The theme of RSA conference 2022 is “Transform”. Our lives have transformed. Remote work became the new paradigm. Threat landscapes are becoming increasingly complex and vast. Cloud computing is becoming more prevalent and critical to business productivity. As a computer security community, we also have transformed to adapt to those new changes.
Below, we share some new technologies from RSA conference 2022. We think these new technologies could empower security in new computer applications.
Zero Trust and SASE
The Zero Trust solution is becoming synonymous with the Secure Access Service Edge (SASE) solution. SASE is projected to reach a market value of USD 5.36 billion by 2027 [1]. A SASE solution consists at minimum the following components:
- Secure Web Gateway (SWG)
- Cloud Access Service Broker (CASB)
- Zero Trust Network Access (ZTNA).
Due to the complexity of the SASE framework, current providers are mostly large network security vendors, such as Cisco, Juniper, Palo Alto Network and Fortinet.
However, this doesn’t mean that other companies have given up on SASE. Some endpoint security vendors offer features to support ZTNA. Such vendors include CrowdStrike, Sophos and Blackberry. Their claim is ZTNA via strong endpoint security can ensure only valid users and healthy devices are granted proper access privileges. This is especially important for enterprises that need to support both BYOD and remote work initiatives without exposing sensitive assets to undue risk. There are collaborations between the endpoint security vendors and major network security vendors to offer stronger security within the SASE framework.
Most SASE solutions use a single third party IAM service for user authentication and Single Sign On (SSO). This could potentially create a single point of failure, if the IAM service is compromised. As an example, the SolarWinds attackers in 2020 exploited this type of architecture to compromise the SSO in their victim’s networks. From there, attackers leveraged the compromised SSO to issue tokens that could access the victim’s infrastructure freely. BastionZero proposes a solution to this problem by adding an independent MFA to an SSO. In case the SSO is compromised, an attacker can still be blocked by the independent MFA to the BastionZero cloud.
Secure Cloud Computing
There have been a lot of secure cloud computing solutions. But, some security gaps still exist. A number of vendors showcased their technologies to close these security gaps.
- Secure middleware in cloud computing platforms
- Protect the confidentiality of docker images
- Cloud computing compliance
- Use no-code and low-code technology to simplify and support cloud platform operations
Gartner introduced a new security concept, Cloud-Native Application Protection Platform (CNAPP) [2], in 2021. In the RSA conference, some vendors showcased their products capable of CNAPP runtime protection.
- Araali Networks uses eBPF to monitor container runtime behaviors. When container runtime behavior is considered ‘abnormal’, the system will report and stop the abnormal container.
- Cado Security offers a so-called Cloud Investigation Platform. Cado Security collects data from runtime container and serverless environments, empowering security teams to investigate and respond in the cloud environment. Cado Security’s technology can be viewed as a cloud XDR solution.
Another interesting new technology related to API security is as following.
- NeoSec is founded by a group of engineers from LightCyber (acquired by Palo Alto Networks). Neosec aims at bringing XDR techniques to API security and protect those APIs especially used in shadow IT and B2B services.
Threat detection and mitigation
In the area of threat detection/mitigation, vendors advocated detection and response solutions, such as Endpoint Detection and Response (EDR), Network Detection and Response (NDR) and eXtended Detection and Response (XDR) solutions.
In general, XDR is most preferred for enterprises since XDR aggregates all the activities logs from EDR and NDR. Therefore, XDR has the most complete information on the enterprise environment, and can provide the most accurate detection and response. A challenge for XDR is that the volume of data being processed is much larger. Even after noise reduction and event correlation, there are still a significant number of events that needs to be manually inspected by security professionals. The organization where security professionals analyze threats and respond to threats is called the Security Operation Center (SOC).
Interestingly, Nir Zuk envisioned an automated SOC which automatically analyzes threats and handles responses. Humans will intervene only when some security events cannot be handled by automation. The paradigm is similar to that of a self-driving car. He coined this technology the self-driving SOC. It is interesting that AI is being used to solve the shortcomings of AI, and it is exciting to see how this will play out
In order to adapt to the rapid changes of the industry and the landscape, security vendors are transforming. SASE and Zero Trust are being mentioned hand in hand, booming technologies are appearing in the cloud space, and implementation of AI continues to lead the way with threat detection and mitigation. These solutions and innovative technologies will help migrate the cybersecurity industry toward an age that prioritizes resilience and agility.