Moore's Law, the evolution of Web 2.0 applications and virtualization are among the trends influencing the network security industry, according to unified threat management vendor Fortinet Inc.
1. Moore's Law
"You've got static security technologies that exist -- antivirus tools on the desktop, for instance, aren't going through any major upgrades to their efficiency or their methodology -- and yet computers are becoming more powerful and (shipping with) bigger disk drives, so there are more things to scan," Stiennon says. This may be a case where security manages to keep up -- the antivirus products take advantage of the computer's power as well, he says.
"But on the network throughput side, the status quo right now is to do most networking firewalling and encryption for SSL and VPN with the CPU on your desktop and laptop. But on the network gear side of things, MIPPS chips or standardized CPUs are not able to keep up with network throughputs." Specialized content-processing network devices will need more specialized silicone to deal with throughput, he says, whether homegrown ASICS or off-the-shelf products from manufacturers like Mistletoe Technologies.
2. Application evolution
"Over and over, someone will roll out an application, and because they roll it out to trusted parties, there are no vulnerabilities or exploits used against the application." But the applications become more popular -- Salesforce.com, for example, now has a million users and is starting to become a target for attack. "We know with online banking, the user name 'password' isn't strong enough, but here all these salespeople are getting onto Salesforce.com with a user name of 'password.'
MySpace and FaceBook allow anyone to create and deploy applets or widgets, and they reach huge audiences quickly, opening up the underlying architecture of the sites to having personal information harvested, or distributing malware to users.
3. Automated management
We're on the way to network equipment that's aware of where it is on a plug-and-play basis, Stiennon says. "Even if it first grabs a random IP address from a DHCP server, eventually it will phone home and find out its new policy is such and such, it's IP address is such and scutch, and it'll be reminded to register with the vendor for warranty and subscription updates and signature updates," he says.
Now, it's often done with a USB token with preconfiguration information, Stiennon says, but it's "pretty imminent" that the machines will be taking care of it themselves over the network.
4. Research trends
Research is driven by the bad guys, Stiennon says. "If they'd stop being so innovative, we could all stop hiring new people and getting smarter," he jokes. "Research is chasing. It makes it easy to predict where it going to go. It has to follow the bad guys."
Pundits predicted the demise of signature-based research as early as 2000, he says. "Microsoft was going to fix this problem. We wouldn't need antivirus research. Obviously, that isn't the case."
The more than 70 antivirus companies researching worldwide share their signatures, "but the methodologies and tools are proprietary to everybody."
Stiennon bucks the recent trend among some security thinkers that whitelisting certain applications rather than trying to keep up an ever-expanding black list is a more effective approach. "It's got some merit, in a law office or a publisher, where you use standard, off-the-shelf applications," he says. "But most large enterprises have lots of custom applications."
5. Modularity and standards
Network manufacturers are increasingly providing component slots for card modules, largely using the AMC standard. "It means manufacturers of components can scale and get their costs down," he says. Also, it means that hardware manufacturers would be able to accommodate off-the-shelf components.
There's still a strong market for security appliances for a couple of reasons, he says. First of all, from the vendor's perspective, it's more efficient to control the hardware and operating system than to try to support a variety of platforms. And there is still a need for specialized hardware.
6. Hardware acceleration
Like processor speed, bandwidth is growing exponentially. "Frankly, right now, we're facing a 10G world," Stiennon says. To do IPS or any kind of content filtering over pipes that big with require specialized processors. One option is to use multicore chips running many instances of Linux in parallel, he says, but there are plenty of foundries that can provide custom ASICs. "We'll see a lot more of these specialized content processing chips," he says.
Microsoft's operating systems don't literally multi-task like Unix servers, but VM Ware has made that virtually possible by creating multiple instances of a Windows server on a single machine without leakage. It's not perfect, but "it's better than having stacks and stacks of servers."
Along with the advantages of rack space, power consumption and heat output, virtualization is a very secure to segment networks -- they're invisible to each other, so problems on one network don't leak over to another. "A hacker who owns one network ... can't break into another network," he says.
This story, "Trends in Network Security" was originally published by Network World.