SASE to the Rescue
The rise of AI and the complicated IT environment are driving cybersecurity incidents through the roof in the first half of 2023.
A recent IDC Asia Pacific survey commissioned by Fortinet indicated 79% of cybersecurity leaders in the region have experienced at least a two-time increase in security incidents. Palo Alto Network’s security advisory arm, Unit 42, also reported a 300% year-on-year increase in ransomware attacks in Hong Kong.
The company’s managing director of Hong Kong and Macau, Wickie Fung, attributed the trend to the rising of AI and digital tools.
“There is almost a 900% increase in AI-related tools this year,” said Fung. “The increased amount of data generated with it has become a hot target for bad actors.”
Power to threat actors and defenders
AI can automate repetitive and technical tasks, which is precisely what many cybersecurity attackers do. Palo Alto Unit 42's consulting director Terence Lau noted it is only a matter of time before AI-powered attacks happen.
At the company’s annual flagship event CyberWeek, last month, Lau highlighted how attackers are taking advantage of AI. He noted AI can automate attacks like phishing and malware, creating a more considerable number of attacks. AI-powered deepfake tools could also develop more convincing fabricated messages, manipulating business communications. Attackers could also steal and reverse-engineer AI models to build more complicated attacks.
On top of empowering attackers, the adoption of generative AI also expands enterprises’ attack surfaces. Matthew Allen, vice president of service offer management and networking at NTT Ltd., noted enterprises are sending more critical data to the external Gen AI platforms, requiring high-performance and secure connectivity.
“Security services will be paramount, both to encrypt data in transit and also for data that resides in Gen AI platforms,” said Allen.
“AI is changing the game for threat actors and defenders,” added Fung. “AI enables enterprises to identify potential threats in near real-time and make more intelligent, data-driven decisions.”
He noted security vendors have been using AI to identify patterns for detecting known and unknown attackers. AI for IT operations (AIOps), which involves machine learning to identify events, is also increasingly popular. Allen added AIOps integrate complex data like event graphs and connectedness to derive actionable insights that can automate incident responses and support users in case of attacks.
In addition, remote working support is also adding complications in security management and network performance.
Fortinet's vice president of Southeast Asia and Hong Kong, Peerapong Jongvibool, noted IDC’s study found employees across Asia need more than 30 connections to third-party cloud applications for their daily work route. This rising cloud connectivity and remote working create a “branch-office-of-one” environment at each employee’s home or laptop, further exposing enterprises’ risk to attacks.
SASE is a game-changer, or not
Aiming to improve security posture, optimize network performance and provide consistent user experience, Gartner said CSOs are turning to secure access service edge (SASE). This strategy converges network and security capabilities, including SD-WAN, secure web gateway (SWG), cloud assess security broker (CASB), next-general firewall (NGFW), and zero trust network access (ZTNA).
Despite the rising awareness of SASE, one of the considerations of its adoption is the protection of previous investments in connectivity like MPLS and SD-WAN. The maturity of these technologies means many multinationals have previously invested in SD-WAN, making it difficult to justify further investment.
But Fung noted the existing SD-WANs may not be easy to integrate with the SASE approach or provide the traffic control to support the massive increase of cloud applications and remote access.
“The access control becomes more complicated when users are traveling to different countries or changing roles within the organizations," said Fung. "The security policy and requirement could be different between countries; the type of applications and access rights could also be different with the new role. This creates a whole new complexity dynamic and requires an intelligent next-generation SD-WAN solution.”
Such complication doubles up in China, where there are three sets of laws relating to cybersecurity and restricting cross-border data transfer.
Jongvibool noted traditional SASE controls mainly cloud traffic with a set of PoP locations. This means some traffic flows, like on-premises traffic, IoT traffic, or traffic over cloud provider WAN services, cannot be addressed, and security policies cannot be enforced consistently. This is particularly an issue in China, where data are required to reside there, and SASE providers may not have PoP locations in China.
Universal SASE supports GBA complications
While SASE has been discussed for years, Gartner has recently suggested single-vendor SASE to address integration issues. This single-vendor approach goes beyond collaborating with all these products but also ensures the convergence for a single security policy management platform across the cloud and on-premises access.
“Client interest in this technology is huge,” noted Andrew Lerner, distinguished VP analyst at Gartner. “The demand tends to come from a) smaller enterprises that don’t have strongly siloed network and security teams and b) from architecture teams in large advanced global multinationals.”
According to Gartner, by 2025, one-third of new SASE deployments will be based on a single-vendor SASE offering, up from 10% in 2022.
While a single-vendor SASE simplifies deployment, NTT Ltd.’s Allen noted the drawback is its restriction of choices for enterprises. This is why security vendors like Fortinet are proposing universal SASE.
“Universal SASE, with its converged networking and security capabilities, is proving to be a game-changer for many organizations seeking a simplified and consistent security posture for users both on and off the network," said Jongvibool.
This enhanced offering also supports on-premises ZTNA, SD-WAN private access, and IoT and operational technology (OT) coverage. He added the universal SASE, through partnerships, is particularly promising for the network-challenged environment in the Greater Bay Area (GBA).
To address the legal requirements in China and align with individual organizations’ security policies, Jongvibool noted universal SASE is not restricted to its PoP locations. With a hybrid mode and multiple partnerships in China, Fortinet supports a single networking and security policy across all traffic sessions, including cloud, on-premises, and IoT.
Recommendations and advice
Lerner from Gartner noted the well-architected SASE offerings remain immature in the market but developing quickly. He recommended enterprises establish a joint network-security team to identify and rank functionality requirements and options before sending out RFPs.
When evaluating SASE offerings, he also suggested seeking a unified management plane with a single data lake that supports single-pass decryption and inspection for malware and sensitive data.
Lastly, he recommended enterprises run a functional pilot with users and remote locations before confirming implementation to ensure all functionalities and performance meet your organization’s requirements.
Sheila Lam is the contributing editor of CDOTrends. Covering IT for 20 years as a journalist, she has witnessed the emergence, hype, and maturity of different technologies but is always excited about what's next. You can reach her at [email protected].
Image credit: iStockphoto/rudall30
