Fighting ransomware, watching for deepfakes, and implementing network segmentation in complex enterprise environments are top-of-mind issues for today’s security practitioners. New approaches are needed, says Cisco exec. Credit: Shutterstock The networks that enable today’s hyper-distributed enterprises face persistent and emerging security challenges. One of those challenges is ransomware. While it’s not a new problem, “attacks are getting more and more sophisticated,” said Neil Anderson, vice president of cloud, infrastructure and AI with technology services provider World Wide Technology. “On any given week, some of our customers are being attacked or have been breached – it’s very frustrating that this issue hasn’t gone away.” The key to fighting a ransomware attack is to be well prepared – “like the sports analogy, you need to build muscle to fight back effectively,” Anderson said. “You have to know how to recover before you recover. So, if you didn’t practice a response to a ransomware attack, you are not going to be prepared for one.” Threat actors engaged in data theft in about 70% of ransomware cases as of late 2022, according to a Palo Alto Unit 42 report. By comparison, the firm saw data theft in only about 40% of cases in a mid-2021 analysis. Extortion tactics include threats to leak stolen data on dark web sites, as well as harassment of individuals in an organization, often in the C-suite, via threats and unwanted communications. The idea of attackers using AI and deepfakes to trick facial recognition programs and infiltrate systems has also raised enterprise concerns. Multiple published reports, including one from CNN, told of a finance worker at a multinational company who was duped into transferring $25 million to fraudsters who used deepfake technology to pose as the company’s chief financial officer in a video conference call. “So now, one of our hot topics is how to detect such fraud – our AI security team is all over it right now,” Anderson said. Network segmentation can help shore up enterprise security Customers have to begin with the idea that attackers are already in their networks, said Jeetu Patel, executive vice president and general manager of Cisco security and collaboration, at the recent Cisco Live customer event. “When attackers are in the system – and many are already infiltrated – the name of the game is preventing and containing lateral movement,” Patel said. “What do we need to do in order to contain lateral movement? We need to take security, melting [it] into the fabric of the network, so that we have distributed enforcement points. Every single place that could be exposed, we need to put a little bit of a mini security stack in there to stop the spread,” Patel said. But that’s not a simple task for security practitioners. “The first challenge is that segmentation is really hard. Because if you’re thinking about protecting lateral movement, you have to contain the lateral movement by segmenting the attacker from making too many hops,” Patel said. “It was pretty easy to do segmentation when you had a three-tiered architecture, and every tier of the architecture ran on a dedicated piece of hardware. But now when you have a completely distributed environment, with thousands of microservices running on hundreds of Kubernetes clusters of containers, and VMs, it gets to be extremely difficult to go out and do any kind of segmentation rules in any kind of efficient manner.” Another issue is enterprises’ response time after a vulnerability is announced or an exploit happens. There’s a window of time when an enterprise is exposed, before it deploys a patch for a vulnerability that has been announced, Patel said. “Now, it’s one thing to go out and patch infrastructure that you have within your organization. But what about things that you need to patch outside of that data center that might not even be designed to be patched?” “We have to make sure that there are different ways that we can solve these problems much more quickly than the way that we’ve been trying to do this for the past 20 years,” Patel said. The idea that security will be baked into core networking components, such as switches, routers or servers, is the goal of Cisco’s recently announced AI-based Hypershield architecture. Hypershield promises to let organizations autonomously segment their networks when threats are a problem, gain rapid exploit protection without having to patch or revamp firewalls, and automatically upgrade software without interrupting computing resources. Related content news Alkira expands NaaS platform with ZTNA capabilities Network-as-a-service vendor Alkira looks to extend security down to user policies and posture for a full zero-trust approach. By Sean Michael Kerner Oct 23, 2024 6 mins SaaS Network Security Networking news IBM launches platform to protect data from AI and quantum risks The SaaS-based Guardium Data Security Center provides unified controls for protecting data across distributed environments, including hybrid cloud, AI deployments and quantum computing systems. By Michael Cooney Oct 22, 2024 4 mins Generative AI Hybrid Cloud High-Performance Computing analysis Gartner: Top 10 strategic technology trends for 2025 Agentic AI, post-quantum cryptography, AI governance, and hybrid computing are among the most pressing and potentially disruptive trends that enterprises are facing, Gartner reports. By Michael Cooney Oct 21, 2024 8 mins Generative AI Edge Computing Network Security analysis Has the time come for integrated network and security platforms? Platformization buy-in has been elusive in the past, but AI could be the impetus for enterprises to give new consideration to the idea of a consolidated network and security platform. By Michael Cooney Oct 21, 2024 5 mins SASE Generative AI Network Security PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe