DALLAS—Over the past year it’s safe to say that both metro and global Ethernet are exploding. According to numbers released to the press at the Metro Ethernet Foundation’s GEN15 conference here, wide area versions of Ethernet are showing 100 percent growth year over year.
Most of the growth is in networks delivering bandwidth of 1 gigabit or greater. In fact, the MEF has already certified six vendors for 100 Gigabit Ethernet, and networks with that bandwidth are already going into place.
But having all that bandwidth adds to problems in other areas, one of which is security. It’s not that such high speeds change the security landscape, exactly; it’s that security needs to become more sophisticated to keep up. Finding security appliances that will work at 100G bps requires groundbreaking hardware. And that’s only the start.
With the growth of these massive networks, the complexity changes. A typical metro Ethernet may have to work with different edge vendors. The logical network may have to work across varying Ethernet topographies and different network hardware. Furthermore, it may be connected to a wider global network with access in places that are more risky than in the United States.
To top it all off, as these networks have grown, different parts will have different management software and, in many cases, different managers. So the question becomes how to keep the network secure from end to end. As you probably suspect by now, there’s also no single solution.
In fact, to ensure that network security is maintained throughout such large networks, it’s important to have security products that handle the endpoints as well as the network backbone and individual segments.
For example, Cylance is a security company that’s dealing with the problem of endpoint protection. But because the types of endpoints that exist on such broad network environments vary so widely, the company is building security software that protects everything from workstations and servers to devices on the Internet of things (IoT). Those things may include automotive and aircraft control systems, machines on factory floors, point of sale terminals or devices that provide telemetry.
According to Cylance Chief Marketing Officer Greg Fitzgerald, the problem of protecting this vast array of devices means that the company has had to develop security software with a very small footprint that is able to run in a wide variety of environments.
This means that Cylance doesn’t use a signature- or heuristics-based anti-malware program, but rather one that’s based on predictive analytics. This avoids the need for a huge database of signatures and other data, and Cylance contends that makes its system significantly more effective.
Today’s Huge Networks Need Agile Security Tools to Ferret Out Malware
When Dell decided to start using Cylance on its business and corporate computers, the company discovered while it was doing due diligence that Cylance stopped approximately 99.5 percent of all malware even after Dell’s network engineers threw all the malware they could find at it.
Typical antivirus software finds only about one-half to three-quarters of the malware that shows up. Furthermore, the Cylance software runs on nearly any platform, which is another factor that makes the software effective on a wide range of networked computers.
But Cylance isn’t the only answer. It only takes a couple of endpoints to get infected with malware to start wreaking havoc widely across a network. This means that in addition to endpoint protection, there needs to be network-based protection as well. Effective network protection requires a variety of hardware- or software-based appliances, including firewalls and intrusion detection systems.
But once malware worms its way into a network, there has to be some kind of system in place to ferret it out and destroy it.
To solve problems that can’t be handled on the endpoint, there’s cloud-based security software such as Wedge Networks‘ new Wedge IQ software, which runs in the cloud and can protect networked devices. When I wrote about Wedge a year ago, the product was using a signature-based method of identifying malware. It still does that, but the company is adding predictive analytics to its cloud-based product as well.
This means that Wedge, running in the cloud, can monitor the actions of endpoints on the network for signs of malware. Where once it used to block the actions of malware when it detected its signatures, now it can watch for activity that may be signs of malware before any actual infection takes place. Again, malware may still get into the network, but it won’t be able to actually do anything because it will be detected and disabled first.
The scale of growth in network capacity is such that what was once a local or perhaps a limited problem can quickly become global in scale overnight. The vast capacity of these new networks also means that they have become vast doorways that hackers and malware can enter. Because of today’s network speeds, bad things can happen almost instantly.
As you might expect, the problem isn’t going away. Demand for connectivity of all sorts is not going away either. This means that networks are only going to get bigger and will carry more data at ever higher speeds. Fortunately, security companies and the companies that run these networks understand security problems better than ever. Now all they have to do is keep up.