by Adam Hils | December 29, 2014 | 1 Comment
You’ve probably read your fill of security prophets (many employed by security vendors) prognosticating about all the scary/wonderful security stuff that will happen in 2015. Rather than go down that too-traveled route, I’ve decided to take a different angle and discuss 8 buzzed-about vendor-wished-for phenomena that will not occur in the coming year, and will confuse your security posture..
- The demise of the network perimeter has been predicted (and advocated) since at least 2001, and that argument is gaining new momentum considering the rise of BYOD, Internet of Things, SDN, etc, However, in 2015 the network perimeter will not disappear. Is the perimeter more dynamic today than ever ? Yes. Is it more complicated than a static set of centralized ingress/egress points? Absolutely. However, the perimeter, even as it constantly morphs, is real, and it’s important to protect. If we don’t keep that in mind as a design principle, and decide instead to open the network barn door wide and protect each endpoint, application, and data asset individually, we are relying upon our ability to configure policy flawlessly across scores of assets. While we must indeed secure each valuable enterprise asset, we must also keep safeguards at the door to turn away bad actors before they can attempt to compromise those valuable assets.
- SDN security will not be deployed by many enterprises, because not many will have deployed SDN by year-end 2015. In 2015, Security leaders must work with their networking counterparts to understand (and influence) network design as SDN principles get introduced, and should build a security controls roadmap to ensure that these more agile networks can be protected.
- Virtual firewalls will not comprise >5% of new purchase revenue in the network firewall market. Same as it ever was.
- IPS functionality will not commoditize or disappear. Yes, I get it, standalone IPS revenue is declining. Gartner agrees. However, IPS is a crucial factor in an increasing number of next-generation firewall evaluations, and is more present across customer networks than ever. Certain advanced threat prevention vendors attempt to minimize the importance of IPS in order to gain access to IPS budgets; customers who believe them, and cease to use context-enriched network IPS controls, do so at great risk.
- There will be no “Enterprise UTM”. The enterprise firewall and unified threat management (UTM) markets are different and not just two terms for the same technology. SMB customers often choose UTM because they get a wide variety of security point products in one platform, reducing capital costs and management complexity. Enterprise customers ARE increasingly deploying next-generation firewalls, which often comprise firewall, IPS, and user and application control. Some also deploy URL filtering and cloud-based sandboxing; however, even with all of these features deployed, NGFWs offer a small subset of what UTM “all-in-one” boxes offer. NGFWs offer more scalable security controls, and provide finer-grained L7 filtering capabilities.
- Network security vendors will not successfully sell joint network/endpoint security solutions. Different buying centers, different requirements, different cultures regarding security and risk. Some exceptions exist in a small fraction of enterprises where a breach has occurred or where incident response is a well-developed function and the CISO has the power to influence disparate buying centers.
- “Security by deception” will not become a common requirement. So many organizations struggle to fulfill basic foundational “let the good guys in” and “keep the bad guys out” duties; messing with security science-project esoterica (which might momentarily distract determined attackers) will fall by the wayside in 2015.
WILL won’t be the “Year of PKI”. 1997 called and wants its prediction back.
Happy (and secure) New Year!
Category: Network security Tags: firewall, IPS, NGFW, SDN, UTM
by Adam Hils | June 17, 2014 | 4 Comments
Color me excited.
Jeremy D’Hoinne, with co-authors Greg Young, Joseph Feiman (and me), has just put out Gartner’s first MQ for WAF.
It was a gargantuan effort to describe a space with several different delivery models: Standalone appliance/software, cloud-delivered, public cloud-resident, managed security service, and ADC-based. It’s a dynamic, fast-growing market (30%+ this year, 20% five year CAGR) that does much more these days for customers than merely supply a PCI DSS check mark.
This note follows one Jeremy and I authored earlier this year, entitled “Web Application Firewalls Are Worth the Investment for Enterprises”. In it we make the case that WAFs provide an important layer of protection – especially for public-facing web apps – that NGFWs and IPSs absolutely do not.
Look for more from Gartner on the subject of WAF in the coming months.
Category: Network security Tags: application security, CSRF, PC!, SQLi, WAF, XSRF, XSS
by Adam Hils | January 24, 2014 | 1 Comment
When I left Gartner early 2010 to work on security products, I had a perspective on macro and micro network security trends. Four years later, some trends have been turned on their heads, others are cast differently, and still others remain the same. Here are my network security snapshots, then and now:
- 2010: NGFWs were being considered as secondary tools by bleeding edge customers 2014: NGFWs are trustoworthy edge protection platforms for many mainstream customers
- 2010: Stand-alone network IPS growth showed no signs of slowing 2014: NGFW growth and sandboxing uptake limits discrete IPS opportunity at the perimeter
- 2010: WAF was a PCI checkbox that was hard to deploy and painful to maintain 2014: WAF is still a PCI checkbox for some. Usability has has improved, & it can now be useful
- 2010: Firewall rules management software was infrequently used 2014: Auditor demands & migration to NGFW drive demand. Vendors try adjacent functions
- 2010: Virtualization was going to change the nature of network security & kill the appliance 2014: SDN is going to change the nature of network security & kill the appliance
- 2010: Dominant attitude: “Segment everything!” 2014: Dominant attitude: “Segment logically.”
- 2010: Zero day threats were like UFO sightings: Often imagined, seldom seen 2014: Zero days and advanced threats have made our networks a real-life Area 51
- 2010: “Visionaries” said the perimeter was disappearing; realists said it would stay 2014: “Visionaries” tout borderless netorks; realists know the perimeter remains, but shifts
- 2010: DDoS attacks were uncommon and unsophisticated 2014: Complex DDoS attacks have become the “new normal” for financial services institutions and other targeted verticals.
- 2010: “‘Enterprise UTM’ was about to conquer the netsec universe. Really!” Umm…no. 2014: “‘Enterprise UTM’ is about to conquer the netsec universe. Really!” Umm…no.
Category: Uncategorized Tags:
by Adam Hils | January 14, 2014 | Comments Off
“Right now I’m having amnesia and deja vu at the same time.”
– Steven Wright
Hello, all. Back for my second stint as a Gartner network security analyst and blogger. I left in early 2010 to go off and build/run some cool application and network security product lines. When I got the opportunity to return to Gartner in mid-2013, I jumped at the chance to once again help organizations make the right strategic security technology decisions.
I’ve been busy since returning. I (working with Greg Young and Jeremy D’Hoinne) led Gartner’s analysis of Cisco’s acquisition of Sourcefire; I wrote with Mr. D’Hoinne about how to determine when an organization is ready for a next-gen firewall; and I am lead author for the 2013 “Magic Quadrant for Intrusion Prevention Systems“, published last December. In addition, I’ve also contributed to Jeremy’s fine note describing factors important to building a SSL traffic decryption strategy, and I helped Craig Lawson in an update to Gartner’s definition for next-gen intrusion prevention systems.
In 2014, I will continue covering such network security areas as firewalls, IPS, UTMs, WAFs, and associated technologies. I also plan to define Gartner’s approach to security (firewall) policy management, and hope to start dealing with issues within enterprise Security Operations Centers.
I’m answering many of the same client inquiries as I did four years ago – the buzzwords are different, the threat has changed a bit, but the core problems endure. My next blog will provide my take on how things have changed (yet remain uncannily the same) in network security between January 2010 and January 2014.
Category: Network security Tags: firewall, IPS, Network security, NGFW, WAF