In response to the pandemic, IT leaders in EMEA are now investing more in cloud-based and AI-powered networking technologies as business recovery plans take shape, according to research from  Aruba, a Hewlett Packard Enterprise company.

The findings in a new global report ‘ Preparing for the post-pandemic workplace’ suggested that IT leaders are responding to the challenges associated with enabling a highly distributed workforce and the emergence of the hybrid workplace – with people needing to move seamlessly between working on campus, at home and on the road – and as such are looking to evolve their network infrastructure and shift away from CapEx investments towards solutions consumed ‘as a service’.

The average proportion of IT services consumed via subscription in the UAE will accelerate by 49% in the next two years, from 39% of the total today to 58% in 2022, and the share of organizations that consume a majority (over 50%) of their IT solutions ‘as a service’ will increase by approximately 56% in that time.

“The emergence of the hybrid workplace is pushing IT leaders to deliver a delicate balance between flexibility, security and affordability at the edge,” said Jacob Chacko, Regional Business Head – Middle East, Saudi & South Africa (MESA) at HPE Aruba. “The workplace as we knew it has significantly changed and to support new norms such as social distancing and contactless experiences, office locations need to have the right technology in place to offer enterprise-level connectivity, security and support. All this must be done in an increasingly challenging financial environment which is spurring the trend for IT decision-makers to opt for the reduced risk and cost advantages offered by a subscription model.”

The report, which surveyed 2400 ITDMs in over 20 countries including the UAE and eight key industries, looked at how they have responded to IT and business demands in the wake of COVID-19, what investment decisions are being made as a result, and the consumption models now being considered. A number of key findings stood out:

IMPACT OF COVID-19 HAS SIGNIFICANT IMPLICATIONS

ITDMs report that the impact of COVID-19 has been significant both on their employees and short-term network investments:

• In the UAE, 25% describing the impact on their employees as ‘significant’ (widespread furlough or layoffs), while 43% considered it ‘moderate’ (temporary reductions in some functions), and 23% ‘low’ (very few jobs impacted).
• In EMEA, Russia (27%), UAE (25%), Sweden and France (both 24%) ranked highest in terms of ‘significant’ impact with Spain (13%) and The Netherlands (15%) significantly lower.
• 86% of organizations in the UAE said that investments in networking projects had been postponed or delayed since the onset of COVID-19, and 31% indicated that projects had been cancelled altogether.
• Project cancellations were highest in Sweden (59%) and lowest in Italy (11%), project showing there are also significant disparities between countries within the same region, while 37% of ITDMs in education and 35% in hotels and hospitality globally said they have had to cancel network investments.

A POSITIVE OUTLOOK: INVESTING FOR EMERGING NEEDS

By contrast, future plans are aggressive, with the vast majority of ITDMs planning to maintain or increase their networking investments in light of COVID-19, as they work to support the new needs of employees and customers.

• 38% of ITDM’s globally plan to increase their investment in cloud-based networking, with 45% maintaining the same level and 15% scaling back. The APAC region was the global leader with 45% stating increased investment in cloud-based networking compared to 32% in EMEA, and 38% in UAE and rising to 59% among ITDMs in India. With cloud solutions allowing for remote network management at large scale, these capabilities are particularly enticing for IT teams when being on-premises is not possible or challenging.
• ITDMs are also seeking improved tools for network monitoring and insight, with 34% globally planning to increase their investment in analytics and assurance, 48% indicating that they will maintain their level of investment and 15% reducing it. This allows IT organizations to troubleshoot and fine-tune the network more efficiently, as demands on it are augmented by a distributed workforce. 
• There is also an emphasis on innovative technologies that simplify the lives of IT teams by automating repetitive tasks. We found 35% of ITDMs globally are planning to increase their investment in AI-based networking technologies, with the APAC region leading the charge at 44% and EMEA and the Americas both on 30%.

ADOPTION OF NEW CONSUMPTION MODELS IS ACCELERATING

As ITDMs shape their investment plans, they are looking at alternative modes of consumption to achieve the best balance of value and flexibility.

