 Hello, and welcome to this episode of the Security Angle. This is our series covering the cybersecurity sector, and I'm Shelly Kramer, Managing Director, Principal Analyst at theCUBE Research. And in this show, we are going to tackle the topic of network security. Why network security? Well, for starters, lasering in on all things cloud architecture, and then thinking about developing a holistic, integrated, scalable, adaptable strategy, and an approach to cybersecurity. And most importantly, one that spans the entire organization and then delivers consistent and objective policy implementation. This is something that's a huge area of focus for organizations today. This also includes things like implementing access control, software integrity, vulnerability, response measures, all these things designed to protect network infrastructure from threats. So why do we need these things? Well, I think that's pretty simple. Pretty simple answer. As we've distributed to a hybrid workforce, and by the way, that's something that was sort of spurred by a global pandemic, but it's not showing signs of changing anytime soon. Strengthening internet security measures like web application firewalls and distributed denial of service migration is also top of mind for security pros. That's why we're seeing a focus on implementing things like network segmentation, isolating segments, micro segmentation, which we'll talk more about later. All of these things provide various levels of security for different segments of the network. In addition to that, having multiple layers of defense at the edge and in the network, both in hardware and in software is also essential. Kind of makes your head swim a little bit, doesn't it? So there are other key areas where user privacy, corporate data protections, those kind of things are top of mind, and some of which we'll cover in our conversation today. So with that introduction, I'm joined today by Joe Peterson, fellow analyst, member of our CUBE Community Collective and VP of Cloud and Security Services for Clarify360. Welcome, Joe. Hey, nice to be here with you today. Absolutely. Always great to spend this time with you. So as Joe and I were kind of mapping out our show topics for the early part of 2024, we felt like network security really needed to be high on the list of topics that we covered. And so we're going to dive in here with five network security predictions that are on our radar screens for 2024. We're going to start with our number one prediction. And that is that SaaS security will see increased focus. And this is the first, this is kind of, we expect to see increased focused on an interest in SaaS security. And this is key because as enterprise SaaS becomes more widely adopted, the dangers of misconfigured SaaS are very real. Joe, I know you have some major thoughts on this topic. I do because SaaS is everybody's business because whether you're an SMB or a mid-market client or an enterprise, you've got SaaS. And the industry's done a really good job over the last couple of years of educating people on cloud security, which is, you know, munching out my favorite topic, right? But there are whole businesses, believe it or not, that don't have a lot of public cloud. Everybody thinks, oh, everybody's in the cloud. The fact of the matter is due to a couple of reasons that you talked about earlier, you know, we're in a situation where you may not have public cloud, but you have SaaS and you have remote workers accessing those SaaS applications. I want to get this right. The cloud security alliance report came out. And no surprise, everybody's buying more SaaS, according to the survey. 66% of organization have increased their SaaS spend. And that's great. But then you think about it for a minute and you think, okay, what tools are we using to sort of test the efficacy from a security perspective of those SaaS applications because not all SaaS applications are created equal. I think that's the understatement of the year. Right, they're just not. And so, this was a good finding from the report too because it made me pause and I was like, yeah, that's right. 55% of all SaaS users have some sensitive data that is inadvertently exposed on the internet. And this sort of ups the ante as it relates to the security picture around SaaS. Right. Well, and you know, it's that sensitive data is exposed online because of mismanagement of SaaS usage and security misconfiguration. So that's a really big deal, you know. And it could be the application itself. Yeah, absolutely. It may have nothing to do with the user. You might, you know, shadow IT happens. It just happens. And some user might buy or install some SaaS application that nobody's checked. Yeah. Oh, absolutely. Absolutely. You know, I kind of dove into the CSA report and I thought there were some other interesting things that they, some, you know, results of their research that I thought was interesting. They reported that more than half of their organization's SaaS security operations only cover 50% or less of their