For this week’s “In the News”, research a new technology solution, or new method to utilize a previous technology, to address Communications and Network Security. How does this solution or application revolutionize networks? If this is particular to certain industries, please also include that detail.
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Rommel R. Miro says
https://securelink.net/en-be/campaign/the-added-value-of-artificial-intelligence-for-your-firewall/
A traditional firewall, even with automated response features, can only act on the bad rating of a threat. Sometimes, individual behaviors may seem non-malicious, but if they are seen over time, they might be part of a multi-step intrusion. Next generation firewall with AI is also able to protect against risky behavior by using user and device behavior analytics and machine learning. Data is collected off the network, endpoints and cloud storage, then analyzed to identify advanced attackes, malware or threats.
This is similar to how UEBA work; User and Entity Behavior Analytics or UEBA, is a type of cyber security process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. It is expected that a compromised account will have different activity patterns prior to the breach. A noticeable change in traffic, downloaded data, sites visited and other changes that otherwise would not raise any red flags should be picked up by UEBA.
The technology used in the firewall and approach in UEBA can both be tied to the trends currently seen with AI in general. Despite challenges and the relative age of AI, one of the key benefits that is hard to ignore is the potential to recover billions of hours of worker productivity. The Gartner article estimates that in 2021, AI augmentation will recover 6.2 billion hours of worker productivity.
Also, since we still have a long way to go with AI and all the subsets within it, AI implementation demands significant intellectual skills and effort. Another point from the article is that workers will need to continue to guide AI so that it can continue to learn and mature, making the process more of a cycle.
Steve Pote says
I am uncomfortable with how we have lost the definition of AI. Maybe it is just evolving (diminished) expectations or numbness from sales oriented websites talking about artificial intelligence (lower case, meaning a really, REALLY ~Palo~ good set of rules) but abbreviating (and implying) Artificial Intelligence (capitalized proper noun, autonomous response to novel patterns …minimally).
Both have a huge place in the future of security. The sales hype makes me squirm.
UEBA too has some dark unexplored corners. While soon to be huge and valuable, this method of surveillance tiptoes on Fourth Amendment rights and ~Profiling~ as a means to raise suspicion. Where and how this tech is applied is a very good/evil conundrum.
Steve Pote says
Sorry, I meant to set this as a direct reply to Rommel’s post above…
Steve Pote says
I am going to go off the common path a bit, someone else may mention AI…I am going to go more old school, and old.
To connect the dots, a dedicated intrusion detection device is a money proposition. You are paying for something that, in paradise, would never be fully used. There is some math in there around the annualized rate of occurrence but that’s for another class. Home computing has always been like the younger sibling of business; catching it’s bugs just after, maybe learning a little, maybe repeating the same mistakes. Here business and home computing can use the same model to stem the tide of electronic intrusion. Remember, business executives can get phished or exploited on their home networks too…
My ~new method to utilize a previous tech~ is quite literally reusing it. The long version: Past useful service devices (*assuming some patch-ability on the old device*) can serve as intrusion detection stations. My blog example is a (technical) walk through that makes a great PoC at the home level but one that is equally efficacious in a larger environment. The idea is simply this: old devices passively listen and report up if something interesting happens.
The Liam Randall CEO of Critical Stack ( in the same vertical as Snort) recommends sanitizing old systems but leaving them up with very simple triggers. Imagine a laptop with a broken screen and no real data or internal connections that emails you if a logon is attempted or a network scan run…also works for retired servers emailing IT Security verbose data or, as an IPS, triggering firewall actions. In the larger business world there is a place for similar zombified servers to report to the “real” IDS or SEIM or your newfangled AI when one can be purchased. For a touch of green – an old smartphone will run Wireshark and can be charged by a solar cell or any USB source. If an old device is chattering in wireshark you’ve got intruders. No need to “Blue Pill” a VM when you can run your decoy victim on physical hardware.
While this is partially an ~AI – 1999 style~ rant with humor the underlying PoC is sound. Old low maintenance zombie devices can monitored for any activity at all. https://techanarchy.net/blog/home-ids-with-snort-and-snorby
Folake Stella Alabede says
https://www.csoonline.com/article/3397053/review-firemon-clears-the-clutter-for-network-security-policy-management.html
One of the biggest challenges in network security is managing the complexity of the network. As organizations grow, so does the number of systems in their network grows.
