Trending Security Concepts in 2023: SBOM, Service Mesh, SASE, and More
Every year, the number of cyber attacks increases as threat actors keep finding more vulnerabilities to exploit, devising more sophisticated attacks, using new and improved technologies to launch attacks that cause immeasurable damage.
Check Point research reveals a 28% increase in global attacks during the third quarter of 2022 compared to the third quarter of 2021, with the average weekly attacks per organization worldwide reaching over 1,130. According to the UK government, in November 2022 alone, 95 security incidents occurred, during which 32,051,144 records were breached. For example, 130 of Dropbox’s private GitHub repos were copied due to a phishing attack, an attempted cyberattack caused Internet shutdown at Albany schools, and another cyberattack disrupted Mexico’s transportation system.
These cyber attacks used common techniques such as phishing and malware, while others used more sophisticated techniques like ransomware and DDoS. The increase in successful attacks demonstrates the importance of improving the security posture of organizations worldwide, using tools that protect against supply chain and cloud threats as well as insider threats and malicious adversaries. This article provides an overview of key security concepts that could help improve cybersecurity in 2023.
Trending Security Concepts in 2023
SBOM
A software bill of materials (SBOM) lists all components included in a certain software. It provides visibility into the components that comprise a software, including open source software, third-party libraries, and dependencies. Here are key benefits of SBOM:
- Identify open source software: Generating an SBOM can help organizations discover all open source software components within their product. It provides visibility into licensing and compliance and helps determine if the product includes known vulnerabilities in specific open source software.
- Discover potential supply chain threats: Organizations can use an SBOM to determine whether they have included a vulnerable or outdated third-party component in their software. This information helps make informed decisions about these components, and apply patches or remove components before attacks could occur.
Organizations usually employ a software composition analysis (SCA) tool to automatically generate an SBOM. These tools scan the codebase to identify components and provide a list of all components, providing additional capabilities to help secure the codebase. Common SCA capabilities include continuously monitoring the code and vulnerability scans.
SASE
Secure Access Service Edge (SASE) solutions deliver security and networking capabilities through one pane of glass. Most solutions combine both traditional network security functions, such as secure web gateways (SWGs) with software-defined wide area networking (SD-WAN) and advanced security capabilities.
SASE solutions aim to provide secure and reliable connectivity for devices and users, regardless of device type, location, or network connectivity. Most SASE solutions combine network security functions, such as firewalls, zero trust, and intrusion prevention systems (IPS), with cloud-based networking services like SD-WAN.
SASE solutions use a cloud-based infrastructure to deliver secure connectivity, using various capabilities, such as SSL (secure sockets layer) tunnels, direct connections to cloud platforms, zero trust network access (ZTNA), and cloud access security brokers (CASBs). Additionally, a SASE infrastructure includes security functions, such as data loss prevention (DLP), to help protect against threats and ensure the integrity and confidentiality of data.
Service Mesh
A service mesh can manage the communication between individual services in a microservice-based application. It decouples the network logic from the application or business logic of each microservice to implement and manage it consistently across the entire system.
A microservice architecture splits a system into individual services that work together, meaning the application consists of many autonomous services that perform different functionalities. It is critical to configure this properly because the application’s performance depends on the ability of the services to work together and share data.
Microservices communicate via APIs. Traditionally, load balancers handle microservices communications, but this technique does not work well on a large scale due to deployment and cost issues. A service mesh solves these issues by providing a networking layer with a centralized registry (control plane) that manages all services with sidecar proxies, which are easier to configure and scale than load balancers.
A service mesh provides various features that can boost security by:
- Encryption: A service mesh can automatically encrypt traffic between service instances using industry-standard protocols such as TLS. This ensures that sensitive data is protected as it travels across the network.
- Authentication and Authorization: A service mesh can provide authentication and authorization mechanisms to control access to the services. This can be done by using mutual-TLS or other mechanisms like JWT tokens, OAuth2, etc.
- Access Control: A service mesh can provide fine-grained access control to restrict access to specific services or specific methods within a service. This allows you to enforce the principle of least privilege and limit the attack surface of the application.
- Segmentation: A service mesh can provide network segmentation capabilities to isolate different parts of the application and limit the blast radius of a security incident.
Extended Detection and Response (XDR)
XDR is a threat detection and incident response solution that delivers several security products through one platform. The solution aggregates data from an IT environment, including on-premises and cloud workloads, to identify and investigate threats across the entire network.
XDR aims to deliver comprehensive threat detection and response while minimizing complexities and costs. The solution correlates event information from multiple data streams and combines them with threat intelligence and contextual data to reduce the number of false positives and low-quality alerts.
Organizations can leverage XDR to detect known and unknown attacks in real-time and automate investigations to save time for security personnel. Additionally, many XDR solutions provide proactive technologies, including machine learning and behavioral analytics, to help identify new and sophisticated threats and trigger automated security responses to enable effective threat identification and mitigation.
Conclusion
In conclusion, as cyber attacks increase in frequency and sophistication, organizations worldwide must strengthen their security posture. Cybersecurity is no longer something remote that concerns big organizations. Rather, 2022 has shown that threat actors are increasingly targeting government agencies, healthcare services, public transportation, and even schools. Using SBOM lists to prevent supply chain attacks, XDR to protect against insider threats, and SASE solutions to strengthen remote connectivity, organizations can improve their resiliency against the ever-evolving threats landscape.
Author Bio: Gilad David Maayan
Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Check Point, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership. Today he heads Agile SEO, the leading marketing agency in the technology industry.