SaaS applications. So you've got security operations as a whole and you've got only part of them looking at SaaS security solutions. You can't fill this gap with just audits and cloud access security brokers. That's just not possible. You know, we were just talking about misconfigurations of SaaS apps. This is the most common security issue followed by things like cross-site scripting. And this involves injecting malicious code into web pages. I mean, we see that all the time. Then you've got insider threats. You've got, you know, I say this often, but employees are wonderful but they're also our weakest line of defense. And unwittingly, employees all the time, maybe not paying attention, maybe not using patches or upgrades, maybe just clicking links that they get by way of email or text messages, that sort of thing. So they may not have malicious intent. It may just be honest mistakes. Then you've also got potentially insider threats of employees who may be disgruntled or that sort of thing. So that can be a data protection risk. The reality of it is, as we know for sure, all data stored in the cloud is a risk, especially if folks have weak passwords and or they share credentials. I mean, how many times do we see people sharing credentials? How many times do we see people using passwords that are the same passwords across, you know, every single login that they have. And no matter how many times it seems like we talk about this, that remains a huge problem. And then you've also got organizations, SaaS applications that are part of e-commerce solutions. So you go online, you're buying something, you think you're using an online payment method, you think you're safe. But again, as you mentioned, we're relying on the developers of SaaS applications to build security in from a foundational standpoint, and that doesn't always happen. So there are a lot of, you know, there are a lot of risks here. And so what I wanted to talk about a little bit, and especially leverage your brain here because you're an engineer. So you bring those chops to the table, but how can ITE team strategically plan for this and get the right systems and processes in place to help protect them? Yeah, and it may sound like a no brainer, but I had a procurement person come to me and ask me what they should be asking about security to the SaaS vendor. And I was like, yes, good for you. And do you have a policy in place that sort of checklists through what the SaaS provider should be doing? And so you should be looking for certifications. You should be looking at, you know, SOC type, SOC 2 type 2. You should be depending upon the vertical. And if you need credit cards to take in credit cards, PCI DSS, cloud security alliance verification, you might want to ask them questions about what do they do with your data? What does their access management look like? Do they integrate with other tools that you already have? And that you guys use on a regular basis, you know, that that's really, really important. And I know you've got some research to share on this too. You know, I think I was looking at some research from Trellix, which is a company that was formed by the recent merger, somewhat recent merger of cyber security giants, McAfee and FireEye. But to your point of choosing a reputable SaaS provider, you know, don't just take their word for it, something you have to take incredibly seriously. And you know, the Trellix research showed that while most customers simply trust their service providers to handle security, in reality, that is kind of a mistake. Trellix's research showed that only 18% of SaaS providers support multi-factor authentication. Only 10% of them encrypt data at rest. So if you as a consumer are coming into the equation of I need a SaaS security solution, and you or even I need, you know, I want to buy a SaaS application to plug it into my tech stack, you can't go into that assuming that the vendor partners that you're evaluating are putting security anywhere near the top of their list as it comes to things they're building for, thinking about and integrating in. And so to me, that was a kind of a big wake-up call. Those are big numbers. Only 18% support MFA. Only 10% encrypt your data at risk. So I think you need to dig deep as you evaluate these vendor partners. You need to look at their audits to ensure compliance. You need to ask questions about what they do as it relates to data segmentation, data encryption, cyber protections. Some other things I think to consider are, and these are pretty easy. A lot of people don't do them, but they're really pretty easy. Keep a usage inventory, use automated tools, which are out there to track usage of your SaaS applications so that you know who is using what throughout the organization. Use a cloud access security broker solution. And that adds security controls that some SaaS vendors don't natively offer. Another thing that I think is super important is visibility. Monitoring all usage and security logs and making sure that your IT team knows that SaaS solutions