Adoption of edge computing platforms has begun to soar as organizations discover the benefits of processing and analyzing data in near real time at the point where it is created and consumed. The only fly in the ointment now is that with each edge computing platform that gets added to the extended enterprise the attack surface that needs to be defended expands.
IDC forecasts the global edge computing market to reach $250 billion by 2024; a compounded annual growth of 12.5%. Gartner predicts that by 2025, some 75% of enterprise-generated data will be created and processed outside of the traditional data center or cloud.
The challenge IT organizations face is not all the edge computing platforms being deployed are readily accessible. Most of them need to be remotely managed and secured over a distributed computing network. In many cases, the last mile of connectivity to these platforms is over a 4G/5G wireless network.
From a cybercriminal perspective, each of these edge computing platforms is a ripe target. Like most endpoints, many edge computing platforms have numerous known vulnerabilities that cybercriminals can easily exploit. In addition, many of these platforms are being misconfigured as software is remotely installed by developers that often lack cybersecurity training. Once an edge computing platform is compromised it’s usually not too long before malware on the edge computing platform starts to laterally propagate across the distributed computing environment.
Focus on Industrial Control Systems
Industrial control systems (ICS) are among the most critical platforms now operating at the network edge. This week, President Biden issued a national security directive that encourages organizations to voluntarily implement unspecified cybersecurity controls and technologies to safeguard these systems in the wake of the infamous ransomware attack against Colonial Pipeline.
In fact, the nature of the threat aimed at edge computing platforms is fundamentally different because they often go way beyond merely taking an application offline to potentially impacting, for example, water systems, says Kerissa Varma, group chief information security officer (CISO) for Old Mutual Limited, a financial services firm. “It’s going to physically injure us,” she says.
Many of the edge computing platforms are based on turnkey Internet of Things (IoT) platforms that were deployed before security reviews were conducted. The result is a hyperconnected digital supply chain, says Frank Johnson, former CIO of Baltimore when the municipality was crippled by a ransomware attack last year. “It’s just making our jobs that much more difficult,” he added.
As part of an effort to combat such attacks MITRE Engenuity has published ATT&CK for ICS, which describes the tactics and techniques that cybercriminals employ when operating critical infrastructures. In its first report, the company describes how TRITON malware is employed to target safety systems in a way that prevents operators of industrial control systems (ICS) from responding to failures and other hazards. TRITON was most notably employed to shut down a refinery in Saudi Arabia.
The challenge many organizations face today is that many edge computing platforms are managed on operation technology (OT) teams rather than internal IT teams. As these platforms are connected to the network edge many of those OT teams are ill-prepared to defend those platforms from a wide range of potential attack vectors, says Otis Alexander, who leads ATT&CK Evaluations for ICS. In some cases, organizations are trying to pull cybersecurity expertise from internal IT teams to augment those OT teams. In other cases, organizations are opting to provide cybersecurity training to OT teams. “There’s a lot of debate over the best approach, ” says Alexander.
MITRE Engenuity also evaluates security products for enterprise networks. Most recently, MITRE Engenuity examined 29 products against the threat from cybercrime groups FIN7 and Carbanak, which have demonstrated the ability to compromise financial service and hospitality organizations.
Also read: Boosting IT Security with AI-driven SIEM
Employing Zero Trust and PAM Tools
Regardless of the type of edge computing platform, organizations are hoping that zero-trust IT architectures will enable them to better secure the entire distributed computing environment. A recent survey of 100 security executives conducted by Robin Insights on behalf of CyberArk, a provider of privileged access management (PAM) tools, finds 88% of respondents said a zero-trust approach to IT is either “very important” or “important.”
One of the fastest growing ways to implement zero-trust IT at the edge are secure access service edge (SASE) platforms deployed by an internal IT team or invoked as-a-service managed on behalf of an organization. At their core, SASE approaches combine a wide-area networking (WAN) platform with security technologies, such as firewalls and cloud access security brokers (CASB), to secure the endpoint and reduce the potential for malware to move laterally across a distributed network. Some vendors are now going so far as to extend SASE platforms by adding managed detection and response (MDR) capabilities.
Unfortunately, security is once again being applied all too often as an afterthought on yet another type of platform that is starting to be widely employed across the extended enterprise. It’s too early to say how much damage cybersecurity attacks against these platforms will inflict, but it’s all but certain the number of attacks against these platforms will continue to increase exponentially.