2022 Top Security Trends and Challenges

Check out our video interview with John Maddison, Chief Marketing Officer (CMO) and Executive Vice President (EVP) of Products for Fortinet, as he discusses changes and challenges in the networking landscape. Maddison will explore top trends and challenges enterprises are facing right now and the solutions to handle them.

Maddison has 30 years of executive management experience in the cybersecurity and telecommunications industries.

This transcript has been edited for clarity.

What trends are you seeing as the corporate networking landscape evolves?

There’s always been three drivers that influence this industry evolution. There is the threat landscape, the cybercriminals. We know what tactics they’re using and what they’re going after. There is the infrastructure of the company. So as companies move their infrastructure, they have to make changes to their cybersecurity architectures and postures. And then the third one is really regulatory and compliance.

It’s these three factors that have driven these changes in the industry to a certain degree. And depending on the period in time, if you go back into between 2000 and 2010, the threat landscape changed a lot, but the infrastructure was pretty consistent. In 2010 to 2017, the infrastructure changed a lot with cloud and IoT and all these things.

So, you’ve got this threat landscape that is moving very rapidly. You’ve got people continuing with their digital acceleration, especially with COVID driving that. And you’ve got regulatory and compliance with governments and regulations, with certifications, etc. And so, I think that that’s what’s causing the security industry to be very dynamic right now. And so, from a threat landscape perspective, there has been a shift in the last two years.

When I say a shift, I still think cybercriminals are after data, IDs, credit cards, and a lot of state-sponsored stuff such as intellectual property. But now we’re seeing new ransomware threats. In the data from our own survey we’re seeing ransomware increase around 10x over the last 18 months, it’s a new type of threat. It’s closing down your operation.

Colonial Pipeline was probably the most public example we’ve seen in the last year, but it’s happening all the time. And in fact it’s happening to a lot of small- and medium-sized businesses. As you know, ransomware attacks will say: “Well, I’ll bring your manufacturing shop up if you pay us $10,000.” And the businesses do it and everyone moves on. So, it’s just a huge crime wave.

And now that these cybercriminals are using Bitcoin they can disguise where the money is and get away with it. From the infrastructure perspective, I think the digital acceleration of COVID has driven this kind of work from anywhere, remote, making sure that all businesses are digitally connected. Everything’s firing off right now and causing customers to worry.

And across all of this, probably an area that we’ll talk about in a minute is the skill set.

There are not enough people in normal jobs, never mind a very skilled cybersecurity professional working on containers in the cloud, you can just forget getting those people. It’s an interesting environment today, and the supply chain’s another piece of it as well.

What challenges do organizations face with the shift to a work-from-anywhere model?

I think what enterprises did initially and small businesses to some degree say, “let’s get everyone on remote access, security, encrypted, VPN access. Let’s get them at least secured in such a way, everyone’s got endpoint security sitting on there.” And I think what people are saying now is, “hey, we’re 18 months later on, this isn’t going to change in the next 18 months either.”

And I like the concept of working from anywhere versus working from home. Because, me personally, I’m in the office today. You can’t tell from my gray background here but over there’s a nice, lovely view of the Apple campus to our right there. So, I’m in the office maybe two or three days and I’ve got a half a day back in the home office, which I really wanted to get out of as quickly as possible.

And then I think coming up in the new year is a bit of travel assuming COVID doesn’t get out of control again. So, this work from anywhere means you’re going to have a consistent user experience. So, for me, I don’t want to be changing things around just because I’m on a plane or I’m at my office. But then you need the security to be automatic as well. And so, this work-from-anywhere architecture is not just a single product, it’s not just an endpoint, it’s not just some secure home networking, it’s a new application plane approach.

For instance, we acquired recently a majority stake in Linksys. So, regarding everywhere security, it’s not just a zero-trust policy engine, it’s not just some cloud security, it’s all of those things that come together, but it needs to be a seamless user experience and the ability for enterprises to control the security capabilities. That’s going to be with us for a long time and customers and enterprises are saying, “I’ve got to invest in the long term for this.”

What challenges come from digital transformation?