aren't set it and forget it. They need monitoring. They need to be part of your risk management strategy and you really need systems in place, including training that ensures all of your users are safely handling these apps. So SaaS applications, there's a reason that we started talking about it first in this episode, but it really is a very real challenge and we hope that you'll put this on the top of your list of things to plan for as you map out your strategies for 2024 and moving forward. Now we're going to move on to our prediction number two, and that is hackers. And hackers don't ever seem to tire of DDoS attacks. They are on the rise. This is a distributed denial of service attacks. We talked a little bit about this in our last show. They continue to be one of the primary tactics that threat actors employ. Yeah, it's true. And I want to just jump back to something on the first topic so that everybody knows there are literally tools out there that can actually scan your SaaS applications and then prioritize them in terms of risk level. So if you want a visual interpretation of what's red and kind of a no-go app, what's yellow and has some issues that was green and go, there's tools out there that do that. And that goes to observability and visibility. You can't see, you can't identify a problem that you don't know exists. You can't fix a problem. You can't mitigate a risk. And so that is really where looking at solutions that provide visibility and observability on your part are so critically important. Yeah, yeah. But I mean to take thunder away from your DDoS segment. No, no, no, no, no, that's fine. I wanted you to, you know, I wanted you to pop in and talk a little bit about what you're seeing in terms of DDoS attacks being on the rise. Yeah, and I know, I'm super excited because you and I have been talking about how security tools are malleable and getting repurposed for things. And I know we have an episode coming up about DDoS and AI security, which is kind of a novel way to approach using a DDoS tool. But so that's a little teaser for you guys to tune in later. But NetScout had a DDoS threat intelligence report that they released in 2023. And they found that 7.9 million distributed denial of service attacks were, had happened during the first half of the year. And that was a 31% increase over the previous year. Now, stand still a minute, because I had to get my arms around this idea. They were afraid. 44,000 DDoS attacks a day. Every day? Every day. Like, like notice on these off. No. And, you know, the report also found that DDoS attacks were up 200% from just the previous year, right? So that was the XEO report. They found that the report, DDoS was up 200% from the previous year. And we were just touching on AI and automation. The XEO report that came out found that there was a 387% increase in attack activity just from Q1 to Q2 of 2023. And then when I see numbers like that, like 387% increase. Like what? And by the way, let me back up and say, I was curious and I couldn't do this math in my head. So I, so I went back here and grabbed my calculator. You know, 44,000 DDoS attacks every day divided by 24 hours in a day is about 1,400 attacks an hour. That's a lot. Great. Great. And so there were some verticals that you may or may not think that they would be attacking, right? Telecom would be one that they would be attacking because back to the network. You know, media companies, retail, right? And the attacks are large enough to just take things offline, to just make them unavailable, right? That's what they're trying to do in the DDoS attack is just make something unavailable for X period of time. So, you know, what are you seeing out there? What are people saying to you? Well, nothing any different than what it is you've mentioned. And, you know, I think we shared some stats in our last show as well about, you know, the sort of the simple attacks, the phishing, smishing, vishing, those attacks are incredibly popular, ransomware attempts. Those things are not going to change. We don't expect, you know, and we've seen, you know, when I was looking at Xeo's data, I thought that there was one line that jumped out at me and it said, you know, 2023 reached a fever pitch of attack activity. And this is largely due to AI and automation. And so we are not going to see, I mean, you know, all of us out here or the smart ones among us are learning how to use AI and gen AI tools and our day-to-day work and things like that, spurring proficiencies, productivity, cool things. Well, Threat Actors are doing the same thing. And the reality of it is, is that they have much to gain from a financial standpoint when it comes to mastering the, you know, what AI and automation can do as it relates to dirty deeds done dirt quick. That's an ACDC song. That's pretty good. Can you try to show me? It is, it is. What's your first prediction? So, well, we're going to move right on here. And we think that convergence is the new book. And what does it mean? Well, we're seeing organizations actively