The WAF has been a good friend to the CDN industry for the last couple of years. For some, it has been a life saver. But as the CDN WAF 1.0 starts to age, CDNs must evolve their WAF’s to deal with the next crop of threats coming to town in the next 2-4 years. Before discussing CDN WAF 2.0, lets review the current state of the aging security business model . The traditional security business model is facing a dual threat: 1) smaller and more nimbler cloud security competitors born in the cloud that offer instant scale, at much lower price points 2) the hacker community that is creating extremely sophisticated threats that bypass traditional security defenses without breaking a sweat. Nowadays, malware is simply too innovative and too overwhelming for the traditional security vendor to handle single-handedly.
The worse part is that even the most advanced security platforms on the market today, require human intervention to mitigate attacks, as in the case of Target. In 2-4 years, threats are going to become artificial beings that increase in sophistication a thousand fold, as general purpose Artificially Intelligent Bots invade the Internet Ecosystem. Just think of a Google DeepMind Artificially Intelligent bot, developed for one purpose – to steal and destroy data without leaving a fingerprint, acting as its own command and control center. What are some of the characteristics that General Artificially Intelligent Bot are likely to have:
Characteristics: General Artificially Intelligent Bot
- Metamorphic Capabilities: Shape shifting bots will bring an end to the use of signatures, because the AI systems will have the capacity to create an infinite amount of unique signatures
- Malware, zero-day attacks, bot attacks, virus, advanced threats, and multi-vector attacks will all be known as AI Bots, because they’ll do all of the above out-of-the-box
- Air-gap feature set that can infect off-line networks, PCs and mobile devices through radio waves and heat waves
- AI Command and Control center that is more intelligent than human hacker
- AI systems will be creative
- AI will be able to launch a thousand fold multi-vector attack against every application, system and user at one time
- Big data and SIEM correlation capability will become a big part of the AI Bot
- Input fed to the AI system will include the history of every piece of malware, virus, bot signature, and everything else of value that can be used for decision making
Characteristics: General Artificially Intelligent WAF
How will CDN WAF 2.0 be able take on the new threat? First, a new approach to mitigating AI threats must be invented. Next, the WAF must incorporate the feature set from a dozen plus niche security products. There are already some front-runners in this new space; Raytheon has created an AI system called the Morphinator, a system that neutralizes polymorphic malware. Here are some characteristics of WAF 2.0:
- General purpose Artificially Intelligence, not specific subset AI
- WAF that analyzes, learns, perceives, and reasons like a human
- Global PoP Infrastructure with 1,000+ servers deployed to give it an omnipresent footprint all the way to the last mile
- Besides security, a platform that provides caching and mobile content acceleration
- Platform that supports video and virtual reality (down the line)
- WAF that incorporates dozens features from different niche products: SIEM, Identity Management, Isolation, DPI, DLP, Honey Pot, Mail Gateway, and so on