The growth of remote and hybrid work has placed incredible pressure on network and security professionals, rewriting traditional notions of network traffic flows and forcing a rethink of how data is secured when moving both within and outside of corporate networks.

What was once a story of users mostly accessing applications and data via 'east-west' traffic flows within corporate networks has given way to greater 'north-south' traffic as users accessed those same resources remotely.

At the same time, the growth of remotely hosted SaaS and other cloud applications has forced a rethink of security protocols between corporate network assets and third-party providers.

While this need is being mostly addressed by private networks and data encryption, a significant problem still exists when connecting users to these assets from outside the corporate network.

At the same time, network professionals are contending with the idea that for many, the question of falling victim to a breach is not so much a question of 'if' but 'when', leading to greater consideration of how to limit lateral movement when defences are breached.

Securing the north-south rush hour

Even now, as employers struggle to attract (or force) workers back to the office, security professionals are scrambling to protect against vulnerabilities that simply never existed when everyone was securely behind the firewall.

And they might find themselves continuing to consider this new north-south traffic for the foreseeable future, with Gartner's Outlook for Network Security, 2023 rating hybrid work as a durable trend. Gartner reports that while the remote worker percentage decreased in the past year, the overall hybrid worker percentage grew faster than the in-person worker percentage, meaning that security professionals must continue to protect people and resources, wherever they are.

While many organisations initially responded to the work-from-home challenge by utilising virtual private networks (VPNs) to provide secure north-south connectivity for users, these have fallen out of favour due to poor speeds and scalability issues.

The result has been massive growth in the uptake of SD-WAN as a way to provide secure gateways into on-premises services or clouds.

In late 2022 MarketsandMarkets predicted the global market for SD-WAN would grow from US$3.4 billion in 2021 to US$13.7 billion by 2027.

The quest for more robust network solutions has led many security professionals to explore more comprehensive solutions, such as SASE (Secure Access Service Edge) technology, which uses cloud-based services to deliver a range of service capabilities including SD-WAN, secure web gateways, CASB (Cloud Access Security Broker), and Zero Trust Network Access (ZTNA).

Gartner expects enterprise spending on SASE to grow swiftly in 2023 and 2024, with the 2023 Gartner CIO and Technology Executive Survey finding 40 percent of respondents had the intention to deploy SASE within the next 12 or 24 months. This translates into big opportunities for technology providers, with Research & Markets reporting the global SASE market will grow in value from US$1.9 billion in 2023 to US$5.9 billion by 2028.

However, successful implementations of SASE remain limited, and network professionals report that the promise of SASE is often difficult to realise when applied in complex heterogeneous environments.

Instead, many are concentrating on specific components of the overall SASE offering, such as ZTNA, which MarketsandMarkets projects will reach a market size of US$60.7 billion by 2027.

One Australian organisation that is well progressed in its zero-trust journey is the advanced research and education network provider AARNet, where chief information security officer Charles Sterner said ZTNA was being rolled out across the organisation.

"AARNet has always had a rather distributed workforce as a national organisation and we have had various ways of supporting the requirements of remote working," Sterner said.

"This was put to the test much like it was for most other companies during Covid, and helped accelerate security initiatives to deliver a remote work experience that provides uniform security protections regardless of location. This includes uplift to several controls, and delivery of outright new capabilities across network, asset, authentication, and applications.

"We’ve aligned this effort to our risk register, where treatment plans articulate how and where these capabilities will be leveraged to bring our risk into an acceptable threshold."

AARNet's strategy has included the rollout of a new VPN and the redesign of its secure operating environment.

Importantly, Sterner has also looked inside AARNet's network to ensure critical assets are secure, including the implementation of network segmentation.

Gaining east-west visibility

The interest in segmentation has emerged from the needs of security professionals to find ways to limit the damage a bad actor can do, should they find a way into the corporate network. By breaking the networks into smaller subnetworks with appropriate access management solutions, security professionals can reduce the ability of attackers to move laterally between systems, limiting the blast radius of a successful attack.

According to Gartner, the growing interest in minimising the damage from successful attacks is also fuelling interest in network detection and response (NDR) solutions, which apply behavioural analytics to network traffic data to detect abnormal system behaviours.

NDR can detect and contain malicious post-breach activity such as ransomware, insider threats, or suspicious east-west data movements by continuously analysing raw network packets or traffic metadata.

According to Gartner, NDR complements rules and signatures technologies by creating heuristic models of normal network behaviour and using these to spot anomalies, and the market is growing at a steady at 22.5 percent annually.

According to Sterner, these technologies form a critical component of AARNet's future cyber defence strategy.

"We leverage next-generation firewall (NGFW) capabilities, where the line is blurred on NDR versus traditional players, but certainly we have capabilities in this space that are core to our security uplift program," Sterner said.

Secure intelligence

The growth of NDR is also accompanied by rising interest in the concept of extended detection and response (XDR), which makes use of artificial intelligence (AI) to help find indicators of attacks.

The overall effect of AI is growing through all aspects of network security and is heavily represented in the literature of security vendors, where it is spruiked as boosting visibility and understanding of user and traffic behaviour within networks.

For Sterner, AI holds great promise for enhancing user entity and behaviour analytics (UEBA) – something that is already in heavy use at AARNET – and in the near future, for red/purple teaming.

"We work closely with our vendors to understand their capabilities and leverage these where they make sense," Sterner said.

"Sorting through the market noise is a challenge, but there are material things developing that will likely remake the security industry and threat landscape soon.

"Adversarial use of AI for various nefarious activities will drive a level of innovation in the industry we haven’t seen for some time."