacting network security making traditional signature-based end point detection obsolete: It takes an attacker to mutate the hash just to disable any signature-based network security solution
**According to PandaLabs annual report, out of 15,107,232 new samples of malware in 2017, 99.10% are only seen once *
- Newer attack motives like nation-state actors
A few years ago, I was wondering why the network security industry is so fascinated with software-defined networking buzzwords. But now it is a corollary that leveraging real-time abstraction, autonomics (AI + analytics), orchestration, scalability, and application programming (API) on top of DevOps is the not a choice but a mandate in the cybersecurity space, leading us to pave the way for software-defined networking security.
***The Gartner Hype Cycle for Emerging Technologies 2017 included software-defined networking security as one of the key platforms enabling digital technology expected to dominate the security market in the next two to five years.
The data center and physical infrastructure are being replaced by virtualized, cloud on-premise, and hybrid infrastructure after leaving out the physical infrastructure and network proximities. Traditional security deployment strategies were constructed around physical hardware and network segmentation. Abstraction enables taking into account a perimeter beyond a physical boundary and security on demand anywhere, irrespective of its deployment. This ultimately takes the shape of Universal ASB (Access Security Broker) or CASB more appropriately.
One of the most dominant trends is the widespread application of AI which makes real-time visibility, predictive analytics, and learning an inherent deliverable to customers. Integration of autonomics will enhance the intelligence, implementation, and depth of governance. Vendor-independent autonomics which take into account all existing security deployments will enhance the capabilities of a security solution beyond imagination, making it capable of tackling more complex threats erupting in the current scenario. At the height of its most advanced learning, a trained intelligent security agent will dynamically watch your perimeter, learn, predict, and remediate all your network security software needs. It derives the prediction and remediation cues not through development models but by linear and nonlinear training models (such as classification, clustering, and neural networks). Not to mention, industry forecast of end point multiplication up to five times (approximately 75 billion) by 2025 holds the key to the future shift in industry operational morphology. It points to an automated security operation carried out with absolutely minimal or no human intervention.
Scalability and orchestration of software-defined network security will be another key aspect of an evolved and matured solution. A highly scalable and orchestrated solution maintains its relevance in changing business dynamics. A range of diverse security deployments across customer environments (EPDR, Firewall, IDPS, etc.) is orchestrated to holistically meet the business requirement while ensuring that they are scalable to the extent of customer specific customization. Security orchestration through a centrally managed platform will enhance the visibility, resilience, effectiveness of security measures, governance, and elastic control. It ensures that the infrastructure and application environment remains nonfragile amidst the security incidents, preventing chaos, and facilitating seamless business continuity management.
Customers have made substantial investments in security solutions. However, static deployments are not robust enough to meet the dynamic threat landscape. They should be open to evolve and adapt. An open-ended API implementation and integration with the legacy solution will help the security platform to evolve and ensure customers’ confidentiality, integrity, and availability remains intact. API enablement will result in future-proofing the security measures. API-enabled DevOps cycle will assist in deploying dynamic implementations as and when required, either proactively or predictively, always challenging robustness of the current platform, and ensuring seamless orchestration and abstraction across perimeters.
We can look forward to a shift from software-defined infrastructure and software-defined networking (SDN) to software-defined anything (SDX). No wonder if software-defined security powered the tomorrows SOC’s dynamics to an extent that they evolve before zero-day predictive analytics and zero-day spoil.