NETSCOUT SYSTEMS has revealed their predictions for emerging trends in cybersecurity in 2023. According to NETSCOUT, technological developments in artificial intelligence (AI), machine learning (ML), cloud computing, DDoS suppression systems, and threat detection and response technologies will have a significant impact on the cyber security sector in 2023.
Emad Fahmy, Systems Engineering Manager Middle East at NETSCOUT, explained, “In today’s interconnected world of constant innovation in IoT, AI, and ML technologies, the threat landscape is ever evolving. With attackers continuously adapting and developing their vectors and tactics, it is crucial for security professionals to alter their thinking, understanding, and defense methodologies in order to effectively counteract this rapidly expanding threat landscape.”
Machine Learning and Artificial Intelligence
Almost every day, significant advances are made in artificial intelligence (AI) and machine learning (ML), as their applications across businesses, industries, and for various purposes continue to expand. This is evident from resources such as Quillbot and ChatGPT, among others, which demonstrate the rapid evolution and expansion of AI and ML in recent months. Within cybersecurity, AI and ML technologies for threat hunting will continue to improve this year and are likely to become more integrated into threat-hunting tools.
Cloud computing and the Internet of Things (IoT) continue to expand. Although cloud computing has been around for many years, an increasing number of businesses are utilizing it for production workloads as opposed to simply using them for prototyping. These production workloads necessitate performance and security monitoring to prevent data theft and modification on the cloud. As attacks on cloud-based services continue to rise, security monitoring of these resources will become increasingly vital.
The need for DDoS suppression methodologies will continue to grow in 2023. This is due to the fact that DDoS attacks themselves are now adaptive, with adversaries performing extensive pre-attack reconnaissance to identify specific weak points. Attackers are also using botnet nodes and reflectors/amplifiers that are topologically adjacent to targets, minimizing the administrative boundaries that DDoS attack traffic must traverse and reducing opportunities to stop such attacks.
By implementing adaptive DDoS defenses at all edges of their networks, including directly within peering and customer aggregation points of presence (PoPs), network operators can suppress DDoS attack traffic as it ingresses at multiple points across the entire network edge, or before it ever converges into a large-scale attack. By implementing edge-based attack detection, intelligent DDoS mitigation, and network infrastructure-based mitigation techniques at all network ingress points, operators can implement adaptive DDoS suppression systems that scale to counter DDoS attack capacity and adversary innovation.
Threat Detection and Response
Endpoint/network detection and response (EDR/NDR) technologies are continuing to evolve, integrate, and combine into what is now commonly referred to as extended detection and response (EDR/NDR).
Although EDR is a well-known and valuable tool, it does have some shortcomings. Due in part to EDR’s market maturity, threat actors have developed a variety of evasion techniques. EDR is challenged by polymorphism, fileless malware, stealth exfiltration via trusted protocols, and other current approaches. In addition, the attack surface has grown tremendously as a result of IoT, software as a service (SaaS), bring your own device (BYOD), serverless apps, fifth-generation wireless (5G), and other factors.
To fill the gaps, most organizations are now turning to NDR as everything eventually must traverse the network, leaving threats with fewer hiding places. It is impractical to install EDR on every connected device (think Internet of Things), but since all of these devices require a network connection, the network is the most obvious location for detection and response. Packet manipulation is far more difficult to implement usefully, and even encryption is a challenge that can be overcome at the network level. Additionally, NDR is more scalable because it can be strategically placed for optimal visibility. Analysis of network packet-derived metadata is extremely fast and makes it easy to conduct initial investigations. Packets can potentially expose all activity, including the exfiltrated data.