Edge Computing Growth Drives New Cybersecurity Concerns
Edge computing is proving to be more than just a trend. Research giant Gartner predicts that by 2025, some 75% of enterprise-generated data will be created and processed outside of the traditional data center or cloud. Simply put, the edge is poised to be huge, and with that growth comes new cybersecurity threats.
What’s more, threats and compromises at the edge can lead to much more serious problems than just service disruption. The increased amount of data and processing occurring at the edge means that cybercriminals will target edge applications and devices more fervently. Cybersecurity today tends to be focused on the endpoint and the network, leaving the edge somewhat more vulnerable to attack.
“Many enterprise IT staffers are skeptical about having to separately protect the edge, and feel that the tools provided by hosts, such as endpoint and network traffic security products, offer adequate protection,” said Matt Hathaway, vice president, product marketing at Imperva. “However, those host-delivered solutions lack the visibility that businesses need to understand and react to threats at the edge.”
Imperva is one vendor that aims to address the visibility and edge security problem with the company’s recently announced Sonar Platform. In an associated press release, the company claims that Imperva Sonar delivers integrated analytics while automating workflow and accelerating incident response for edge operations.
“At the edge, seconds matter, meaning that cybersecurity tools must be automated to deal with threats in real-time to prevent serious damage,” said Hathaway. “In those seconds, if not milliseconds, suspicious traffic needs to be routed to a scrubbing center to mitigate any threats.”
Hathaway makes some good points that resonate beyond what Imperva is attempting to do with Sonar. Edge computing is on track to become one of the most-trafficked part of an enterprise, with endpoints, IoT and other devices interacting with the edge to collect, create and process data, all potentially before interacting with a traditional security appliance.
The key seems to be the combination of automation and visibility. To effectively protect the edge, cybersecurity actions need to occur in milliseconds. In other words, automated response systems that use AI and machine learning must be able to analyze traffic in real-time and immediately identify and contain any threats.
“The threat vectors impacting the edge can include lateral attacks, account theft, entitlement theft, DDoS attacks, data theft and more. Meaning that protecting the edge becomes something that must be done,” Hathaway said.
Effectively protecting the edge means understanding how cybersecurity protection schemas work in an enterprise that uses not only edge computing, but also the cloud and traditional resources. Most enterprises are clearly focused on data security and application security, and are using tools such as web application firewalls (WAF), runtime application self-protection (RASP), data exfiltration protection and, of course, endpoint protection.
Since the edge has the ability to “touch” data and applications, as well as use identity to connect and determine entitlements, a great deal of potentially sensitive information passes through the edge. Much, if not all of that traffic moves through a content delivery network (CDN), where hosts provide the connectivity and, hopefully, wrap encryption around that traffic to protect it from interception. However, intrusion and data exfiltration still happens.
“Digital transformation is driving more and more applications to the edge, and with that movement, businesses are losing visibility into what is actually happening on the network, especially where edge operation occurs,” Hathaway said. “Gaining visibility allows cybersecurity professionals to get a better understanding of what is actually happening at the edge,” he said. To Hathaway’s point, collecting the data around edge traffic means that data can be loaded into a security incident event management (SIEM) platform, or directed to other tools for further analysis.
SIEM is a capability that has become increasingly important for enterprises, since security event analysis can lead to the creation of better access policies and identify potential weak spots in their protective armor. While Imperva is looking to take the lead on edge protection, there are other methods to secure the edge currently on the market.
For example, SASE solutions, such as those from Cato Networks, Zscaler and Fortinet, which use zero-trust network access (ZTNA) protocols which, in theory, could protect the edge, as long as the edge is part of an SD-WAN. Other vendors, such as Open Systems, combine SASE with managed detection and response (MDR) to protect the edge, yet still relies on an SD-WAN to make it happen.
Imperva’s platform approach to the edge security conundrum brings yet another option for organizations to consider, and may prove ideal for those not looking to move into the realm of SD-WANs. That said, more options are never a bad thing, when edge security becomes a CISO’s priority.
