There is no denying we are at an exciting place in technology history. The Internet of Things is charging onto the scene, bringing us smart and connected healthcare devices, industrial systems, cars and more. The pace of change in technology is continuing to accelerate, bringing consequences both intended and otherwise.
Businesses and consumers alike are poised to benefit from the explosion of IoT devices. This growth in the number of devices is accompanied by a huge increase in the amount of data flowing across corporate networks as well as the public Internet.
Cisco's annual Visual Network Index tells us that by 2020, there will be 26.3 billion networked devices globally, and IP traffic will reach an annual run rate of 2.3 zettabytes, up from 870 exabytes in 2015.
Hitting the Virtual Highway
The Internet of Things is one large driver of the anticipated surge in traffic -- and risk, predicts Cisco's Visual Networking Index.
Now for the bad news: All of this is happening at a point when cyber criminals of even limited skills can buy exploits on the dark web for much less than the price of tickets to the Broadway musical "Hamilton" -- and in return realize tens of thousands of dollars in profit from a successful data breach. Criminals no longer need any technical sophistication to profit on illegal activity. Additionally, the value and amount that the data hackers can steal is poised to grow as companies amass more of it from an ever-widening array of sources, including from customers who likely will have dozens of network-addressable devices in their homes in the next few years.
Compounding this challenge is the clear trend of increasing sophistication in the threats cyber criminals use, from drive-by downloads to watering hole attacks to the most common attack vector, spear phishing. Malware is now polymorphic, changing their thumbprint as many as thousands of times per minute to evade corporate defenses. Advanced persistent threats (APTs) constantly target specific organizations, often starting with spear phishing emails which compromise systems to gain network access, eventually deploying additional tools to fulfill attack objectives.
As you might imagine, it's nearly impossible to detect these attacks and protect against them using traditional defense-in-depth approaches. Perimeter protection fails when threats are no longer "outside of the moat" so to speak, but are now "inside the castle." Using signature-based threat detection is ineffective in the face of attacks specially built to evade signature detection.
Looking for a few more factors to complicate the situation? There are more. Companies tend to rely on too many discrete and diverse point solutions as part of their defense mechanisms. Combined with their use of diagnostic rather than predictive security procedures, they wind up with too many false alarms that lead to security staff alert fatigue. That desensitization makes it easier for the real security threats to slip by unnoticed.
At the same time this total volume of data being transported grows, companies are increasingly moving to software defined networks (SDN) and network functions virtualization (NFV). While the move brings benefits for dynamically provisioning network services and streamlining operations, the switch to using virtual images that interact with each other for routing or firewalls or session border controls, rather than individual appliances, may also increase the security risks to the network from a single compromised device.
A better way
As big data gets bigger and its value ever more enticing to the bad guys, truly actionable intelligence which would enable security teams to effectively patrol their organizations often doesn't exist. But it can.
Now is the time for security teams to evolve their approach to a new age of major threats. The way to do it: Leverage big data analytics -- especially in combination with machine learning, artificial intelligence and human guidance and judgment -- to understand normal network behavior, and to distinguish it from true abnormalities and reduce false alarms. Feeding the knowledge gained from analytics in an ongoing loop back into the organization's systems, as well as to a global security operations center like the one Masergy operates, enables security to continually learn about and automatically predict real, new threats amidst the huge amount of network data.
Indeed, the more that's monitored, the smarter the analytics become -- and the better an organization gets at handling threats.
Not only that, but forensic analysis grows more effective too: Security operations centers can leverage big data analytics to recreate actual incidents across multiple systems to discover how an exploit is done and even simulate potential defenses against it.
It wouldn't be surprising to learn that many security professionals out there have had reservations about things like IoT and SDN in this more intense age of threats. After all, it seemed as if these new technologies offer opportunities for cyber criminals to benefit even more from an advantage they've always had: That is, they need to get things right only one time to succeed in exploits, whereas security pros have to get things right every time to stay safe.
With big data analytics, the industry has a chance to even the odds. Given the current threat landscape, it is not arriving a moment too soon.
— Ray Watson, VP of global technology, Masergy,. Special to the New IP Agency. Watson recently led an Upskill University course, available here, on "Big Data Analytics & Network Security."