ESG's Doug Cahill and John Grady discuss the current state of network security and Elastic Cloud Gateways (ECG's).
Doug: I'm here with John Grady, ESG's new cybersecurity analyst. John, welcome to ESG.
John: Thanks, Doug. Excited to be on board. I've been a consumer of ESG's research for the last few years and excited to be part of a team doing such interesting work.
Doug: Awesome. Fantastic. Hey, so you're going to be covering network security for ESG. And like so many other cybersecurity segments, it's one that's clearly in transition with things like the adoption of cloud services, knowledge work mobility are sort of the change agents. What are some of your perspectives in how network security is changing?
John: It's an incredibly dynamic space, and for the reasons that you laid out, we really have the opportunity to rethink how we go about things like access and identity, how we do content inspection, how we layer network analytics into that construct, and ultimately do things like threat detection and response at line speed. So we're really at a tipping point at how we go about a lot of network security fundamentals.
Doug: You bet. You bet. Hey, so I have to ask you. This is your sort of softball question as a new analyst here at ESG. Is the perimeter dead? What's your perspective on how sort of those who do what we do for a living maybe sort of overstate the demise of the physical network perimeter?
John: Yeah. I'm not going to go out on a limb in my first ESG video. I'll wait till the second or the third.
Doug: That'd be smart.
John: Yeah. So you know, it's not dead. It's certainly the definition has evolved. We need to think about it differently for sure. But there's a ton of apps and compute and storage going on in the cloud. We all know this, no question. However, there are still applications and data that remain on-prem, behind a customer-managed perimeter, behind a DMZ, either because of the app design or on the data side because of regulatory or governance concern. So it's more about enforcing consistent policy for access and data protection across both those constructs. So you know, is the castle and moat analogy of 20, 30 years ago dead? Absolutely.
Doug: Probably dated, yeah.
John: Absolutely. You know, the perimeter is much more amorphous. There's many edges. But I don't think it's dead quite yet.
Doug: Yeah, couldn't agree more. And I think it creates a situation where, we need a retooling of the network security stack, I mean, to your point, we're still a physical perimeter, in a DMZ, so we're still going to have physical firewalls and rack and stack and VMs for sort of location optionality. But the cloud really creates an opportunity to deliver network security, you know, sort of as a service.
How do you think organizations should think about the cloud as a delivery model for network security?
John: Yeah. I mean, relative to, you know, traditional physical-based appliances, it's still the predominant form factor, but we have brought adption of VM-based controls and net sec as a service, you know, for sure. So you know, it's about how we tie those together. So one of the areas I'm going to be spending a lot of time on talking to buyers and vendors is around this emerging area we see as elastic cloud gateways or ECGs.
And it's a big discussion, so you know, keeping it high level for this purpose, ECGs are essentially multichannel, multimode cloud delivery gateways that are built on a cloud-native microservices platform and that automatically scale to provide user access to a whole host of cloud services. And the important part is all while incorporating data-loss prevention capabilities.
John: Right. And that sort of architectural component being based on microservices is why we're calling it elastic. It allows the services to scale up based on demand and also be able to scale down. So for us, ECGs, right, elastic cloud gateways, it's about the convergence of sort of where security web gateways are going, convergence with cloud access security brokers, cloud DLP, and maybe the addition of software-defined perimeters for a zero-trust model. So there's a lot there.
John: There's a ton there. Yeah. And this has come through in some of the research you and Jon Oltsik have done around platforms and trying to consolidate this what's become this sprawl of point tools, right. And so I think the important parts relative to ECG become consistent policy enforcement, creating operational efficiencies. And both those things help serve, you know, trying to reduce the attack surface which, you know, that gets to touching on another theme ESG has covered quite a bit, which is the skill shortage and helping security practitioners do more with less.
John: No question. No question. Hey, so we're going to be talking a lot more and researching for that matter, elastic cloud gateways. But with Black Hat next week, what other network security topics are top of mind for you and you think will be topical at Black Hat?
John: Yes, a couple of things that I'm looking to get a lot more in-depth on at Black Hat, network traffic analytics or NTA and how that fits into the broader threat detection and response ecosystem. So I know we have a lot of research in that area that points to the increasing adoption of NTA as part of that landscape. So hearing what the vendors are doing there. And then software-defined perimeter as well, you know, encore model, brokering, user access to data apps and services.
That ball is just getting rolling, and so I think there's a lot to come there, especially as more and more real-world use cases are built out, so.
Doug: Absolutely. So, John, a lot of ground to cover. So great to have you here at ESG. Again, welcome.
John: Thank you.
Doug: And thanks, everybody, for listening and watching, and we look forward to hopefully seeing many of you next week at Black Hat.