The advent of hyper-connected endpoints via heterogeneous, unconventional means and the rise of cloud-based virtualization economies demand a digital business model capable of combatting increasingly-sophisticated cyberattacks and navigating a complex, rapidly-evolving threat landscape. Today’s network security products – which are the building blocks for establishing secure device-to-cloud connectivity, and maintaining data confidentiality and integrity – are challenged by emerging threats and more frequent attacks. Being at an inflection point, they must evolve to adapt to cloud-based, virtualized environments to protect against emerging cyber threats.
Traditionally, network security has safeguarded communications and IT infrastructure through a perimeter-defense strategy. This approach has ensured the confidentiality, integrity, and availability of applications and data through role-based, session-oriented authentication, and authorization mechanisms. The rise of software-defined networking (SDN) and network function virtualization (NFV) has caused network security providers to reconsider network infrastructure deployment and utilization techniques in datacenter environments. One example is the central office re-architected as a datacenter (CORD) initiative led by AT&T, which entails communications services providers (CSPs) converting their local offices to data centers that feature agile, software-based environments leveraging commodity servers, storage, and networking devices. Transition to zero-trust model, virtualization of network functions, dynamic service chaining of network and application workloads, and closed-loop management of vulnerabilities are creating challenges for network security products that were designed a decade ago. Hence these network products must consider impacts due to following trends in their roadmaps.
- Shift from appliances to virtual network function with the usage of micro-services architecture and usage of packet acceleration techniques to improve the price-performance ratio
- Distributed, horizontally scalable network security functions at the edge and at the data center
- Security orchestration
enabling micro-segmentation enabled policy enforcement and management functions
- Streamlined crypto keys and PKI certificate management to handle self-signed and CA-signed certificates
- Identity and root-of-trust management in a heterogeneous environment
- The Rise of Cognitive Analytics in Incident & Threat Management to strengthen the signature and anomaly-based mechanisms through machine learning algorithms
- Insight Generation and Higher-Order Analytics Through UI/UX Transformation
- Federated Situational Awareness and Patch Management for effective prioritization, deployment, and verification of security fixes for the platform and for applications
- Agile Testing for Accelerated Product Compliance Readiness Lifecycles with continuous vulnerability assessment & penetration testing (VAPT) and with a knowledge graph based orchestration layer to manage exploitable vulnerabilities during a secure SDL process
- Design for compliance
With its cross-industry customer-to-chip experience and software frameworks and solutions (SFS), Altran is the partner of choice for accelerating the adoption, development, and re-architecting of the next-generation network security products that are evolving based on above trends. More details on the same in this whitepaper.