It’s all about edge, APIs and 5G

Pascal Geenens, director of threat intelligence, Radware, offers some fascinating insights into some of the security issues thrown up by the digital world.

  • Monday, 5th October 2020 Posted 4 years ago in by Phil Alsop

Smart cities and agriculture through to smart energy and healthcare will require a more dynamic edge computing model. But security will need to catch up. Over the next 18 months we’ll see more emphasis on securing APIs at the edge, and models that orchestrate and automate security.

Securing edge computing and APIs – A case of local decision making based on global intelligence.

Cyber security must focus on protecting APIs and edge computing. Why? Mobile applications, business automation, logistic automation, manufacturing devices right through to the advent of smart devices and autonomous cars use APIs to manage data and upload it to big data applications in the cloud.

We are familiar with the concept that large scale APIs can be deployed in large central clouds, but APIs for solutions that use low-latency and real-time data should be deployed as close as possible to their consumer, which means in the edge cloud and at the mobile edge.

APIs, much like web applications, need DDoS protection, application level security provided by Web Application Firewalls (WAF), and a good bot management solution. However, there’s a problem. These forms of APIs cannot be backhauled through a central security stack because it would ‘break’ the concept of edge computing.

There’s also another consideration. Current technologies used to host APIs take the form of containers or serverless compute. This means that as edge computing becomes more prevalent so security must evolve to become more ‘light-weight’ and take a form that can easily integrate with containers, Kubernetes pods, and applications on the edge.

But this is only possible if the bulk of the big data processing and central intelligent policy management is kept away from the resource constrained edge. Security needs to follow a control and data plane model: a centralised control plane used to oversee the strategy, while enforcement and local security decisions happen at the edge.

Orchestration will therefore be essential to manage complex and distributed network architectures.

It’s a complex security challenge and one that can only be effectively managed by adopting security solutions that come with a control plane and a standardised set of protocols that can be integrated with a higher level orchestrator. This approach means that an orchestrator can help organisations and managed security service providers oversee security across multiple vendors and a distributed architecture.

Automation is imperative

But still this will not be enough. Automation will be critical to manage the speed and volume of decisions that have to be taken in order to protect the network. This means using algorithms that can automate detection and mitigation of DDoS attacks in seconds versus the time it takes a human brain to spot a pattern and respond.

The intelligence that can be gathered from such security approaches will also help security teams focus on strategy, giving them room to improve alerts and build better automated responses. This flexibility in planning will become essential as more and more ‘things’ are added to the network and should help avoid potential blind spots developing in the security strategy.

 

5G brings about the possibility of driverless cars, but also more security risks

Continuous innovation in the connected world demands lower latency and near real-time decision making and communications. That’s why 5G is so exciting and why driverless cars are a real possibility this decade.

The trials for autonomous vehicles focus on ensuring the vehicle is aware of its surroundings, road conditions and traffic flows so it can moderate speed and behaviour. This level of autonomy and real-time decision making promises to deliver greater safety and fewer road traffic accidents, reduced congestion, optimised battery efficiency and ultimately greener cities.

It’s done by using predictive algorithms,that receive input from connected devices in the immediate vicinity. However, this information must be accurate and timely for driverless cars to succeed.

Real-time decision making and communication like this relies on data being available where it is needed at the exact moment it is needed. So no longer can we rely on backhauling communications for all connected devices to a central cloud. It will only increase latency and slow down decision making. Instead decisions need to be made at the mobile edge.

However, this approach to computing significantly increases the attack surface because you are not just dealing with one device but potentially millions of devices, and a network of APIs that make them work. APIs are a dream for hackers because they can use them to deploy remote attacks to connected ‘things’ at scale.

Disruptive attacks such as Denial of Service can target the API acting as a service for the connected device in a city. Such disruption may be enough to render all the smart devices within the area ineffective.

Take electric charger points or smart parking meters, these could easily be attacked and abused for credit card skimming campaigns.

Manufacturers will therefore need to ensure that APIs and services are adequately secured. However, achieving this in a highly distributed architecture is complex due to the large number of light-weight edge services, many of which will be running on third-party edge computing systems. The approach to protecting a distributed environment is significantly different to securing a centralised system.

Attacks are growing more complex and becoming automated, requiring more intelligent detections based on a broader context. This translates to lots of CPU and memory resources and big data lakes, something that is available in the public cloud but not readily available in the cloud and mobile edge.

APIs, much like web applications, need DDoS protection, application level security provided by Web Application Firewalls (WAF), and a good bot management solution. However, there’s a problem. These forms of APIs cannot be backhauled through a central security stack because it would ‘break’ the concept of edge computing.

There’s also another consideration. Current technologies used to host APIs take the form of containers or serverless compute. This means that as edge computing becomes more prevalent so security must evolve to become more ‘light-weight’ and take a form that can easily integrate with containers, Kubernetes pods, and applications on the edge.

But this is only possible if the bulk of the big data processing and central intelligent policy management is kept away from the resource constrained edge. Security needs to follow a control and data plane model: a centralised control plane used to oversee the strategy, while enforcement and local security decisions happen at the edge.

It’s a complex security challenge and one that can only be effectively managed by adopting security solutions that come with a control plane and a standardised set of protocols that can be integrated with a higher level orchestrator. This approach means that an orchestrator can help organisations and managed security service providers oversee security across multiple vendors and a distributed architecture.