Technology is transforming the world at a rapid pace. If you work on the cybersecurity front, you should not only deal with the reality today, but also have a vision of your long-term security strategy in the new era empowered by artificial intelligence, 5G and IPv6. As these technologies will have a profound impact on how we protect our data and digital assets in the future, we will take a close look at their specific implications on cybersecurity in this article.
Artificial Intelligence
With the development of network technologies, cyber attacks are becoming increasingly sophisticated, and new hacking technologies are emerging quickly. This poses major challenges to traditional rule-based firewalls: on one hand, the new attacks are shrewd enough to bypass the firewalls; on the other hand, the technical requirements and cost of maintenance are too high to take. As business grows, it becomes extremely challenging to perform behavior and event correlation analysis among a massive amount of data. In this context, automated security solutions based on big data and machine learning is taking over the stage.
Up to date, artificial intelligence has been applied to many network security scenarios, such as malicious traffic detection, application identification, abnormal behavior analysis, rapid attack response, etc., but more often than not, the technology is not achieving what the industry requires. There are several reasons for this:
• Modeling based on certain network security scenarios can be difficult.
• Machine training data is lacking. Among the large amount of normal access data, there are not enough intrusion samples that can be used to build the models.
• Users have different business and access models; it is difficult to use AI to generate a generic protection strategy.
• There are performance bottlenecks of algorithm engineering and data mining
Even though the impact of AI on cybersecurity is still relatively limited now, the explosive growth of network security data, the improvement of algorithm, and the advancement of computing capability will eventually make AI the core of the next-gen cybersecurity solutions. In the future, AI will be deeply integrated with network security services to solve problems in algorithm engineering to make sophisticated and automated protection possible. AI will also help to achieve breakthroughs in advanced scenarios such as behavior and event correlation analysis.
At present, companies’ security operations are facing some persistent challenges such as data overload, frequent alarms and difficult recovery. What they really need is to run their security system on an intelligent platform fully powered by AI (SIEM @AI). With little or even no learning cost, AI will be able to detect threats from massive input data streams, intelligently correlate data to establish internal connections and automatically deal with threat events. While improving detection accuracy and recall rate, AI can also save manpower and improve security engineers’ work efficiency, providing complete intelligent defense to enterprises’ external network, business, and internal network.
The biggest challenge for the next-gen AI-driven SIEM (Security Information and Event Management) platform is – how to achieve meaningful and deep threat recognition by establishing potential associations among massive amount of data that looks unrelated on the surface. The most important prerequisite is to collect enough data through the SIEM acquisition layer, followed by selecting the appropriate algorithm to process the data, and finally, associating the data using AI algorithm. This kind of correlation analysis is not only helpful for the traceback of known threats, but also of great significance to predicting potential threat events.
IPv6
In order to solve the problem of IPv4 address exhaustion, the Internet Protocol Version 6 (IPv6) was introduced. Due to the many advantages IPv6 has over IPv4 and the promotion of IPv6 at the national policy level, an increasing number of users have adopted IPv6 networks. Although the design of IPv6 has shown some improvement in terms of security, many security issues with IPv4 still exist with IPv6; some IPv6 features are even bringing new risks, driving another wave of demand for network security solutions.
Although IPv6 solves the problem of network address shortage, the massive pool of addresses making it more complicated and challenging to detect threats. The firewalls designed for IPv4 traffic is incapable of controlling IPv6 traffic to the required granular level, and the packet filtering based on protocols and ports is almost ineffective for channels that can be flexibly changed.
In areas where IPv6 is not widely deployed such as China, a transition protocol is used between IPv4 and IPv6. However, attackers may take advantage of the transition protocol’s vulnerability to bypass the security detection. As the majority of the network devices only support IPv4 and the ones that support IPv6 do not have strong security capabilities, businesses have to take a lot of risks during this transition period.
IPv6 upgrade is a huge project. For security vendors to support IPv6, they need to consider IPv6 addressing specifications, carrier IPv6 black hole routing support, as well as Internet enterprise security product transformation and docking, which requires collaborative efforts and joint upgrade of multiple departments and manufacturers.The migration to IPv6 requires adjustments of network, business, and applications. After the security product upgraded to IPv6, the strategy and logic related to the IPv6 address should be redesigned, fully tested and verified. The traditional method does it through comprehensive upgrade of the server, the network and applications; it is not only technically challenging but also time-consuming. This requires a complete IPv6 solution in place that helps enterprises to upgrade their systems timely while ensuring business continuity.
5G
5G is the cornerstone of the new digital age. With 5G commercialized, the world will witness huge leaps in emerging technologies such as artificial intelligence, big data, IoT, etc. However, in the 5G era, network security issues persist and require more attention.
The commercialization of 5G will accelerate the explosive growth of IoT devices. As a gigantic amount of sensitive data will be transmitted between connected devices, network vulnerabilities may put the security of customer data in IoT applications at risk. In addition, as IoT devices use simple processors and operating systems, and do not support complex security defense solutions like traditional PCs and servers do, it is easier for hackers to invade and use them to launch DDoS attacks with very large traffic. The high network speed and large bandwidth of 5G will likely bring in higher-volume and more threatening cyber attacks.
In the 5G era, the IoT systems will become more complicated and the network topology will change dynamically; the boundary between the internal and the external networks will be blurred. As network generalization becomes a major trend, traditional protection models based on network boundaries will be unsustainable and vulnerable to threats and attacks.
In the new era led by 5G, data will become the key target of network protection. The ability to identify which data can be accessed by whom in which way, and to control data access behavior in real-time, will be critical to the next-generation cybersecurity protection solution.
BaishanCloud is a leading global data service provider specialized in cross-border content delivery and edge security. To get more articles on trendy topics related to cloud delivery, streaming best practices, edge security, cloud technology in China and Asia and more, please visit www.baishancloud.com and subscribe to BaishanCloud newsletter at https://www.baishancloud.com/latest/categories/blogs.