What this digital acceleration or transformation is doing is causing customers to upgrade their networks and infrastructure to be more flexible, be more dynamic, and be more agile in a way to be able to bring applications more quickly. And what that does is, as I said right at the beginning of this conversation, that this acceleration is great, but it expands our dependency on remote networks.

So, I’ll give you an example of a retail outfit two years ago. They had internet connectivity to my retail. Did it matter that much if the network went down? My guest WiFi went down in my coffee shop of course, but I’m going, “no, not really. Oh, the WiFi’s down. Oh, we’ll fix it next week.” Today, if that’s down, they’re not getting orders.

We’re seeing customers require highly available and highly secure connectivity to all these. So that’s just one example of when you put more digital emphasis on your business. The network’s very important, the applications are very important, and the agility across there is very important as well.

How do your customers describe the threat landscape?

What customers are realizing is first of all, and we’ve known this for a while, is that I don’t care if I’ve spent a hundred million dollars a week on cybersecurity, I’m still going to get compromised in some way because I don’t control everything. I don’t control the whole supply chain. You’ve got to build something that’s going to accept at some point that some vulnerability or some compromise or something happens.

The question is, can you detect these vulnerabilities as quickly as possible? And then can you respond to it as quickly as possible? So, this movement from traditional protection technologies, which are pretty static, to detection and response technologies, customers are overwhelmingly starting to invest in that. But it all becomes part of a platform, but they just realized the sophistication.

We’ll see a lot of the new threats in the wild. What they call the “kill-chain sequence” is format, which goes, “hey, I got to do some reconnaissance, then I do an infection. And then I take some information and then I use it in malicious ways.”. But we’re seeing people at the very front end of these kill chains doing a lot of reconnaissance. So, your external assets, which you would never normally think about, your DNS service or web service, are always sitting in different spaces. You need to look at those as well.

It’s getting very complex. Imagine a small business trying to do all this as well. I mean they rely heavily on their partners. We’re a very partner-focused company. Again, I think it comes back to a lot of the training and education that’s needed against these threats, but also the compliance with what you’re trying to build from a digital perspective.

How can companies address the skills gap in the security landscape?

We have an IT awareness system, which customers can use free of charge. When we do a survey we’re still getting like 6% to 8% of people clicking on suspicious emails and links. They’re not even very sophisticated dummy phishing emails. They’re pretty bad, in fact. Even if you could half that you could reduce your attack surface quite a bit.

And then on the flip side, there is this training of cybersecurity professionals – either to be a security analyst or to understand how you build a secure network, how to secure your cloud applications. Finding qualified candidates, that’s a bigger problem.

As I said, we here at Fortinet provide free training for customers and partners. We’ve even been re-skilling some veterans, bringing them into the talent pool, which has been very exciting to see.

In all honesty it’s a big industry problem and we’re trying our best to help but I think it’s going to be problematic and you’ll see some customers go, “well, I just haven’t got the people, or I can’t keep the people, so maybe I do some more outsourcing.” It’s likely we’ll see some outsourcing trends as well.

What is the best strategy to secure a network?

I think there’s two key trends. One is, I think customers are saying, “I just can’t get my 20 or 30 vendors to work together nicely so I’m going to go to more of a platform approach.” This approach is known as something called the security fabric. Gartner just came out with a very similar concept called the mesh. The cybersecurity mesh architecture says the endpoints should be able to talk to the network to understand what’s going on in the cloud.

Today, that’s three different vendors that don’t want to talk to each other. I’m not saying you go from 20 or 25 vendors down to one. I would never advise that, but maybe you go from 25 vendors to maybe five or six platforms that each have a specific use case, and they all work together. I think this concept of a platform is gaining momentum. I think over the years a lot of people have invested heavily into point products, and that’s changing. I think people are saying, “enough is enough. I just can’t keep buying stuff that doesn’t even work together.”

This platform approach is the No. 1 approach for businesses today. I call this consolidation. It’s not like you’re getting rid of the endpoint security or the network security. You’re just saying, “I’ll go with the same vendor so it works together.”

And another big concept, which is probably the foundation of our company, Fortinet, over the last 20 years is convergence.

