Enterprise networks today barely resemble their counterparts from just a few years ago. Resources and users are now spread across a variety of enterprise, cloud and remote locations, making the perimeter amorphous and difficult to define. Yet, network security technologies remain a foundational aspect of cybersecurity and continue to evolve to better address today's distributed reality.
Understanding what may occur in the coming year can help practitioners better plan which purchases to accelerate and which capabilities to prioritize. While the curtain has come down on 2022, it's early enough in the year to offer a few predictions for what 2023 has in store for network security.
1. Threat detection without decryption begins to go mainstream
Encrypted traffic has become ubiquitous, with websites and applications commonly using SSL/TLS to protect user sessions. Attackers know this and often use encryption themselves to obfuscate malware insertion, command-and-control traffic and data exfiltration. When traffic is decrypted and inspected, these threats can be identified. TechTarget's Enterprise Strategy Group (ESG) research found that only 34% of organizations have visibility into all the encrypted traffic in their environment. Organizations may forgo decryption for any number of reasons, ranging from preserving employee privacy to preventing the performance effects that can result from decryption.
Some tools are incorporating behavioral analytics to assess whether encrypted traffic is likely to be malicious. By examining the encryption keys being used, the TLS handshake itself and other metadata about the traffic stream, encrypted attacks that would otherwise be able to bypass defenses can be detected without having to decrypt the session. This is unlikely to completely replace decryption but should help security teams close existing visibility gaps without sacrificing privacy or performance.
2. Attackers exploit connected home devices to compromise the enterprise
ESG research found that 63% of employees work remotely or in a hybrid model. At the same time, the number of IoT devices connected to home networks continues to grow, with security of these devices all too often being an afterthought. Attacks on connected home devices have occurred in the past, with the Mirai botnet being one of the most well known. But in that case, as well as others, the goal is often to hijack compute power for DDoS attacks or crypto mining.
Attackers can also use connected devices in enterprise environments to gain a foothold and pivot toward more traditional resources or exfiltrate data. To date, however, no major enterprise attacks have been attributed to a compromised home connected device. This could change in 2023. Some network security vendors offer products to secure and segment home networks, which is an early indicator of the potential severity of the issue. Organizations that continue to support remote and hybrid work should assess the potential risks posed by connected home device attacks, as well as emerging avenues of mitigation.
3. Consolidation and cost savings become more prominent SASE drivers
According to ESG research, only 4% of organizations cited reducing costs as their primary driver for Secure Access Service Edge (SASE) in 2021, and only 5% cited vendor consolidation. Most organizations were focused on modernization, shifting legacy tools to the cloud, pursuing stronger technology integrations and supporting zero trust.
SASE adopters now entering the next phase of their initiatives, coupled with the macroeconomic headwinds expected in 2023, will change this calculation. Improving security effectiveness will remain critical, but more focus will be on the direct and indirect cost savings that come from a consolidated SASE approach. Enterprise buyers should press vendors for economic proof points on how their SASE products can help improve the bottom line.
Security teams will continue to have a lot on their plate in 2023 as they navigate an evolving threat landscape, continued technology innovations and resource constraints. It's more important than ever for security leaders to accurately assess underappreciated risk and threat vectors and identify ways to address them that are both effective and efficient.
ESG is a division of TechTarget.