The Near Future of Network Security

Security and Privacy

The Near Future of Network Security

Greg Young 22 September 2005

1© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved.

Network Security Sea Change

Worms have changed the equation. Protecting the network is more important than protecting any individual node.The perimeter cannot go away and does notget less important.When there’s more malicious traffic than legitimate traffic on a network, operational performance becomes the lead issue.The network must reward good traffic and neutralize suspicious or unknown traffic.


AttacksUsers

Intrusion Prevention

Network Access Control

ID/Access Management

Vulnerability Management

Policy/Business Decisions

Threat/Vulnerability Information

Perimeter Protection

Internal Protection

Critical Security Processes

Network Security

IT InfrastructureID = identification


Hype Cycle for Infrastructure ProtectionVisibility

Maturity

Less than two yearsTwo to five yearsFive to 10 yearsMore than 10 years

Key: Time to Plateau

As of March 2005

Network Security Silicon

All-in-One Security Appliance

QOS/Traffic Shaping

Deep-Packet Inspection Firewalls

NAC

Security in Switch

PIP (Converged Desktop Security)

XML Firewalls

Host IPS – PC

In the Cloud

NIDS

Web Application Firewall

Host IPS – Servers

Gateway AV Stateful

Firewall

Network IPS

DDOS Protection

Personal Firewalls

Desktop Signature-based AV

Technology Trigger

Peak of Inflated Expectations

Trough of Disillusionment

Slope of Enlightenment

Plateau of Productivity

Acronym KeyAV antivirusDDOS distributed denial of serviceIPS intrusion prevention system

NAC network access controlNIDS network intrusion detection systemPIP personal intrusion preventionQOS quality of service


‘Short Worm’ Memory

The passage of a short period without a significant worm has passed. This end of worms is not upon us.

Today

WormWorm Worm

Worm

WormWormWorm

Severity

Time

= Network Security Memory Span


Malicious-Traffic Tipping Point

100%

50%

Security Problem

Network Operational

Problem

2001 2003 2005 2007


Protecting the Network

Bad — Block

QOSTraffic shaping

Firewall/IPS bladesScan and block

Intrusion detection system (IDS)Quarantine

Security event managementCorrelation

Suspicious — Pass and Alarm

Security Relevant — Pass and Log

Good — Pass and Prioritize

Harder: Takes People

Easy: Can Be

Automated


Myth of the Disappearing Perimeter

You can’t have a crunchy interior with a squishy exteriorThe perimeter doesn’t go away. We always have to protect the network.You can manage unmanaged devices and controlunmanageable devices.


2002 20052004 2004 2006

In-the-Cloud Security

In-the-Cloud Security

All-in-One Security

Appliance

All-in-One Security

Appliance

Next-Generation

Firewall

Next-Generation

Firewall

Gigabit +

100Mb and below

Driving the Market to Platforms and Intrusion Prevention

IDSIDS

Firewalls/IPS

Firewalls/IPS

Gateway AV

Gateway AV

Vulnerability AssessmentVulnerability Assessment

SecurityPlatformsSecurity

Platforms

Network Security Platforms

Softwar

e Hardware


Magic Quadrant for Network Firewalls, 2H04

Completeness of VisionVisionariesNiche Players

Challengers Leaders

Ability toExecute

As of December 2004

Secure ComputingMicrosoft

Cisco Systems

Symantec

SonicWALL

Juniper

NetContinuumFortinet

Teros

iPolicy

Kavado

F5

WhaleCyberGuard

StonesoftWatchGuard

Watchfire

(From “Magic Quadrant for Network Firewalls, 2H04," 14 February 2005 )

Network Firewall

WebApplicationFirewall

Check Point


IPS Market Vectors

IPSIDS FirewallsMove in line Deep-packetinspection

JuniperCheck PointFortinetiPolicy

NFRISSSymantecSourcefire

Inthe

switch

Cisco Systems3Com?

Improve mgmt.

McAfeeTippingPointReflex

Pure-PlayIPS

Not all vendors are displayed


Gartner’s Key IPS Selection Criteria

Fast-moving market vectors make selection a challenge:

Performance/latency

Research and updates

Price

Next-generation firewall

Management and reporting

Is it IPS?

Security function


The Next IPS Generation:Making IPS Smarter

NetflowAnomaliesHigh crime segmentsPeer-Attack

Fingerprints

DDOS sources

IPS devices are single points of visibility. Feeds from other sources will enable the next generation of IPS to make smarter and faster decisions, minimizing false-positives and negatives.

EndpointVulnerability assessmentOperating system

Other IPS


Strategic Planning Assumptions

By year-end 2006, 75 percent of network IPSs deployed in the enterprise* will incorporate multiple feeds (0.7 probability).By mid-2006, effective gateway anti-spyware will be a standard requirement in the majority of requests for proposals for midsize all-in-one security platforms (0.8 probability).By mid-2006, 10Gb stand-alone IPS appliances will be available from multiple vendors (0.8 probability).*Enterprise deployments are described as 1,000 or more employees, and 1Gb or more placement points.


All-in-One Security Appliances for Midsize Companies: Lots of Choices

Sample Vendors Only

VPN = virtual private network


Web Application Firewalls:Two Weddings and a Pure Play

Application Acceleration DMZ

Application Switch

WebApplication

FirewallW/A/DServer

WebApplicationFirewall

W/A/DServer

WebApplication

Firewall

W/A/DServerPure Play

W/A/D = Web server/application server/data server


Putting Security in the Cloud

Enterprise Network

Regional Office

Data CenterExtranet

InternetBusiness Partner


Recommendations

Network managers should begin blocking bad traffic to regain capacity and preserve legitimate application performance.Companies will always require a network security perimeter and a separate security control plane. Although the end game is security everywhere, security at the edge must be present — and as strong as possible.QOS and traffic shaping will play key roles in a secure network fabric.Outsource as much day-to-day busy work as you can —as soon as you can.

The Near Future of Network Security

Documents

Transcript of The Near Future of Network Security