When you think about the internet and the way it was built, things like routers, and networking, and WiFi, each component is totally unaware of users. It’s totally unaware of devices. It’s totally unaware of where you are, where you’re trying to get to, which application’s trying to run, what content you’re sending. Today, these components are simply routing stuff with little verification on the actual packets being sent.

Now, there are some things in place that maybe authenticate you when you first get on so I’m not saying it’s completely. But most of the time the traditional network and the internet that was built 30 years ago has no clue what’s going on, to be honest. Apart from “I need to get you over here. I don’t care who you are or what you’ve got.” And so this convergence of security networking is a really good example of why people transfer from routing to application or SD-WAN.

I’m not just looking at the IP, I don’t really care what the IP address is, but I want you to get to this application. That’s what’s important. Now, what this evolved approach says is let’s look at the content and what’s inside there: it could be bad or it could be good. This zero-trust approach where I understand, “who is this user? Do they belong to this device? Are they supposed to get to this application? Are they allowed to?”

So yeah, there’s a big transformation coming there on convergence and a big push toward the platform approach. Those are the two mega concepts. Yes, you’ve got some things like SASE (secure access service edge) and these other concepts, which are kind of transient buzz terms in my view. The big ones are convergence and platform.


Beware of a new and dangerous RDP exploit

RDP can be a challenge to implement — here are a few steps that you can take to secure its use

The often-exploited Remote Desktop Protocol (RDP) is once again in the news. This time, it has a new attack vector that was discovered by researchers and subsequently patched earlier this month by Microsoft. Given that all versions of Windows for the past 10 years – for both desktop and server – need to be patched, you should put this on your priority list, especially since this new problem can be easily exploited.

RDP has a valuable function in today’s connectivity. It is used often as a way to provide remote access so that users don’t need to physically sit in front of their computers or servers. However, this utility has brought a dark past to the protocol and made RDP a security sinkhole.  One of the more infamous attacks was called BlueKeep, which we covered when it happened in 2019. That was a full-on remote execution vulnerability that triggered warnings from the US National Security Agency for quick patching. 

As a side note, the response to BlueKeep included help from Marcus Hutchins, who found a way to stop the WannaCry outbreak back in 2017. We also wrote how RDP is one of the more common ways that ransomware attacks can be launched and can also be used to initiate denial of service attacks.

In the latest incarnation of RDP exploits, hackers can gain access to data files using a man-in-the-middle attack across a Windows feature known as Named Pipes. This is a feature of Windows that was created more than 30 years ago to provide application-to-application communication that can connect processes on the same computer or across a network.

RDP needs to be implemented with care, as the protocol itself doesn’t have any inherent security features (such as the secure versions of Domain Name System or email protocols). Indeed, you might say that it has inherent insecurities, including:

  • A well-known TCP/IP port (3389): Easy to track by hackers.
  • Weak sign-in credentials: If users have a weak Windows login, hackers can use credential stuffing or brute force attacks to compromise this password.
  • Numerous ways to exploit remote connections: The latest issue (Named Pipes) is merely one of many ways that attacks can worm their way into your systems. They can bring up “Show Options” or Help menus when first connecting to the remote gateway, both of which could allow for file directory browsing, or to bypass file execution block lists.

All of this makes for challenging implementations of RDP. Here are a few steps that you can take to secure its use:

1. Disable RDP when it isn’t needed. You should try this when you’re patching everything, as is suggested by Microsoft.

2. Use better passwords, especially on your local Windows equipment. Employ password managers and single-sign on tools. You have heard this advice before, no doubt, but it remains key!

3. Lock down port 3389, either through your network firewalls or other security tools. This can be tricky, because so many users might require remote access and all it would take to pull off an RDP exploit would be to compromise a single desktop.

4. Invest in better antivirus. Remote Access Shield is one of the features available in Avast Premium Security that can block RDP exploits.

5. Create more effective Active Directory group policies that block and allow specific applications and remote help options to be run remotely. Also, be sure to audit who has administrative privileges to ensure that the absolute minimum number of people have access.

Used with Permission from Avast