• 62% in UAE say they will explore new subscription models for hardware and/or software, 58% managed services for turnkey hardware/software and 41% financial leasing – all as a result of the impact of COVID-19. This reflects the increased need for more financially flexible models in a challenging environment.
• Networking subscription models are more popular in APAC (61%) than in the Americas (52%) or EMEA (50%), and at a country level the highest demands are in Turkey (73%), India (70%) and China (65%).
• The global industries most likely to be considering the subscription model are hotels/hospitality (66%), IT, technology, and telecom (58%) and education (57%). The impact of COVID-19 on IT behavior has made the desire for flexibility and predictability in spending, while reducing risk from initial capital costs, greater than before.
• In stark contrast, just 8% globally plan to continue with only CapEx investments, though the proportion is higher in the Netherlands (20%), US (17%), Spain (16%) and France (15%). Across industries, 15% in retail, distribution and transport will continue to focus solely on CapEx investments, versus just 5% in education and IT, tech, and telecoms, and 2% in hotels and hospitality.

“Customers and employee needs have changed so comprehensively in recent months, it’s no surprise to see IT leaders seeking more flexible solutions,” says Chacko. “The need for agility and flexibility in network management is greater than ever and it is now mission critical to ensure that businesses reduce complexity in the network to ensure the secure and seamless experience that users demand.”

“The pandemic has caused many organisations to rethink their IT infrastructure investment to build business models that are agile, adaptable and fit for purpose. While there may have been an initial negative impact on ongoing projects, it is encouraging to see that there are firm medium term plans in place to invest in advancing network technologies enabled by more flexible models of consumption that limit up-front capital demands,” he said.

By John Maddison, EVP of Products and CMO at Fortinet.

Secure Access Service Edge (SASE) is an emerging enterprise strategy that incorporates multiple solutions to enable secure remote access to on-premises, cloud-based, and online resources. Unfortunately, there has been a lot of hype that has left some organizations wondering what exactly SASE is. Understanding the basic concepts and components of SASE is important, as the benefits can be significant for many organizations. Fortunately, getting to the bottom of this is easy, as many of the fundamentals of SASE – such as bringing networking and security together– are trends that customers have been gravitating to for years. However, it is still critical to properly define SASE up front in order to avoid adding complexity or worse, missing the true value of SASE at all.

Security Everywhere

Today’s organizations require immediate, uninterrupted access to the network and cloud-based resources and data, including business-critical applications, no matter where their users are located. The reality is that consumption patterns are changing due to the implementation of 5G, cloud migrations, sustained work from home, and similar outcomes from digital innovation efforts. This has transformed the traditional network to a network of many edges.

At the same time, these dynamically changing network configurations, and the rapid expansion of the attack surface, means that many traditional security solutions no longer provide the level of protection and access control that organizations and users require. In this environment, security has to be delivered anywhere from any place, at any time, and for any device – the WAN Edge, Cloud Edge, DC Edge, Core Network Edge, Branch Edge, and Mobile Remote Worker Edge. This requires the convergence of traditional and cloud-based security, as well as deep integration between security and fundamental networking elements.

Accurately Defining SASE

SASE is designed to help organizations secure these new distributed networks. However, as with any emerging technology category, there is still some uncertainty about what precisely a SASE solution means—and what technologies are included. In addition, vendors are attempting to redefine this market in ways that best reflect their current offerings – which means that some elements are being overemphasized and others, often essential elements get overlooked. Unfortunately, some market definitions of SASE already include important omissions that are leaving some organizations confused about how to best select, implement, and manage the right sort of solution for their unique environments.

Not Just Cloud

SASE is generally classified as a cloud-delivered service, providing secure access to cloud-based resources, secure communications between remote users, and always-on security for devices off-premises. However, there are situations where organizations may require a combination of physical and cloud-based solutions for SASE to work effectively. This may include supporting a physical SD-WAN solution in place that already contains a full stack of security, or the desire to provide protection at the edge when processing confidential or sensitive information rather than shuttling it out to the cloud for inspection.

