Enterprises will start 2018 with plenty of metaphorical desk space for teams to plan their approach to what could be the toughest cybersecurity year on record. But it's the number of empty seats around the desks that will cause most alarm.
Global security staff shortages in 2018 are forecast by Frost and Sullivan to reach almost 2 million vacant seats. There are industry rumblings of stiff competition between firms for experienced analysts. Some developers are roping in AI to assist teams who are short-handed. (See AI Prepares for Security Spotlight.)
Juniper Networks Inc. (NYSE: JNPR) sees no near-term end to this trend and has just tweaked its security products to counter this bleak reality.
"Cybersecurity personnel will continue to operate with finite resources and lean teams, and security [is] drowning in alerts and manual processes," Mihir Maniar, vice president of security business and strategy at Juniper told Security Now, commenting from its own NXTWORK event. (See Juniper Turns Contrail Into a Platform for Multicloud.)
Mihir Maniar, VP of security business and strategy at Juniper
(Source: Juniper Networks)
"They need automation and simplified processes if they're ever going to keep up with the evolving threat landscape in which attacks are conducted 24/7," Maniar added.
At a high level, Juniper has re-engineered existing products to focus on complementary machine/human automation for teams that looks to reduce time-to-remediation in a world where manual processes rule and security policies are complex. Juniper has toughening up its private cloud firewall protection and is additionally offering a new on-premises "one-touch" threat mitigation device to accompany its existing cloud-delivered Sky ATP product.
But the interesting piece is what Juniper claims is an industry-first security policy manager.
Now part of its Junos Space Security Director, this capability is Juniper's attempt to use an intent-based framework to cut down manual security policy creation and deployment over dynamically changing network conditions. Juniper claims in an example that policy creation in response to an attack where large firewall rule tables need fine-tuning can be reduced from 30 hours to ten minutes.
Those working in the SOC will be able to test the veracity of that.
But the overwhelming message is that the management of security policies is sapping resources and yet once they're established, they can be a very effective, industrialized way of nipping malicious activity in the bud.
Juniper it seems has spent a substantial amount of time clustered with large financial customers, defense agencies and other security sensitive customers to define where, exactly, the value is within the automation of policies.
"[Enterprises are having] serious difficulty [with] a consistent security policy model that spans across multiple clouds, resulting in challenges in creating, maintaining and auditing them," said Maniar.
In other instances, teams are struggling to create and test a policy under various threat conditions, and that was causing a scramble once the network was under attack.
One sizeable issue is securing applications deployed in the cloud -- it's basically taking way too long, with IT SLAs to deliver that are stretching out into weeks. Also, teams felt somewhat blinded by a lack of granularity into visualizing endpoint characteristics that would have helped build a holistic picture for troubleshooting security and access issues.
These included question marks over whether specific IP addresses represent an application, IP camera or database, or whether an application is running in the staging or production zone.
"We are just starting to see the impact that unsecured IoT endpoints could have for enterprises," said Maniar. "The cost of adding security to each IoT device or network-connected application is too high -- both for organizations who purchase the products and the device makers who manufacture them."
Maniar predicts that, rather than focusing on the devices themselves, next year will see an increase in businesses looking to secure the entire network instead of each individual endpoint.
— Simon Marshall, Technology Journalist, special to Security Now