As businesses and economies emerge post-pandemic, Information Technology (IT) and Security Practitioners are becoming increasingly conscious of preparing themselves to anticipate, detect, analyse, and counteract cyber threats. Embracing and adopting emerging technologies can be a business enabler for organisations to better understand and transform the effects of:
- Reputational damage to business branding and valuable customer loyalty
- Disruption to around-the-clock, business-as-usual (BAU) operations and impacts to revenue streams
- Legal implications, penalties and financial obligations from regulatory bodies and government
From IT administrators to experienced cyber security engineers – regardless of where you are in your cyber security career – the following emerging cyber security technologies are worth learning, evaluating and implementing, whilst aligning the most appropriate security controls to processes in your organisation.
1. Security Access Service Edge (SASE)
The huge portion of employees adopting work-from-home as part of their daily routine is overwhelming the traditional corporate service edge, typically implemented via a Virtual Private Network (VPN). Users now access, create and share data on cloud applications with multiple credentials. Additionally, users require collaboration with third parties, which results in their work being serialised within browser and mobile applications. These behaviours introduce new attack surfaces, a proliferation of vulnerabilities, risk of identity theft, and the exposure of sensitive data.
The recommended function and capabilities in Security Access Service Edge technology with proper implementation should allow:
- Remote browser isolation: Resulting in the decoupling of the end user browser experience and the actual web application code execution
- Network sandboxing: An isolated environment protecting against zero-day vulnerabilities and ransomware
- DNS protection: Prevention from attacks such as DNS poisoning
- API-based access to SaaS for data contextualization and identity management
- Support for corporate managed and unmanaged devices: A framework for security in an anywhere and anytime network environment
- Web application and API protection: Open Systems Interconnection (OSI) application layer 7 protection – providing risk-based automatic prevention, detection and response
SASE technologies require a good knowledge of networking, cloud computing, identity access management (IAM), data privacy, and Bring Your Own Device (BYOD) security, which vocational cyber security training can equip you with to be effective in cyber security architecture and engineering.
2. Cloud-based Web Application and API Protection (WAAP)
More companies are adopting a multi-cloud strategy to accelerate their cloud migration and expansion. Today, workload provisioning and workflow automation are implemented by code-based Application Programming Interfaces (APIs) – across both public cloud and private cloud data centres. The execution of these APIs should be monitored continuously for errors and malicious intentions. WAAP creates security capability throughout the whole development life cycle. A modern WAAP will typically cover:
- Support the Continuous Integration and Continuous Development (CI/CD) methodology through continuous vulnerability management and OSI layer 7 protection in the development, testing, staging and production environments
- Sophisticated Web and API attacks such as web skimming / form-jacking invoked by API calls
- Correlation and automation services to assist in protecting organisational reputation by reducing bot traffic and preserving cloud resources for productive customer traffic
- Built-in anti-DDoS protection and Content Distribution Network services for improved user-experience
With the increasing speed of app releases in APAC, emerging Web Application and API Protection technologies will enable cyber security professionals to bolster their automation and detection capabilities – whilst fine-tuning security rules against common servers and databases (IIS, SQL, NoSQL, MongoDB etc.).
The best approach for aspiring cyber professionals is to learn about WAAP tools in a hands-on demo environment, with data dashboards enriched by real-life case studies. Dealing with configurations and vetting false positives will be part of the journey as you build experience with these tools.
3. End Point Detection and Response (EDR)
The traditional method of signature-based antivirus (AV) is struggling to cope with the complexity of today’s cyber criminals, who use a combination of techniques, often with months spent in the cyber kill chain to achieve their targeted attack. With end-users increasingly provisioned more privileges to access corporate data, servers and cloud applications, an exploit kit deployed to an end-user can quickly result in Command and Control (also known as C2) by a threat actor to launch a persistent attack.