Each system or application, based on business need has its own set of requirements, configurations and policies/rules. However, sometimes this rules conflict each other and managing the conflicts can be daunting task.
The FireMon application promises to bring together all the complicated and conflicting configurations and policies even from other security products and resolve it based on data collated over 15 years in the course of finetuning the application.
Oby Okereke says
WHAT IS 5G:
https://www.sdxcentral.com/5g/definitions/what-is-5g/
——————————————————————————————————————
My post addresses the 5G wireless network – the next generation of mobile internet connectivity and 5th generation of cellular mobile communications. A lot of buzz around Internet of Things (IoT) signifies the need for a new infrastructure that will power even more devices at a faster speed.
5G is designed to be the network of IoT enabling ultra-reliability, low-latency and coverage. Some of the key highlights is video traffic. It is not hard to notice that most of our online news-feeds days is primarily audio and visual content compared to written and read messages. A quick look on most websites will quickly show marketing schemes geared towards short bursts of video and audio info-graphics – minimal texts. With so many devices scrambling for network speed, the delivery of this content is currently slow, demanding more bandwidth – 5G hopes to provide higher data speeds for applications such as streaming video, video conferencing, virtual reality, remote surgeries, smart cities and self-driving cars.
5G certainly promises to be a disruptor for many industries. It will change the economy, our society and individual lives at large. Security, resiliency, robustness and data integrity will be priority in the design of future 5G network architecture due to massive device connectivity.
Another interesting highlight that I gleaned while researching about 5G is “Self-organizing networks (SON).” SON will reduce costs of installation and management of the network by simplifying operational tasks.
Another worthy mention from my research is SDN – Software-defined networking which will aid operators to carve virtual “sub-networks” or slices that can be then used for bigger bandwidth applications. SDN is will redefine the network architecture to support the requirements of the 5G ecosystem— In particular, 5G SDN will provide an intelligent architecture for network programmability, as well as the creation of multiple network hierarchies. SDN will play a pivotal with respect to the commercialization of 5G.
AT&T, Verizon, T-Mobile, and Sprint all plan to introduce 5G in the few months, Currently, some carriers are conducting tests in metropolitan cities.
Folake Stella Alabede says
Hi Oby,
An interesting article on 5G technology. The most advanced 5G network has been developed by Huawei and it is allegedly being used as part of china surveillance program. I am however concerned about its possible use for hacking.
Oby Okereke says
Hi Stella,
You are absolutely right. I have being paying close attention to the news per Huawei’s ban in the U.S. And you certainly have a valid concern; As Cnet put it “The core issue with Huawei has been concerns about its coziness with the Chinese government and fears that its equipment could be used to spy on other countries and companies.” And It would appear other countries are following suit and time will tell how things will pan out for Huawei.
Brock Donnelly says
With no trade resolution between China and the US, Huawei is in the middle ocean with a beat motor. Yet, if Huawei has a handle the technology that the world wants they could be the most searched for commodity since the titanic. Perhaps next level communications are the root cause for this trade war. I thought the root cause was over China’s new silk road but it could be multifaceted.
This is a very detailed article on 5G. Thanks for finding it.
Duy Nguyen says
https://www.networkworld.com/article/3401523/cisco-software-to-make-networks-smarter-safer-more-manageable.html
Cisco to deploy AI to its networking software, making it smarter and easier to manage. The deployment will make it easier for organization to manage multi-domain integration, control users, devices, and applications. AI and machine learning techniques will also be able to analyze network traffic and security patterns and proactively assist users in monitoring. Together with Cisco’s DNA center, organization will be able to manage any device, user, and application no matter where they connect to the network.
Scott Radaszkiewicz says
If you have ever configured Cisco equipment, you really need to know what you’re doing to get it to work correctly. Consoling into Switches and Routers to command line config them has been the standard forever. You really need to know what you’re doing to configure things correctly. I’m curious to see how this is going to change any of that. While I welcome making things easier, I do wonder how it might dilute the knowledge needed to truly know what you’re doing!