By combining physical and cloud-based elements, the role of SASE can also be easily extended deep into the network, rather than simply handing off security to an entirely different system at the edge. This ensures that a secure SASE connection is seamlessly integrated with critical solutions that also rely on hardware, such as network segmentation and compliance requirements that a strictly cloud-based security approach can’t address, to provide end-to-end protection.

Secure LAN and WAN

Some SASE definitions also omit things like Secure LAN and Secure WLAN that are essential considerations for many organizations. Including these sorts of technologies in a SASE solution helps ensure that security is applied consistently across an entire security architecture, rather than deploying separate security components for their SASE deployment – which could create gaps in security policy enforcement and limit visibility. 

Flexible Consumption

But regardless of which tools are used or where they are deployed, there is a central issue that needs to be remembered. Every SASE solution must not only meet the access needs of today, but also have the capability to quickly adapt to rapidly evolving network changes and business requirements as they occur. This explains a key criteria for SASE, which is flexible consumption models that give organizations choices depending on their unique use-cases in order to achieve the true vision of SASE.

Essential Security Elements Defined

Any true SASE solution must include a core set of essential security elements. To realize the full potential of a SASE deployment, organizations must understand and implement these security components across the WAN-edge, LAN-edge, and Cloud-edge. 

• • A fully functional, SD-WAN solution. SASE starts with an SD-WAN solution that includes such things as dynamic path selection, self-healing WAN capabilities, and consistent application and user experience for business applications. 
• • An NGFW (physical) or FWaaS (cloud-based) firewall. SASE also needs to include a full stack of security that spans both physical and cloud-based scenarios. For example, remote workers require a combination of cloud-based security for accessing resources located online, and physical security and internal segmentation to prevent network users from accessing restricted corporate network resources. However, physical hardware and cloud-native security need to deliver the same high performance at scale, enabling maximum flexibility and security.   
• • Zero-trust Network Access. It is primarily used to identify users and devices and authenticate them to applications. Because ZTNA is more of a strategy than a product, it includes several technologies working together, starting with multi-factor authentication (MFA) to identify all users. On the physical side, ZTNA should include secure network access control (NAC), access policy enforcement, and integration with dynamic network segmentation to limit access to networked resources. And on the cloud side, ZTNA needs to support things like microsegmentation with traffic inspection for secure East-West communications between users, and always-on security for devices both on and off-network. 
• • A Secure Web Gateway. It is used to protect users and devices from online security threats by enforcing internet security and compliance policies and filtering out malicious internet traffic. It can also enforce acceptable use policies for web access, ensure compliance with regulations, and prevent data leakage. 
• • A CASB. A cloud-based service enables organizations to take control of their SaaS applications, including securing application access and eliminating Shadow IT challenges. This needs to be combined with on-premises DLP to ensure comprehensive data loss prevention.

SASE – The Convergence of Networking and Security

At a high level, implementing SASE really comes down to enabling secure connectivity and access to critical resources from anywhere on any edge. Unfortunately, very few vendors can provide this because their portfolios are full of disparate, acquired products, or they simply don’t have enough breadth to provide all of the security elements that a robust SASE solution requires. And even when they do, their solutions simply do not interoperate well enough to be effective.

This is a problem, because for SASE to work well, all of its components need to interoperate as a single integrated system – connectivity, networking, and security elements alike. Which means every component needs to be designed to interoperate as part of an integrated strategy bound together by a single, centralized management and orchestration solution. They also need to seamlessly integrate with the larger corporate security framework, as well as dynamically adapt as networking environments evolve. If not, it’s not a true SASE solution.

The recent market momentum around SASE is exciting because it underscores the need for a Security-Driven Networking approach. In the era of cloud connectivity and digital innovation, networking and security must converge. There’s no going back to outmoded and siloed architectures. 

