Infrastructure Security

Trend 1 – Legacy security controls are transformed with a secure access services edge framework

Software-defined wide-area network adoption is already at high speed with many of our customers. By replacing legacy multi-protocol, label-switching, widearea networks, the secure access services edge (SASE) framework transforms the security controls toward the edge. Our analysts predict that 80% of organizations will be SASE framework compliant by 2024. This journey entails shifting to an “as-a-service” model with the SASE framework to yield better ROI, robust security and reduced complexity. The SASE framework also gives chief experience officers (CXOs) a single-pane view as all the technologies within SASE will have full integration.

In the past, enterprises used to acquire, deploy, configure and build the security controls in their data centers, public cloud and private cloud as needed within limited pre-defined data center locations. Users then consumed these security controls irrespective of their geographical location. This traditional model required high dependency on the hosted sites of the security controls, which resulted in network latencies and, in turn, a poor user experience.

Almost every security control technology provider has started investing and building their capabilities to have either all the SASE security controls in their offerings or have them in their list as a partnered offering. They are also committing roadmaps to bring them into a single management pane with tighter integration to meet the defined SASE framework. Many enterprises have started adopting the SASE framework, choosing security-as-a-service while adopting the latest security controls such as zero-trust access networks, CASB solutions and others.

Infosys provides consulting and advisory services to enterprises to transform their legacy network and security controls to a SASE framework. They have started this transformation for a few customers, including a major healthcare service provider in North America, an energy customer in Germany and a consumer goods organization in the United Kingdom.

Infrastructure Security

Trend 2 – Extended detection and response provides cross-layer security across the enterprise

XDR tools allow a security incident detection and response platform to consume the data from endpoints, network devices and security devices. This cross-layer security supports automated AI and ML actions that protect multiple vectors – from apps and data to end users – from security attacks.

In the past, security incident and event management (SIEM) tools were used to correlate security logs from sources like endpoints, antivirus agents, network devices, security devices and applications to detect and identify security incidents. Security orchestration, automation and response (SOAR) tools were used to automate responses to the incidents utilizing user-defined playbooks.

XDR tools support SIEM and SOAR tools by utilizing AI and ML to build context-based correlation rules around threat intelligence and execute the appropriate remediation actions without intervention from a security analyst.

However, an XDR toolset is limited to singletechnology provider tools. This poses a challenge for enterprises with multi-vendor security tools, which is why XDR technology providers have started expanding their interoperability to provide wider coverage soon.

Architects recommend the adoption of cloud platform-based XDR tools to reduce the overhead that comes with traditional deploy, configure, and manage approaches.

Infosys has helped several enterprises transform their security controls to XDR, including an energy and utilities enterprise in Europe, and a healthcare provider and packaged food company in North America.

Subscribe

To keep yourself updated on the latest technology and industry trends subscribe to the Infosys Knowledge Institute’s publications

Infosys TechCompass