Brock Donnelly says
Scott as humans we are going to slowly automate ourselves out of every job. AI and computer learning advancements could create the Utopian society we all dream (assuming advanced computers could also figure a way that we may give up the need for currency.) I’d like to condemn it only because we do not know how to accommodate the loss of financial distribution for the population that currently fulfills jobs that could be replaced by automation. Perhaps Utopia can only come with great loss.
Ahmed A. Alkaysi says
I think one of the areas where we have seen a large amount of increase, in terms of adoption, and investment, in the past few years is the Cloud. It seems like the majority of time when the Cloud is brought up, it is thought of a place where data is being stored. The discussion then shifts to how the data is being protected, implications of HIPAA and the health industry, trusting the Cloud provider, etc… However, the Cloud is much more than that. It has become the future-state of many organization running their systems, services, and in many cases, end up migrating the majority of their on-prem solutions to. Security is no different. The Cloud has become a home to an organization’s security infrastructure, which include things like virtualized hardware, firewalls, intrusion detection and prevention systems.
This is not to say that all on-prem security solutions will be, or should be, migrated to the Cloud. However, there is a number of benefits to hosting these types of systems on the Cloud: it can end up being cheaper, changes can be made to systems without impacting a multitude of other systems, and data-gathering and analysis can be done more easily. Amazon, Google, and Microsoft (biggest providers of Cloud) are also releasing new, innovative, products for security on a frequent basis.
The scalability, availability, and extensbility of using Cloud will eventually persuade organizations to not only migrate their data, applications, and services, but their security as well.
https://www.barracuda.com/glossary/cloud-firewall
Scott Radaszkiewicz says
Ahmed, I agree with you that this is a hot topic right now. More than just storage for your data, it can be your entire network existing off premises in the cloud. It’s funny how computing has become cyclical. We started off with main frames and dumb terminals, then we went away from that and had everything installed on workstations, with servers merely storing data. Now, it’s going back to the mainframe mentality where you have a dumb terminal (Chromebook or Netbook) and you’re accessing all of your programs and data on the new mainframe system…the cloud! Oh, and there is no cloud, it’s just someone else’s computer ! 🙂
Brock Donnelly says
… and is it a big computer. To give you the real impact of how huge it is at Amazon. Amazon has 11 regions for AWS around the globe, the regions have at least two availability zones totaling 28 zones. Each region has at least one data center. A data center can have a total of 80,000 machines totaling AWS conservatively at 2.24 million machines. So a fair estimation is that AWS has some 2.8 million and 5.6 million servers across its infrastructure.
Oh and get this, each and every day Amazon builds the virtual network space that required the amount to run Amazon itself in 2007.
Brock Donnelly says
I would like to talk to you about drones, Amazon’s drones. Amazon is in the news again for its drone delivery service. It was shelved due to regulatory reasons close to two years ago when Amazon announced they would be able to deliver packages to your house in an average of three hours. Not much of a peep about it until about two days ago when Amazon announced a new drone design. Yesterday headlines were saying it would happen in months. Today, their CEO says “a couple of years out.” I am sure the delay is largely regulatory but most likely it is about airspace. In fact, it is such a common concern, Amazon addresses it on their 2016 PR drone site:
“How will Amazon integrate Prime Air vehicles into the airspace?”
“Safety and security are top priorities as we look to incorporate small drones into the airspace. We’re working with regulators and industry to design an air traffic management system that will recognize who is flying what drone, where they are flying, and whether they are adhering to operating requirements.”
This is a new area where regulations are yet defined for a new communications space. While everyone is worried that drone operators are peeping into their windows, the radio frequency space could be getting a large number of new neighbors. If drone delivery for one company is a few years out how many more companies will delivery by drone in hopes that the novelty will boost their business? Communication with these drone fleets over large distances will require strong communication channels. Amazon will need to create a network of charging stations/landing zones. These zones will likely be capable of wireless drone communications. With Amazon actively seeking new business arenas, we could soon see Amazon providing drone communication services especially if they were the first to build the said network. From the response from Amazon, it seems even a regulatory 3rd party will have the tools to recognize drone operating requirements. This is going to require dedicated radio frequency airspace. This frequency range is going to have to be separate from the consumer space even if operating within the same technology, drones. The commercial regulations set forth over the next few years will also determine rules for the consumer. Such could require two separate bandwidths or at least dedicated channels.
