Source – Shutterstock
New strategies to address rising volumes, network complexity
- When it comes to cyberattacks, Asia has been a “little lucky” in comparison to the west
- Having complete visibility over a network should be the top priority
If you’ve been keeping up with network technology history, you’d recognize that complexity is still a challenge for network engineers, even in the current digital era.
People have been aware of the need for network management and monitoring technology for as long as devices have been interconnected by networks. Since many years ago, computer networks have expanded from a small number of machines to hundreds or thousands of connected network devices.
As networks expand, new applications and services are added, adding to the existing environment’s complexity.
According to Frost & Sullivan’s latest whitepaper, Modern Cyber-resilience: The Transformative Power of Cloud-first Security across Asia-Pacific, only 23% of businesses combine network management and cybersecurity. Nearly three-quarters of businesses (73%) employ hardware-centric network administration, relying on simple automation and manual provisioning.
Network management isn’t an easy task. Unfortunately, given how cyberthreats especially have been on the rise for the past few years, network managers now have to deal with more complex issues.
Having said that, Tech Wire Asia had the opportunity to sit with Jesper Andersen, President and Chief Executive Officer of Infoblox, to talk more about the expanding network security risks ,and how Infoblox is handling these networking intricacies.
Increase of cyberattacks in Asia
Jesper Andersen, President and Chief Executive Officer of Infoblox (Source – Infoblox)
In general, the region is vulnerable. He believes cyberterrorists would think that attacking a major western bank or western healthcare provider will yield better rewards since they can afford to spend more money.
Hence, the region has been “a little lucky” those cyberterrorists have not targeted it – though they might.
“Remember, it could be for political instability as much as financial benefit. As you modernize your infrastructure and network, I believe this region needs to be concerned about it and invest more in [cybersecurity tools]. The architecture of your infrastructure should evolve when you begin implementing cloud technologies, and cybersecurity has to be followed along with that,” Anderson elaborated.
Having complete visibility over the network
Without total network visibility, nothing screams network modernization. In Andersen’s opinion, having complete visibility over a network should be the top priority.
One of the first questions Infoblox will pose to clients or potential partners is “Do you know what’s on your network?”
“It’s scary to think about not knowing what is on your network because it’s one thing to be able to recognize that an IP address is heading to a bad location, but it’s scarier not to know the IP address even exists and not to know what it is,” he said.
This is more than about technology; it’s about raising awareness of the firm’s employees about processes, if the company knows what to do if attacked with a ransomware attack or if the IT team knows who to call to get permission to shut everything down.
Although it seems obvious, few people are aware of it, which is why there should be a security culture within a business, and all employees should be aware of who has the right to do what. Infoblox has been doing this for a while and has also made network management simpler to accommodate customers and handle various challenges.
The foundation of Infoblox to address complexity over the network
To understand how Infoblox grew as a company and developed its presence globally, it’s essential to grasp the foundation of what makes Infoblox. It all started back in the days when managing a domain name system (DNS) was cumbersome. According to Andersen, DNS is basically like a phonebook of the internet.
“You basically have to go to DNS, to any URL or something, to get the IP address. That’s why DNS is so foundational to the internet, because nothing works without it. Same thing for DHCP. You can’t get an IP address if you can’t do DHCP. And if you can’t get an IP address, you’re not on the network,” he explained.
There wasn’t a way to make this networking problem simpler. All that was required is for someone to create an intuitive user interface for managing DNS, and ensure that all DNS servers are in sync.
At that point, Infoblox entered the picture, revolutionizing network services and introducing the first hardened DNS appliances, delivering a level of security and reliability that network administrators had not previously been able to achieve.
That’s why they were recognized worldwide as the category leader in a set of networking services — also known as DNS, DHCP, and IP address management (DDI). Today Infoblox is a multinational corporation with customers all around the world. From Australia and New Zealand (ANZ) in 2009, they established their first organization in Asia. Since then, they have built offices in several countries, including China, Hong Kong, and Japan. Singapore currently serves as the organization’s Asia Pacific headquarters.
“We have grown our customer base here. I still believe we have a huge opportunity across Asia. First of all, Southeast Asia is the best-growing region in the world. Even in a tough economic challenge, [where I read a report] Southeast Asia is about 675 million people and projected to grow about 5%-plus this year. This is a great opportunity for Infoblox, both from being able to help companies, but also for growth opportunities for us.”
Differentiation from other network security vendors
“What we do well in is around DNS – and we can look at it in 2 ways. First, the ability to have as much information on a network is particularly important to a security operation center (SOC) team,” said Andersen.
According to him, working in a SOC in the present day is the IT industry’s most despised position. But why? Because there aren’t enough people, plain and simple. He claimed that the SOC teams from some of the most prominent institutions receive over a million events each day that may indicate a security issue, but they can only handle 3% to 5% of them.
Interestingly, a significant portion of SOC’s time was spent working on forensics. Infoblox can help when it comes to the networking side of things.
Analyzing threats in real-time (Source: Shutterstock)
“We can assess risk associated with things that are more risky. Think of that as pre-correlating information rather than just preloading all kinds of raw log files into a SIEM system – that’s one thing we can do. By running an Infoblox DDI system, you can get more help and information for your security operations center team,” he added.
Second, Infoblox can help in securing DNS service and protocol. Over 90% of all malware and ransomware attacks involved DNS. These threats usually penetrate networks through phishing attacks.
“We need to have our own security DNA. In other words, we need to become a security company and a networking company. Therefore, we made an acquisition of a company called IID in 2015, which gave us access to a team of threat researchers and intelligence specialists who were familiar with AI and machine learning, and [that was the introduction of] the threat intelligence platform, which is utilized by the Department of Homeland Security in the United States,” said Andersen.
Andersen claims that although many companies have asserted that they can offer some level of assurance, they don’t have the sophistication to stop things like data exfiltration via DNS, and other issues that call for AI and machine learning.
Technologies dominating cybersecurity in the future
With the sheer volume of problems in cybersecurity, according to Andersen, it can’t be solved without leveraging AI and machine learning.
In today’s world, everyone works from wherever they choose, using whatever gadget they want. Because of this, the infrastructure has drastically changed, and most people have started moving their applications to the cloud.
Additionally, young users don’t want to use a VPN network when sitting with a laptop. Why should they, when most applications are hosted in the cloud? Doing so would only result in subpar performance. The security architecture now needs to make room for that change.
Hence why, the concept of zero trust is being practiced and adopted. Zero trust is a strategic cybersecurity technique that secures a company by eliminating implicit trust and constantly validating every stage of digital interaction.
Additionally, it’s important to adopt a detect-and-respond type of philosophy. “When it’s about detecting and quickly responding, you start hearing terminology like “shift left”. The idea of shift left means that our solutions are assisting our customers in shifting left, which means that the earlier in the cycle of detection that you can detect a risk, the faster your response can be,” he explained.
Therefore, Infoblox developed a solution called BloxOne Threat Defense that is specifically designed to assist enterprises in “shifting left”. Additionally, they are investing more and more in AI and machine learning, because the human eye and mind cannot process information quickly enough.
“I think those are the technologies and the terminologies that will dominate cybersecurity, at least in the next two to three years, until someone comes up with something sophisticated,” he concluded.
READ MORE
- Strategies for Democratizing GenAI
- The criticality of endpoint management in cybersecurity and operations
- Ethical AI: The renewed importance of safeguarding data and customer privacy in Generative AI applications
- How Japan balances AI-driven opportunities with cybersecurity needs
- Deploying SASE: Benchmarking your approach