In the waning days of 2014, Adam Hils of Gartner published a series of predictions: 2015 Network Security Predictions: 8 Things That Won’t Happen. It was a thoughtful and provocative piece. While we agree with many of what was written, there are 4 points in the beginning of the blog worth taking time to comment on.
1. “In 2015, the network perimeter will not disappear.”
If the network perimeter (which I would classify as the WAN edge of the Data Center or Public Cloud) is not going away, it certainly is becoming less relevant, as many of the security challenges facing the enterprise arise inside the perimeter. Think of the network edge as a military base: you need basic credentials or a guest pass to get in, but that doesn’t allow you to go into any building on the base.
Context is the becoming the new perimeter: the coarse perimeter isn’t going away, but its lack of context to what is behind it makes it insufficient.
If you are moving in public cloud—AWS, Google Compute, Azure—you are killing the perimeter.
2. “SDN security will not be deployed by many enterprises.”
SDN (including network virtualization) was not pioneered explicitly for security, but for dealing with the operational efficiency and cost constraints of networking, as well as the lack of enterprise networking capabilities in the public cloud.
Context is becoming the new perimeter: the coarse perimeter isn’t going away, but its lack of context to what is behind it makes it insufficient.
The network plays a role in security, but because it is network, it is only one point. SDN chasing security is a solution chasing a problem.
3. “Virtual firewalls will not comprise >5% of new purchase revenue in the network firewall market.”
Einstein noted “the definition of insanity is doing the same thing over and over and expecting different results.” The challenges of perimeter firewalls are not remediated by running them on someone else’s hardware or operating system.
The issue of physical vs. virtual firewall is a replay of the “revenge of the box huggers.” Both models have 3 key challenges:
- Operations: Requires complex and fragile traffic steering and enormous administration.
- Policy debt: Building rules on IP addresses is an example of complexity building on complexity.
- Broken architecture: N-tier applications cross data centers and public cloud boundaries. Firewalls do not.
4. “IPS functionality will not commoditize or disappear.”
The IPS issue is real, but I would argue it is not going away. Compliance requirements have led to a long and steady life for this technology (as Mark Twain noted: “The reports of my death have been greatly exaggerated).
There are opportunities to both make IPS more effective as well as break down the barriers between IPS and APT approaches.