The obvious concern for Amazon would be hijacking. Perhaps a new type of pirate? Security within the drone from remote attackers would be a high priority. Without it, a hacker could simply change the delivery direction for the delivery for ten iPhones.
Amazon is the first to rely on drones to improve their business. Speaking of Pirates. Do you remember ThePirateBay? Maybe you don’t . Back in 2012 when they were dealing with constant shutdowns ThePirateBay wanted to take to the skies with server drones. I don’t think it ever got off the ground. Ohh!
https://www.wired.co.uk/article/pirate-bay-drones
https://www.adweek.com/digital/amazon-still-needs-regulatory-approval-for-drone-deliveries/
https://finance.yahoo.com/news/amazon-drone-delivery-a-couple-years-out-221435102.html
Folake Stella Alabede says
Hi Ahmed,
I believe before considering the kind of security on the cloud, the cloud deployment model should be taken into consideration. The article explains that SaaS Firewalls should be deployed on SaaS platform which is meant to filter traffic on the application in the cloud. This would indicate that as a client-organization we would have no control over the firewall or its rules. The Next firewall is deployed as an application on a virtual server and therefore suitable for the PaaS and IaaS deployment model.
Therefore, understanding the deployment models would make us take a more informed decision on Firewall applications should be deployed in the cloud
Ahmed A. Alkaysi says
Hi Stella, yep you are 100% correct. The organization would choose their deployment model based on their needs and objectives. I believe the larger organization will choose an IaaS implementation where they will have the most control over the infrastructure and software solutions, while a smaller organization with lack of dedicated IT resources, maybe your average general medical practitioner will instead choose an SaaS where it is easier for them to setup and manage.
Scott Radaszkiewicz says
Cognitive Bias Can Hamper Security Decisions
https://www.darkreading.com/threat-intelligence/cognitive-bias-can-help-shape-security-decisions/d/d-id/1334925?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple&fbclid=IwAR1x0kco_gCnDVA1laJnYMDM3aRJAZZ0l5qLa7ssjox1yrkDvonzOkh5CxM
I found this article very interesting. It talks about how bias affects the decisions that a person or organization may make about security decisions. Dr. Margaret Cunningham is a research scientist at Forcepoint and author of “Thinking about Thinking: Exploring Bias in Cybersecurity with Insights from Cognitive Science.” Cunningham states that business leaders are making decisions on cyber security based on what they are hearing and seeing in the news. When a state authored cyber attack hits national news, then the topic is on everyone’s mind, and everyone panics to figure out how they can prevent it from happening to them.
The article explains that there are several types of bias. Availability bias is how the availability of information affects decisions. Aggregate bias is when people get lumped together based on some factors, like older people are less technology literate. Confirmation bias is when a person finds facts to support their position, but ignores other facts. Anchoring bias is when a person becomes stuck on the first thing they hear or see, and they can’t get away from it. Framing effect bias is when information is presented in a certain way to highlight intended data. For instance, one out of five will fail, not four out of five will succeed.
I can relate to this article. I can recount often the times someone has run into my office asking if I have heard about the recent data breach, Quest Diagnostics being the latest, and asking if I heard about it, and if we’re safe. I’m sure bias, of some sort, tends to lead to many decisions being made, for better or worse.
Frederic D Rohrer says
802.11ax – New Wifi 6
Wi-Fi 6, also called 802.11ax, is an upgrade on the current highest-speed Wi-Fi protocol in wide use, 802.11ac. Since this is a layer 1 standard, it does not bring any direct security features. However some of the newer features are non the less applicable to security.
In 802.11ac and below when a channel is shared then the access point will wait until it clears up again before sending. This technology is called CSMA/CA (Collision avoidance) and it can be exploited to jam the access point by aggressively broadcasting on the same channel.
