Security Experts:

The Intelligent Edge: An Increasing Target for Bad Actors

The traditional network perimeter has been replaced with multiple edge environments. These include WAN, multi-cloud, IoT, home offices, the new device edge, and more. Each edge environment comes with its own set of unique risks and vulnerabilities, which is why they have become a prime target for cybercriminals, who are shifting significant resources to strategically target and exploit emerging network edge environments. Organizations need the right knowledge and the right resources to remain protected as these and newer threats emerge.

The rise of the intelligent edge

The new “intelligent edge” is one of the biggest trends impacting businesses across industries. The intelligent edge is widely defined as the combination of advanced wireless connectivity, compact processing power, and AI to analyze and aggregate data in a location as close as possible to where it is captured in a network. One outcome of this is the emergence of the distributed cloud, where ad hoc networks are created dynamically by groups of endpoint devices running a common virtual platform. This intelligent edge, sometimes known as “intelligence at the edge” has huge ramifications for the interaction between mobile and IoT devices and the rest of the network.

Deloitte predicts the global market for the intelligent edge will reach $12 billion in 2021, driven in part by expanding 5G networks and hyperscale cloud. There is great potential for those organizations able to harness the potential of the intelligent edge, but there’s also increased opportunity for cybercriminals to ply their trade in new ways.

New risks introduced 

If the history of cybersecurity has taught us anything, it’s that any time that we implement a new tool, a new capability, or a new functionality, security threats follow. Given the rate of adoption and the number of devices involved, it’s no surprise that attackers see the intelligent edge as a ripe opportunity. All we need to do is to look at how these tools can be weaponized to understand what we will soon be up against as bad actors innovate.

Compounding the challenge further, all of these edges are interconnected through applications and workflows, and there isn’t always consistent security in place to provide centralized visibility. In fact, unified controls and centralized visibility are sometimes being sacrificed in favor of performance and agility levels that many traditional security solutions cannot provide. This is one of the most significant advantages of the intelligent edge for cybercriminals. And as smart devices increasingly become an integral part of our lives, successfully compromising these systems could enable attackers to turn off local security systems, disable cameras, and even hijack smart appliances and hold them for ransom.

But that’s only the beginning. More sophisticated attackers will also use compromised edge networks and connected home systems as a springboard to other things. They may, for instance, carefully coordinate corporate network attacks launched from a remote employee’s home network. And it will be able to mask such attacks–particularly when usage trends are clearly understood–so they don't raise suspicions. Intelligent malware that has access to stored connectivity data can hide much more easily.

In addition, advanced malware can sniff data using new EATs (or Edge Access Trojans) to do things like intercept voice requests off the local network to inject commands or compromise systems. Compromising and leveraging 5G-enabled devices will accelerate the speed at which attacks can occur, as well create new opportunities for emerging advanced threats.

What organizations can do 

Staying ahead of this new threat landscape requires high performance security solutions augmented with advanced detection, analysis, and response capabilities. In addition to using AI to enable an automated system that can detect threats and attacks before they occur, security teams can also use AI to document the behaviors of cybercriminal activity in detail. This results in playbooks that can help identify an attack, anticipate an attacker’s next moves, not only stopping their threat mid-attack, before they can complete their mission or achieve their objectives, but even anticipating attacks and taking appropriate countermeasures.

As AI and machine learning systems are more deeply integrated into network security systems, the ability of IT teams to build out such playbooks is not far from reality. In fact, various threat research organizations are already using basic playbooks using schemes like the MITRE ATT&CK framework to standardize behaviors and methodologies.

Defending the intelligent edge

As technology changes and provides new opportunities for organizations, cybercriminals are close by, lurking in the shadows and innovating new ways to exploit those new technologies. And as organizations implement new security tools and procedures, malicious actors will only grow more advanced in their attack methods, resulting in a continuous game of one-upmanship. But the emerging intelligent edge creates an exponentially larger attack surface than anything before. Intelligent malware designed to target these new devices and the arrival of things like new Edge Access Trojans are just two of the more recent threats CISOs have to deal with as they try to secure their edge. Organizations need to extend their security strategies across the infrastructure, leveraging things like EDR and behavioral analytics tools to identify threats and protect known and unknown vulnerabilities on these devices, and by managing device behavior and monitoring traffic.

During such a time of rapid evolution, CISOs must stay current on the latest threat intelligence. They also need to understand how the new technologies and network operations that their organizations are deploying to improve efficiency could also have an unexpected and lasting impact on cybersecurity. AI and automation will be invaluable tools in the fight against those who would try to target and take advantage of this new intelligent edge.

view counter
Derek Manky is Chief of Security Insights and Global Threat Alliances at Fortinet’s FortiGuard Labs. Derek formulates security strategy with more than 15 years of cyber security experience behind him. His ultimate goal to make a positive impact in the global war on cybercrime. Manky provides thought leadership to industry, and has presented research and strategy worldwide at premier security conferences. As a cybersecurity expert, his work includes meetings with leading political figures and key policy stakeholders, including law enforcement. He is actively involved with several global threat intelligence initiatives including NATO NICP, INTERPOL Expert Working Group, the Cyber Threat Alliance (CTA) working committee and FIRST – all in effort to shape the future of actionable threat intelligence and proactive security strategy.