End Point Detection and Response technology can be leveraged to detect and respond to security events, providing greater defence to an end-user computer. With EDR, employing behaviour analysis is possible for all incoming files, code, application runtime, system patches, communication protocols and even memory addressing schemes. Implementation of an EDR solution will require knowledge of operating systems such as Windows, Linux and Unix. Some of the benefits of EDR are:
- Elimination of mass-scale, time consuming signature updates
- Natively monitoring the operating system kernel for any zero day exploits
- Ability to trace and contextualize seemingly separate system events into alerts with different severity ratings
- Automatic remediation of suspicious events with process shutdown and network containment
- Incident data can be mapped to industry data breach exchange formats (such as the MITRE ATT&CK Matrix) and on to cyber security specialists or law enforcement
Cyber security students and specialists will benefit from understanding this growing defence technology. Vendors often have learning collateral or provide education through scenario-based training – this can extend a defensive mindset to threat-hunting and security engineering skillsets.
4. Privileged Access Management (PAM)
Cloud adoption often sees the creation of multiple access credentials across organisations, at times leaving access compliance and policies inadequately adhered to. Across APAC, the many varying data privacy governance and data breach disclosure laws are not unified, presenting a constant challenge to businesses that operate across different jurisdictions.
The confronting reality is that threat actors and their activities are unbound by geographical and geopolitical limits. Assisting organisations face the hard task of IT and Information Security Governance on access management, PAM provides a robust system that can be integrated to enforce policy for privileged access, such as an administrator needing to access servers and their application environments. Some of the ways that PAM can be put into practice:
- Managing access groups and security groups via the cloud
- Design functional accounts and managed system accounts
- DevOps integration using Python scripts to automate PAM
- Enforce a password policy and access policy for the super user, system administrator, developer and contractor role types
- Provide recording and log evidence to help meet different compliance requirements
Privileged Access Management (PAM) is an area of cyber security that often includes development programs and projects, subject to easy oversight due to size and complexity. This can result in mismanagement and consequently cyber incidents like data breaches. Cyber security students and professionals can extend their skills through learning about access controls, policy, identity and access management, and compliance requirements.
5. Security Orchestration, Automation, and Response (SOAR)
It’s not uncommon for the numerous technology choices, such as those listed above, to cause alert fatigue, ‘big data headaches’ or even ‘dashboard fever’ for the IT or security team. The good news is that machine learning algorithms have been developed to help cyber security practitioners to streamline the data flow and triage process. As such, we’re seeing the data streams aggregated, piped, normalised and tagged for human understanding. Moreover, historical searching and cloud-based threat intelligence resources can be used to compare and enrich logged events for security triage processing.
Generally, having programming skills in languages like Python will be very useful when it comes to working in a Security Operations Centre (SOC) with Security Information and Event Management (SIEM) tools that are ingesting logs and require making queries among different security systems.
SOAR technologies provide security orchestration and automation of actions, typically built from playbooks that follow a pre-defined set of rules and subsequent actions, including remediation where permissions and system functionality permit.
The perception is often that only large organisations can adopt SOAR technologies but there is opportunity for Small-Medium Businesses (SMB), and even Not for Profit (NFP) organisations that have very limited cyber knowledge, to implement SOAR capabilities. Some of the highlights of this automated approach are:
- Security orchestration across log collection, triage, alerts and event handling
- Low code object-oriented playbook canvas and incident handling execution
- Create and monitor KPIs for visibility into the incident management life cycle
- Case management with a third-party or outsourced cyber security / digital forensics specialist
- Threat intelligence overlay that can construct predictive insights on possible underway or imminent attacks
Working with SOAR technology is often a delegation to a cyber security analyst or a security engineer. Preparing for a role like this means not limiting yourself to just being able to read raw log data but further forming the ability to construct an animated picture of security events and incident runtimes to clients, management or stakeholders.
With today’s rapid digital progression comes an ever-increasing threatscape and new levels of sophistication in cyber attacks. To be able to handle cyber threats on the job, you’ll need to start by becoming educated in the fundamentals, adopting a lifelong learning mindset, and connecting theoretical knowledge with real-world practical use cases. So whether you’re just getting started in the cyber industry or already qualified and working in a cyber security industry role, continuing to be curious and learning about emerging technologies is a professional trait that will increase your value in the cyber security job market.
Click here to learn more about our job-focused Cyber Security Training Program.
Industry contributor: Raymond Lin | Lead Solution Architect – Security | BT – Global Services – AMEA region