In order to fix this, 802.11ax has added a concept called BSS Color. BSS stands for Basic Service Set. This is a number between 0 and 7, and APs that are close together on the same channel should be configured to use different colors. When an AP or a client that wants to transmit picks up a signal on its channel, it can check the color code and if it’s different and the signal strength is low enough to indicate a low chance of interference, go ahead with its transmission anyway. If the color is the same, or if there’s no color value because the conversation is taking place between pre-802.11ax radios, then the CSMA/CA rules apply.
BSS color can be used to decrease the likelihood of an availability attack, since now the chance of interference is only 1 in 7.
Of course the BSS color can still be detected, but we will likely see mechanisms in the future in which the color is rotated to make interference even harder.
Source: https://www.zdnet.com/article/next-generation-802-11ax-wi-fi-dense-fast-delayed/
Brock Donnelly says
This seems like an interesting solution to a newer problem but it sounds like using a bandaid over a deep cut. I don’t want to sound too critical but on the surface, it sounds like wifi-6 is just 7-card monte. I wonder what protects an attacker from creating a DOS from broadcasting to every color. Such an attack would be like body-slamming the figurative monte card table. While I think 802.11ax will help with CA it’s an attempt to mitigate against DOS attacks is expirable.
Elizabeth V Calise says
IoT Security: A New Way of Infiltrating Networks
The connectivity provided by the Internet of Things gives businesses greater access to data, new monitoring capabilities and insights into their operations. As the price of IoT devices continues to fall, they are more accessible than ever to the consumer. Even if the business does not use IoT as part of its operations, it is likely to have the IoT devices of its employees on its systems.
This can expose a network to serious security problems. Traditional devices such as desktop computers evolved in line with digital defenses, the same cannot always be said with IoT connectivity. The poor security levels of the consumer devices mean they can pose a real threat when connected to an organization’s network. These devices can create a weak point of entry to cyber criminals looking for a way into the network. Also, these devices have become more accessible to cyber criminals online via search engines for internet connected devices.
These devices must be built with security at the beginning rather than as an afterthought. Manufacturers and vendors need to adopt this mindset and embrace developing standards and guidelines across the industry. The IoT industry has suffered from a lack of standardization around security in the manufacturing of connected devices. Low price points and short lead times to that market have been the priority over security practices.
https://disruptionhub.com/iot-security-a-new-way-of-infiltrating-networks/
Ahmed A. Alkaysi says
Thanks for sharing Elizabeth. IoT is definitely a huge risk. It’s hard to standardize security practices in the manufacturing a lot of these devices. Many, if not the majority, of IoT devices are coming from China. A lot of them are being sold via private white labels on Amazon. To the manufactures and white label sellers, I don’t think security is much of a concern for them. Per the article below, in order to keep the cost of devices lower, manufacturers are sacrificing Security. Before purchasing an IoT device, the consumer needs to research the security implications of the device and take all the necessary pre-cautions such as installing any updates and/or avoid putting PII data on them, before connecting them to a network.
https://technode.com/2018/07/02/iot-security-privacy/
Elizabeth V Calise says
Thanks for the share!
This is interesting and alarming because this market for China is expected to grow ($121 Billion in 2022). There are a lot of horror stories around these devices: vulnerabilities in the Taiwanese-made Edimax smart plug, cameras had been exploited by the Mirai malware, and 175,000 cameras made by Shenzhen’s Neo Electronics could be remotely exploited.
This is not a light topic, the market is growing and still security is a second thought. Unfortunately, it all comes down to money. This does not make sense to me when a lack of security could cause a company to recall products (money lost), create bad reputation (money lost), etc. If they invest in security from the beginning, they save themselves the pain later.
Dima Dabbas says
5 Emerging Security Technologies to Level the Battlefield
This article discusses five emerging technologies that will help address the security risks and threats that arise with the rapid development of technology in the fields of communication and network security.
The five emerging technologies that this article addresses are:
– Hardware Authentication
– User-behavior Analytics
– Data-loss Prevention
– Deep Learning
– The Cloud
Hardware authentication is a similar approach to user authentication where there is a dedicated physical device that is held by an authorized user to gain access to computer resources. Hardware authentication is really important for IoT where the network wants to authenticate that the different things trying to connect and access have should have the ability to do so.
