Taking it to the cloudHowever, to truly scale for future traffic and access demands across multiple types of devices (of which organizations may or may not have control), Wilson says cloud-based services will ultimately make more sense.
“No one today can protect every device and every platform sending traffic into their enterprises, particularly when you consider the pace of device turnover,” he says. “A higher-level trend is to force traffic through the cloud where it is processed and scanned for threats, rather than inside the protected network.”Consider also that future devices will likely be IPv6, since IPv4 addresses were fully allocated in February 2012.
“Each device using IPv6 will have multiple IP addresses,” says Nancy Jin (left), product manager of the wireless networking business unit at Cisco. “This is different from IPv4, and can create challenges with monitoring and visibility.”
Distributed denial-of-service (DDoS) attacks are already being carried out through IPv6 traffic, says Jin. If they aren't already capable of seeing into IPv6 traffic, network management and security systems will need to be upgraded as soon as possible to support this new protocol. Otherwise, as has been proven in many reported examples, payloads can be tunneled in through encrypted IPv6 traffic without any visibility into the threat.
Network visibility, optimization and acceleration technologies continue to improve to support the massive data and traffic scanning demands today. Mykonos' Koretz says it's only a matter of time before the model of deep scanning and inspection into what has come to be called Big Data will no longer scale.
He adds that today's Big Data monitoring and correlation technologies are not catching advanced persistent threats (APTs), so, he asks, how are they going to handle tomorrow's problems?
“Smart rooms, white boards, copiers and building control systems can all be connected across a hundred sites, so the benefits of massively simplified management of devices will outweigh security concerns,” says Koretz. “That means companies [like Juniper] will be protecting a much larger ecosystem of network types and traffic. To do that, we've got to start thinking outside of the box.”
Connected: Control systemsLast semester during a class exercise, students of DePaul University's cyber security and control systems course used open source information to identify the following connected control systems that could be exploited:
Ships, airplanes, fresh water, waste water, farm mass poultry, milk and cheese production, farm equipment, grain storage, flour milling, food processing, steel manufacturing, automobile manufacturing, bottled products, passenger automobiles, tractor-trailers, heavy rail (train), amusement parks, natural gas pipelines, natural gas storage, electrical substations, generating facilities, control centers, smart grid, oil refinery, oil wellheads, oil pipelines, LEED-certified buildings, chemical production, building HVAC, traffic lights, light rail (public transit), satellites, fire suppression, emissions monitoring, NOAA weather buoys, traffic monitoring, port cranes, construction equipment, hospital equipment, and weapons.
Photo caption: Some insulin pumps are vulnerable to hacking, according to Barnaby Jack, a security researcher for McAfee. Photo by David Paul Morris/Bloomberg via Getty Images