Network protection has become increasingly important with the advent of IoT and clever hackers.
The recent spate of ransomware attacks has put the spotlight back on network security, making it an uphill battle for almost all organisations in the region. With hackers always trying to get into networks though new and creative ways, the spending on network security, especially on firewalls/UTM products, have gone through the roof.
IDC forecasts worldwide revenues for security-related hardware, software and services will grow to $101.6 billion in 2020. The largest category of investment will be security-related services, which accounted for nearly 45 percent of all security spending last year. Security software is the second largest category, with endpoint security, identity and access management, and security and vulnerability management software driving growth.
According to Gartner, worldwide spending on information security is expected to reach $90 billion in 2017, an increase of 7.6 percent over 2016, and to top $113 billion by 2020. Additionally, spending on enhancing detection and response capabilities is expected to be a key priority for security buyers through 2020 and we are expecting to see a move away from prevention-only approaches to focus more on detection and response.
“We are already providing the capabilities required for securing your physical security system and that can help you keep your organisation safe from cyber threats and illegal or unauthorised access through encryption, authentication and authorisation.” – Firas Jadalla, Genetec
Over the last two decades, the focal point of network security has been on perimeter, but now the advent of cloud computing and mobile applications has expanded the boundaries of the enterprise network.
“Historically, network security has been focused on ports and protocols, and it has relied on the ability to scan network traffic – typically at the perimeter of the enterprise networks. Included in protecting the network are, firewalls, IPS, web gateways, DDoS protection, VP and more,” says Paula Musich, research director at Enterprise Management Associates.
While cloud and mobile applications have contributed to the crumbling walls of the network perimeter, IoT is expected to accelerate that trend further.
“IoT will bring thousands or even more new devices to the corporate networks. These devices will have been designed mainly with two main considerations; features and cost. Security usually is left out, which means that enterprises need to have a clear understanding on how to handle the new devices joining the network. Zero-day threat prevention is the natural evolution of the threat detection. The defenses have mainly been built around detecting threats after they have penetrated the network. Moving into prevention mode will allow organizations to stop the threats from entering the network completely,” says Kalle Bjorn, system engineering director at Fortinet.
“Security usually is left out, which means that enterprises need to have a clear understanding on how to handle the new IOT devices joining the network.” – Kalle Bjorn, Fortinet
Mahmoud Mounir, regional director of SecureWorks, agrees: “Ransomware has now become the most profitable type of malware and criminal gangs will continue to develop it as long as it proves (at least as, or more) profitable than traditional banking trojans. Ransomware is an easy way for hackers to make quick money. Historically, ransomware has been directed at businesses for higher value ransoms. However, with the rise in poorly secured Internet of Things (IoT) devices we anticipate a shift towards attacks against consumers. The IoT environment is filled with security mistakes and bugs such as small embedded Linux systems, built by well-meaning engineers with no security expertise are the norm for this space, so adversaries will take full advantage.”
Musich says the the introduction of context-aware security has blurred the lines between network and application security, and the integration of network security appliances and software with endpoint protection has contributed to that blurring. While security has traditionally been focused on securing the perimeter, there is a growing shift with more and more information accessible via the Internet and application on the internet. It has become imperative for organisations to secure access to cloud-based enterprise applications and mobile apps used by workers to collaborate.
“While cyber threats are becoming more powerful, networks are becoming more disjointed and complex. To enable an effective defense, data and security elements across all of your various environments must be well-integrated, able to share intelligence and visible. Endpoint, network and application security must all work together to defend the entire network,” says Bjorne.
Firas Jadalla, regional director of Genetec, offers us a different perspective from the physical security standpoint: “At Genetec, we have been looking closely at the security of physical security systems and how to secure communications, servers and data. We are already providing the capabilities required for securing your physical security system and that can help you keep your organisation safe from cyber threats and illegal or unauthorised access through encryption, authentication and authorisation.
“Ransomware has now become the most profitable type of malware and criminal gangs will continue to develop it as long as it proves profitable than traditional banking trojans.” – Mahmoud Mounir, SecureWorks
Are enterprises placing too much focus on network security while most attacks are targeted at the applications layer?
Industry pundits say security is neither a network nor an application problem, it’s a risk management problem. The solution is prioritising based on the sensitivity of data or applications in conjunction with understanding how high of a risk is actually present.
Both applications and networks present risks and have the potential for malicious hackers to gain access to sensitive information inside the network or inside applications that have access to the network. When it comes to allocating resources, you can’t pick one or the other. CSOs will have to look at it from a risk perspective and decide where you are going to allocate between the two.