User behavior analytics which is basically comparing user’s present activity and behavior to past activities and behavior can help notice abnormal activity. There is also peer analysis that is comparing user’s behavior with another individuals who have the same job duties and work in the same department. Peer analysis can help determine if the user is doing something that they shouldn’t be doing or if an attacker has gained access to their account.
Data-loss prevention is an important factor today and organizations ae using technologies such as encryption and tokenization.
Deep learning which includes a number of technologies from machine learning to artificial intelligence. Investments in deep learning will be increasing more and more in the future for security purposes.
The cloud: With the increasing transformation to the cloud, this will impact the security industry. Everything will soon be virtualized and new technologies will start to appear to support the use of the cloud as we currently see from the virtualized hardware, virtualized firewalls, virtualized IDSs and so on.
https://techbeacon.com/security/5-emerging-security-technologies-set-level-battlefield
Elizabeth V Calise says
Thanks for the share, Dima.
I have heard a little of on User Behavior Analytics, but I don’t know too many companies that have implemented it. I think it can definitely address the blind spot in security. There have been many cases where attackers have gained access into an organization and compromised an employee’s credentials. To utilize user behavior analytics to catch if something is off is extremely valuable and can save a company a lot in monetary value but also reputation. Aside from identifying attackers, I think this could allow the organization to monitor their employees and see if they are following protocol or not. It could give insight about increasing/improving training.
Sheena L. Thomas says
Next Gen Firewalls are a good example of old technology that is revitalized to provide advance capabilities of a traditional firewall. According Chris Brock of Digital Guardian’s Blog,
“A next generation firewall (NGFW) is, as Gartner defines it, a “deep-packet inspection firewall that moves beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.”
TRADITIONAL FIREWALLS VS. NEXT GENERATION FIREWALLS
As their name suggests, next generation firewalls are a more advanced version of the traditional firewall, and they offer the same benefits. Like regular firewalls, NGFW use both static and dynamic packet filtering and VPN support to ensure that all connections between the network, internet, and firewall are valid and secure. Both firewall types should also be able to translate network and port addresses in order to map IPs.
There are also fundamental differences between the traditional firewall and next generation firewalls. The most obvious difference between the two is an NGFW’s ability to filter packets based on applications. These firewalls have extensive control and visibility of applications that it is able to identify using analysis and signature matching. They can use whitelists or a signature-based IPS to distinguish between safe applications and unwanted ones, which are then identified using SSL decryption. Unlike most traditional firewalls, NGFWs also include a path through which future updates will be received.”
https://digitalguardian.com/blog/what-next-generation-firewall-learn-about-differences-between-ngfw-and-traditional-firewalls
Dima Dabbas says
Sheena,
Next Generation Firewalls are a good example of technologies that have advanced to address communications and network security. As you mentioned, NGFWs have all the advantages of the previous generation firewalls in addition to new features. NGFWs are able to filter applications and determine which applications are permitted to pass through the firewalls through the use of white listing and signature rules. This prevents applications that are known to cause problems and that are malicious from getting past the firewall in the first place.
Jonathan Duani says
This is a pretty interesting article that I found which really shows how technology is every changing in the digital landscape. A lot of you should know about Barracuda which is known for many different things at appliances in a network. Now they have a new content filtering system that is out that is using AI to train the system to know what is junk email and what is good. And the more you train it the better it gets. I think we are going to be seeing this a lot more as technology changes. We will start seeing AI embedded IDS, IPS, Firewalls, maybe even routers and APs. I know there are some of this stuff already but I feel like this is only the beginning and it’s about to get a whole lot better.
Source: https://www.csoonline.com/article/3393170/barracuda-sentinel-protects-email-where-others-fail.html
Oby Okereke says
Hi Jonathan:
I can only but agree with you per your article. AI is the wave of the future and having read the article, I’m eager to see the effectiveness and evolution of the Barracuda Sentinel with regard to spear phishing, impersonation attempts, business email compromise (BEC), and cyber fraud. These genre of cyber attacks continues to plague businesses as well as being a nightmare to any security analyst. I took the liberty to read the product overview and I believe it’ll make a huge impact with regards to email/network security monitoring.