work to consolidate any number of the, well, the amount of cybersecurity vendors they use. And this is driven by concerns about operational complexity, as well as the need to mitigate risk. And I'll say that, you know, I mean, you remember back to the target attack, you know, talking about retail being an attractive threat vector. But, you know, I feel like the target attack was one of the big ones out there that kind of got us, shook us in the industry a little bit. And that target attack which exposed a lot of customer data, which, you know, we're talking about credit card data, all that sort of thing. That attack happened not because somebody got into target systems individually, but because they came in through weakness on the vendor side. The vendor had access to the network and things, bad things happened. If I remember, yeah, if I remember, they got into an HVAC system, didn't it? Yeah. So things you don't even expect. So when you think about, so vendors in general, there's a lot of scrutiny on, but cybersecurity vendors and the reality of it is, you probably don't need six different cybersecurity vendors and different solutions and everything else. You need to be looking at, you know, consolidation. I know you talk with CISOs all the time, Joe. So what are you seeing on the consolidation front? You know, they fall into two camps, right? Some of them consider consolidation a must. And it's from the idea of just consolidating the tech stack. So less stuff, less portals for their guys and gals to get into and try to correlate data themselves, right? And I get that. And then some of them say, well, you know, we like the diversity in vendors. So it'll be interesting to see the way it plays out, but I know that the big tech vendors are kind of leaning into, hey, let's consolidate. And I was going to ask you about that. What are you seeing there? Well, I think we're certainly seeing, you know, vendors in this space taking notice of this. And we've got, you know, CrowdStrike and Cisco and Fortinet, Palo Alto Networks, VMware and Zscaler. And they're all fast tracking product roadmaps, which can turn consolidation into a growth opportunity. I mean, they are not sitting back idly and watching the need for this get, you know, go unanswered. So I think that that is definitely what we're seeing in the market. Now, let's talk a little bit about what are some of the products that are top of mind when it comes to, you know, doing that, turning those growth opportunities into something that, you know, that come as a result of consolidation. What are you saying? Well, I know some folks have big budgets. And then there's some companies that don't. And one of the things I say is to customers, because we do a lot of work with the holdings of private equity. So companies that have just been acquired post-M&A. If you've got a limited security budget, you want to protect the end users, right? You want to use that budget for it, because they're, we've talked about it before, they're one of the things that is kind of a wild card if you don't lock them down, right? I mean, in terms of, yeah. So if you take that thinking a step further and you're like, okay, well, I've got to spend my security budget, whatever it is, on my end users, you have to think about what they're going to be doing. So just about everybody has MDR, EDR, MDR, XDR. You could say that the XDR is a bit of a spin on an MDR, but it's end user, it's end user support, right? And so if you take that a step further and you think about, well, back to what we said earlier, SaaS applications, let's envision a company that is primarily SaaS-based for all their functionality. They just don't have a lot of on-premise gear. They don't have a lot in the cloud. And everything that they're doing is part of a SaaS app, right? Everybody has their access to the SaaS apps, and that's how they log into HR. That's how they use the ERP. That's how they do- Look their travel. Right, everything happens in a SaaS app. So if we extend the idea of endpoint protection, which is EDR, MDR, XDR, then we want to look at the network. And we want to look at tools like SaaSy. And SaaSy's done a great job of integrating via a cloud tool parts of the network security stack, right? It encompasses a number of things. So it just makes sense for that to sort of be the next thing that gets added to portfolio. So there was some news recently about an XDR company that bought a cloud security company, right? And that's sort of that next evolution of things that is happening in the space. What about zero trust network access? What do you think about that? Yeah, I know we're going to- I'm a fan, right? I think the VPNs really served us for their time. Yeah. They're older technology and they have not adapted to the trends in which we work, right? They're a moat and castle technology. And we don't work in the castle anymore, right? We work out in the field. It's a great analogy. We're out in the field. We're not in the castle anymore. So they're the moat around the castle and the castle