2023 is halfway through, and the discussion topics related to network security protection remain high. Practitioners in the field of network security should have an understanding of relevant forward-looking analysis. Some time ago, I read F5 Security Operations Center engineers' predictions on threats to network security, and I was deeply inspired, so I selected a few to share with you.
Threat 1: Shadow API will bring unpredictable vulnerabilities
According to Postman's State of the API report, 48% of respondents admitted to dealing with at least one API security incident per month. Since many businesses do not have API inventories, APIs that are in production and that benefit from continuous development will deviate from their original definition in the inventory. In both cases, there are public APIs that are not visible to the organization, these APIs are called "shadow APIs", and many applications can be compromised through "shadow APIs", and the enterprise has little or no awareness of these APIs . In this case, F5 professional protection is undoubtedly needed.
Threat 2: Open source software libraries will become the main target of attacks
Attack targets are increasingly changing to third-party code, code libraries, and services in applications. As much as 78 percent of the code in hardware and software codebases consists of open source codebases rather than internal development. In the practice of network security protection, F5 found that these interactions can be sensed by cloud security posture management (infrastructure), cloud workload protection platform (cross-platform), and application detection and response (application layer); these independent markets need integrated to provide the holistic view necessary to efficiently and accurately detect inside-application threats.
Threat Three: Further Expansion of Phishing and Fraud
The F5 SOC found that ransomware targeting databases is on the rise. Organized cybercrime will continue to develop ransomware techniques and will pay particular attention to critical infrastructure. Ransomware attacks targeting cloud databases, where critical data for businesses and governments are stored, will increase significantly in the coming year. Unlike traditional malware, which encrypts files at the file system level, database ransomware encrypts data inside the database.
At the same time, attackers will increase the number of attempts to obtain vulnerability data directly from affected individuals through various scams and downstream fraudulent means (such as applying for a new credit card). From an attacker’s mindset, if stealing customers’ personal information doesn’t make money by extorting the compromised organization (e.g., threatening to release intellectual property, etc.), then their target will shift to the individual.
In addition to the above three aspects, factors that affect the effectiveness of network security protection include multiple authentications that will lose their effectiveness, and cloud deployment troubleshooting that will bring more problems. F5 also made an extremely detailed explanation. You can go to the F5 official website by yourself Take a look, you should be able to gain something.
https://forum2023.f5chinanetworks.com/view/wechat/datacenter/l/login.asp?trackingcode=SEO