the near future of network security
TRANSCRIPT
Security and Privacy
The Near Future of Network Security
Greg Young 22 September 2005
1© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
Network Security Sea Change
Worms have changed the equation. Protecting the network is more important than protecting any individual node.The perimeter cannot go away and does notget less important.When there’s more malicious traffic than legitimate traffic on a network, operational performance becomes the lead issue.The network must reward good traffic and neutralize suspicious or unknown traffic.
2© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
AttacksUsers
Intrusion Prevention
Network Access Control
ID/Access Management
Vulnerability Management
Policy/Business Decisions
Threat/Vulnerability Information
Perimeter Protection
Internal Protection
Critical Security Processes
Network Security
IT InfrastructureID = identification
3© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
Hype Cycle for Infrastructure ProtectionVisibility
Maturity
Less than two yearsTwo to five yearsFive to 10 yearsMore than 10 years
Key: Time to Plateau
As of March 2005
Network Security Silicon
All-in-One Security Appliance
QOS/Traffic Shaping
Deep-Packet Inspection Firewalls
NAC
Security in Switch
PIP (Converged Desktop Security)
XML Firewalls
Host IPS – PC
In the Cloud
NIDS
Web Application Firewall
Host IPS – Servers
Gateway AV Stateful
Firewall
Network IPS
DDOS Protection
Personal Firewalls
Desktop Signature-based AV
Technology Trigger
Peak of Inflated Expectations
Trough of Disillusionment
Slope of Enlightenment
Plateau of Productivity
Acronym KeyAV antivirusDDOS distributed denial of serviceIPS intrusion prevention system
NAC network access controlNIDS network intrusion detection systemPIP personal intrusion preventionQOS quality of service
4© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
‘Short Worm’ Memory
The passage of a short period without a significant worm has passed. This end of worms is not upon us.
Today
WormWorm Worm
Worm
WormWormWorm
Severity
Time
= Network Security Memory Span
5© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
Malicious-Traffic Tipping Point
100%
50%
Security Problem
Network Operational
Problem
2001 2003 2005 2007
6© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
Protecting the Network
Bad — Block
QOSTraffic shaping
Firewall/IPS bladesScan and block
Intrusion detection system (IDS)Quarantine
Security event managementCorrelation
Suspicious — Pass and Alarm
Security Relevant — Pass and Log
Good — Pass and Prioritize
Harder: Takes People
Easy: Can Be
Automated
7© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
Myth of the Disappearing Perimeter
You can’t have a crunchy interior with a squishy exteriorThe perimeter doesn’t go away. We always have to protect the network.You can manage unmanaged devices and controlunmanageable devices.
8© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
2002 20052004 2004 2006
In-the-Cloud Security
In-the-Cloud Security
All-in-One Security
Appliance
All-in-One Security
Appliance
Next-Generation
Firewall
Next-Generation
Firewall
Gigabit +
100Mb and below
Driving the Market to Platforms and Intrusion Prevention
IDSIDS
Firewalls/IPS
Firewalls/IPS
Gateway AV
Gateway AV
Vulnerability AssessmentVulnerability Assessment
SecurityPlatformsSecurity
Platforms
Network Security Platforms
Softwar
e Hardware
9© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
Magic Quadrant for Network Firewalls, 2H04
Completeness of VisionVisionariesNiche Players
Challengers Leaders
Ability toExecute
As of December 2004
Secure ComputingMicrosoft
Cisco Systems
Symantec
SonicWALL
Juniper
NetContinuumFortinet
Teros
iPolicy
Kavado
F5
WhaleCyberGuard
StonesoftWatchGuard
Watchfire
(From “Magic Quadrant for Network Firewalls, 2H04," 14 February 2005 )
Network Firewall
WebApplicationFirewall
Check Point
10© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
IPS Market Vectors
IPSIDS FirewallsMove in line Deep-packetinspection
JuniperCheck PointFortinetiPolicy
NFRISSSymantecSourcefire
Inthe
switch
Cisco Systems3Com?
Improve mgmt.
McAfeeTippingPointReflex
Pure-PlayIPS
Not all vendors are displayed
11© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
Gartner’s Key IPS Selection Criteria
Fast-moving market vectors make selection a challenge:
Performance/latency
Research and updates
Price
Next-generation firewall
Management and reporting
Is it IPS?
Security function
12© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
The Next IPS Generation:Making IPS Smarter
NetflowAnomaliesHigh crime segmentsPeer-Attack
Fingerprints
DDOS sources
IPS devices are single points of visibility. Feeds from other sources will enable the next generation of IPS to make smarter and faster decisions, minimizing false-positives and negatives.
EndpointVulnerability assessmentOperating system
Other IPS
13© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
Strategic Planning Assumptions
By year-end 2006, 75 percent of network IPSs deployed in the enterprise* will incorporate multiple feeds (0.7 probability).By mid-2006, effective gateway anti-spyware will be a standard requirement in the majority of requests for proposals for midsize all-in-one security platforms (0.8 probability).By mid-2006, 10Gb stand-alone IPS appliances will be available from multiple vendors (0.8 probability).*Enterprise deployments are described as 1,000 or more employees, and 1Gb or more placement points.
14© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
All-in-One Security Appliances for Midsize Companies: Lots of Choices
Sample Vendors Only
VPN = virtual private network
15© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
Web Application Firewalls:Two Weddings and a Pure Play
Application Acceleration DMZ
Application Switch
WebApplication
FirewallW/A/DServer
WebApplicationFirewall
W/A/DServer
WebApplication
Firewall
W/A/DServerPure Play
W/A/D = Web server/application server/data server
16© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
Putting Security in the Cloud
Enterprise Network
Regional Office
Data CenterExtranet
InternetBusiness Partner
17© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
Recommendations
Network managers should begin blocking bad traffic to regain capacity and preserve legitimate application performance.Companies will always require a network security perimeter and a separate security control plane. Although the end game is security everywhere, security at the edge must be present — and as strong as possible.QOS and traffic shaping will play key roles in a secure network fabric.Outsource as much day-to-day busy work as you can —as soon as you can.