By: Ashraf Sheet, Regional Director, Middle East & Africa at Infoblox

In 2020 DDoS attacks continue to increase both in volume and in frequency. Nexusguard Research[1] just reported a 542% increase in DDoS attacks in the first quarter of 2020 when compared with the last quarter of 2019. The NexusGuard research team also detected unusual traffic patterns from ISPs which included traffic generated from infected devices.

In rare harmony, Kaspersky also reported that DDoS attacks have doubled in the first quarter of 202 when compared to the last quarter of 2019[2]. Kaspersky also found that DDoS cyberattacks are increasing in duration – the average attack duration increased by 24% in the first quarter of 2020 compared with the same quarter one year ago.

DNS and DDoS attack vectors have emerged as one of the critical weapons of choice to support fraud, extortion, and malicious attack. Threat actors may be politically motivated, part of organized crime, or even nation-state cyberwarfare operatives. 

The COVID-19 pandemic was the genesis of this new opportunity as the disease continues to impact businesses and economies worldwide. The net result is that 2020 has become the year of the teleworker. The use of online services from home and other remote locations became more critical than ever. Students are online. Employees are serving customers online. Many of us are working from home and highly dependent on internet connectivity. The mix of devices we use often includes our laptops and mobile devices. Threat actors have moved with lightspeed to leverage this opportunity. 

But just when you thought it could not get worse, it does. DDoS for hire (otherwise known as “booter” services) allows threat actors to access thousands of pre-configured servers that can be used to launch DDoS assaults against any organization. Booters are web-based services that provide criminal DDoS services for hire. These tools are often referred to in polite conversation as IP stressors, which are legitimately used to test your networks and servers for resiliency. Certainly, stress testing your own network is normal. But deploying such technology to create a DDoS attack against external parties is illegal and malicious criminal activity. The great majority of these servers are hijacked, and malicious activity is usually completely unknown to their owners.

As you would expect, booters are sold on the dark web using untraceable currencies such as Bitcoin. An informal survey showed that you could “purchase” the use of a compromised server for between $10 to $150 or more. You get the passwords and access to the server. Some criminal enterprises sell access to the use of booters “as a service” and vary pricing by the number of attacks you wish to launch, the duration of the attacks, and even price out the addition of customer support! 

As quickly as law enforcement agencies can find them and shut them down, new ones still seem to spring up. The number of these servers for sale at times looks quite large, with many tens of thousands of hijacked servers accessible at meagre cost for a motivated attacker.

The DDoS attacks launched by these threat actor booter sites take us back to basics. As always, the mix of readily usable attack techniques includes DNS amplification and DNS reflection. They may be used alone and in combination. An amplification attack is a technique used by threat actors where a small query can trigger a massive response. In this scenario, threat actors flood the server with short requests that require long responses, allowing a small compute resource to overload the targeted DNS server. The DNS server is so busy attempting to respond to all these malicious requests that it doesn’t have time to respond to legitimate ones, and network activity grinds to a halt.

The reflection attack vector sends queries that appear to come from the target of the attack. The huge volume of responses, which are amplified, are then sent to the target effectively overwhelming the target. In this scenario, the attacker sends a query to a recursive name server with a spoofed source IP address. Instead of the real IP address, the threat actor places the target (victim) IP address as the source IP address. The recursive name server retrieves the answer to the query from the authoritative name server and sends it to the target.

A sophisticated threat actor can combine the two techniques by spoofing the targets’ IP address and sending a carefully crafted query that will result in a large payload. This double punch can be an overwhelming DNS DDoS attack scenario. This allows the threat actor to attack two different targets at the same time easily. 

Comprehensive and intelligent protection against DNS DDoS attacks should be an essential part of your cybersecurity architecture.

---

[1] https://www.businesswire.com/news/home/20200630005295/en/DDoS-Attacks-Increase-542-Quarter-over-Quarter-Pandemic-Nexusguard/

[2] https://securityintelligence.com/articles/avoid-ddos-attacks/