is really empty right now. The princess has gone out and she's on the road. She's Taylor Swift at the football game. I don't know. So that VPN that many of us have been using for a very long period of time, the challenge here is that that just recognizes a device. And what you're saying then is that is no longer the best path? No. It just recognizes a device, not a user. And it's not going to do some of the things that we needed to do. If a user can come into the system, hey, they've got access to everything. Maybe the salesperson doesn't need access to the accounting functionality. Maybe they shouldn't. And so that's the whole concept of micro segmentation that occurs with Zero Trust Network Access. And also Zero Trust Network Access is sort of the gateway to a Zero Trust framework. It's that whole thinking of trust only if you can verify. This reminds me, this conversation reminds me of some comments that were made by Zscalers Jay Chaudry in a recent interview he did at theCUBE and it was at RSAC23. He was talking about VPNs and he was giving an example that I thought was just such a great example of the risks posed by VPNs. And Jay called VPNs the biggest security threat to enterprises out there. That's an attention getter, right? But Jay went on to share an example of what happens when users get on the network using a VPN or being on the network with firewalls and a VPN. And here's what he said, I come to see you. By the way, when I'm walking you through this, this is going to flash in your head because all of us have done this. So I come to see you, they stopped me at reception. They check my ID, they give you a badge and they say coincide. Your meeting is on the seventh floor, but go wherever you need to go. So you're inside the building, you could go to the seventh floor but you could wander around wherever you want to go because nobody's probably paying attention to you. You could not even go to the room you were supposed to be meeting in. But that is a great visual to me example that so many of us have experienced of what happens with network security and a VPN. So in the zero trust model, it's different. They stop you at reception and they give you, they check your ID and they give you a badge and then they say, come on, I'm going to escort you to room 22 and room 22 only. You don't even know the room number, large probably. And once your meeting happens, then they're going to escort you out. And so you're not going to stop at the lunch room. You're not going to visit somebody. You're not going to do anything. You're going to go exactly where you're supposed to go, which is the room 22. And when your meeting is over, you're going to be personally escorted out. And then if you're really security savvy, like the Department of Defense, they're going to say, hey, we're going to blindfold you and take you into the meeting room. And then your meeting happens and they blindfold you and then they take you out. So I think that that, and that of course is a key part of Zscalers value proposition. It's mitigating the ability that a threat actor has to get into the network and move around unilaterally. And with Zscalers, zero trust architecture, it doesn't matter where your applications are. They could be in the factory, they could be in the warehouse, they could be in the data center, AWS, Google Cloud Platform, Oracle Cloud, Azure, wherever they are, the Zscaler architecture connects users to the right application without having to worry about extending the network to every place. So that to me is a really smart way to approach security and to integrate zero trust architecture into everything that you're doing. Yeah, that's a great analogy. Like I said, when I was reading those interview notes, I'm like, oh my God, you totally nailed it. It was really cool. All right, we're going to move on to our prediction number four. Did somebody say acquisition? Oh, yeah, they did. It's happening. So in September of 23, we got to mention the grand daddy that happened in the last year. And Cisco bought Splunk, right, for an estimated 28 billion. 28, yeah, 28, crazy. And it was one of the big ones. It was one of the big ones. I know we just had another one happen that wasn't quite sort of security adjacent space, but it didn't beat that number. And, you know, I think we're just getting started. What do you think? I think we are just getting started. Absolutely. Absolutely. And there were some other interesting ones that happened really fairly recently. Who's at the top of your list when you think about that? Oh, well, we just had that play that just happened with Sentinel-1 and Pingsafe. Yeah, yeah. That was that was pretty interesting. I think, you know, Sonic Wall bought Banyan, right. That was that was also pretty interesting. I think we're going to see some more happen. Yeah, I like the fact that, you know, I think Sonic Wall's acquisition of Banyan was key because it provides cybersecurity services at both the enterprise level and to the SNB customers. And I think that that's really, you know, where we want to make sure that we don't overlook the, you know, the small to mid-sized market as well because cyber threats and actors don't care. They want data. They want access. They want capabilities. And so I love the fact that that solution, you know, spans both of those markets. Now we're going to slide quickly into, we've talked a little bit about this, but Zero Trust, does it start with a network? You know, as we say here at theCUBE a lot, architecture matters. And you, as I mentioned before, your applications are out there, data center, warehouses, SaaS apps in the cloud. But the architecture has to be done correctly. And really a Zero Trust architecture is where it's at. I think as an industry, we've gotten a couple of wake-up calls over the course of the last couple of years. One is the SolarWinds attack. Then we had the Colonial Pipeline attack, which was enabled by Remote Access VPN by the way. And these crippling attacks kind of really meant that it was time to get serious about Zero Trust. So I know that you have some thoughts on Zero Trust architectures and how important they are. Let's hear it. I think that we're starting to see this evolution of enterprise security. And I think about Zero Trust network access as sort of the front door, right? It's the first thing that customers adopt as they're thinking about their Zero Trust frameworks. We talked about that a little bit earlier, and we alluded to a couple of things. I was thinking through this, and I think there's really seven things that are changing. So we've got a changing perimeter. We talked about the mountain castle that's gone away. And part of that is these dynamic work environments. And one of the things we didn't say about ZTNA is that it can actually contextualize location. So if you're a user that normally signs in from Indiana, Chicago, wherever you're at, and all of a sudden you're signing in from Italy, it's going to know that you're signing in from Italy and then create an anomaly alert and tell your admin, hey, this person's coming in from Italy. Oh, Joe's not on vacation. Why is she coming in from Italy? Right? So there's that geo-location factor. Yes, you could argue that you can see that in VPNs, but it takes a while to look in the logs. And there's really no alert that if somebody's coming in from somewhere they shouldn't be. So that kind of alerts you that there might be a problem. We talked about lease privilege access. So the minimum level, if they're in sales, they shouldn't be getting into accounting. You can restrict that. And that's the whole micro segmentation. We talked about MFA earlier and zero trust places a strong emphasis on MFA, which limits access. Authentication, adaptability to cloud environments. VPN wasn't built for the cloud. This is. And you mentioned it earlier, you're not only worried about North-South traffic going out to the South. You're worried about East-West traffic as well. The ability for somebody to get in and wiggle around and stay. And you don't know how long they're staying. Like your mother-in-law, you wanted to leave after a little bit. Well, I think we covered this on our last show. My mother-in-law, if you're listening, I do not want you to leave. I want you to stay as long as you want. You know, and I'm married to an only son of an only son. Like, I got to be careful here. He left a real law of minds passed away. So she's not going to be a friend. Yeah, you can say whatever you want. Regular pre-compliance is the last one. We're starting to see the government require through a vehicle called CMMC, the entities that deal with them. Being required to put in ZT&A. So those are my reasons and, you know, your seven things that you think are key here. I think that's a great list. Yeah. So if you kind of have a wrap up what we've covered, what do you think? Well, I think we've got a lot to think about here and we certainly have exciting times ahead in the security industry. And, you know, nobody's going to argue that. So I think, you know, just to recap, as you will wrap up our five network security predictions for 2024, SaaS security will see an increased focus. DDoS attacks will continue to increase at a rapid rate. Protecting against them could not be more critical. Convergence is the new black. We expect to see organizations actively work to consolidate the number of cybersecurity vendors they use, both to help mitigate risk and to reduce operational complexity, which everyone is working for toward consolidation in the industry is a given. And we expect to see more acquisitions as vendors look to add to the breadth of their solutions and become more holistically attractive to customers. Zero trust network architecture. Let me say that again. Zero trust network architectures are, without question, the present and the future of network security. So with that, we're going to wrap our show. Thank you for being here today, Joe. Thanks to our audience for tuning in. And let us know if you think we missed anything. We'll see you here on the security panel next week.