In 2024, artificial intelligence (AI) took center stage in cyber security, and it’s not going away anytime soon. Looking ahead to 2025, we see service providers of all types expanding their networks to the edge, implementing advanced 5G technologies, and preparing for a shift to Open Radio Access Networks (oRAN) and 6G. AI will be an integral part of all these operations. In the world of managed security service providers (MSSPs), providers are looking for ways to expand their offerings to include these advanced technologies in a secure, automated platform to enterprise and SMB clients alike. Moreover, government at all levels is on high alert for cyber-attacks from bad actors of all stripes – from domestic and international cybercriminals to nation states. Executive orders and other policy initiatives have driven AI-powered security to the forefront, and in the year ahead, policymakers will aim to streamline regulatory hurdles to accelerate security transformation in the face of these looming threats.
Security at the Edge
Mobile edge computing offers a host of important benefits for telcos and their customers – which is to say, pretty much everyone with a cell phone. It provides lower latency, better connectivity and reliability, higher capacity, and more scalability. Edge computing is enabled by nodes connected to the central network that are physically closer to end users, which allows processing to occur at the edge instead of sending everything to the datacenter and back. Innovations like autonomous vehicles and growing IoT networks will rely on these networks to function. To realize the full benefits of this important technology, networks have to be secure-by-design, something existing IoT networks notoriously lack. Often, IoT networks run outdated firmware and weak security. They’re difficult to update remotely, and often require manual, on-site intervention to make changes, which produces the gaps in security and lack of oversight that make them so vulnerable. In the age of AI, attackers have deployed a variety of sinister attacks that exploit this dynamic, including zero-click attacks, which do not require any user intervention at all to do damage. A single unprotected device at the hardware level can infect the whole network. As edge computing nodes proliferate, laying the groundwork for a level of connectivity that enables the innovations of tomorrow, the attack surface grows along with it.
In 2025, we’ll see the focus on edge security and IoT security sharpen significantly. The investments telcos are making in edge computing to enable IoT networks are undermined severely by the relative weakness of IoT security. As more and more of our everyday data processing takes place at the edge, we can expect those that emphasize security to differentiate. That means deploying edge-based threat detection, so that threats are analyzed at the entry point to the network where they can be stopped, rather than traditional perimeter-based security, which sends traffic to the headquarters network for inspection. Implementing data minimization protocols like pre-processing at the edge will be important as well – AI enables us to perform basic analytics on data inputs before transmitting them across the network, reducing the likelihood that sensitive data from things like personal vehicles or medical IoT devices might be leaked. Solutions like zero trust network access, secure web gateways, firewalls-as-a-service, and cloud access security brokers will become table stakes for those that seek to drive the benefits of 5G and beyond.
The MSSP Connection
Managed security service providers are an essential part of the transformation taking place now and into 2025. It’s clear now that no organization, no matter their size, is immune to cyberattacks. The largest enterprises and mom-and-pops alike can be extorted by ransomware gangs or frozen by DDoS attacks. MSSPs are looking for new ways to provide enterprise and SMB clients with the advanced offerings they’ll need to do business in the modern threat environment. In the year ahead, the platform approach will dominate. The scale of the threat landscape demands a level of automation that can be delivered most efficiently as a service. While some enterprises will build proprietary networks and security, most organizations don’t have the resources, or, crucially, the expertise to design these networks from the ground up, especially considering that most legacy networks that will serve as the foundation were not built with security as a primary consideration. Instead, MSSPs will offer advanced, secure-by-design programs that can be tailored to each organization’s unique needs, relying on the platform approach to centralize the management of the network. This centralized management is crucial to effectively secure the diffuse networks and automated processing that will be the basis for more and more operations as time goes on. At the same time, this produces new revenue streams for MSSPs themselves.
Government on High Alert
We’ve seen attacks on government agencies by private and by state-sponsored groups for several years now. State-sponsored groups obviously have resources that enable them to engage in harmful offensive activity that others could not or would not. In some cases, profitability isn’t a primary objective. In these cases, we see private enterprises, even SMBs, breached by foreign threats with a variety of goals, from intelligence-gathering to harming important economic enterprises. Attacks by private groups on utilities and other critical infrastructure, like the Colonial Pipeline attack, have demonstrated that far more damaging attacks are imminently possible. Government at all levels is on high alert for attacks on agencies, seaports, military and intelligence installations, and more from domestic and foreign bad actors alike. In the year ahead, we’ll see an increased policy focus on cyber security. This will take the form of executive orders and other administrative actions to encourage the ethical use of AI, increased funding for cyber initiatives across the board, and, crucially, streamlined regulatory hurdles that will allow organizations to accelerate their AI-powered security roadmaps. The nexus between government and the private sector – both security providers and users – will be of foremost importance in 2025, with each segment playing a crucial role in securing networks for everyday citizens, important economic entities and industries, and critical infrastructure.
Security Drives Innovation
We’ve reached a point where no innovation is safe unless it is secure-by-design. The sophistication of attackers, amplified by AI tools that exponentially augment the attack surface and reduce the cost of offense for bad actors, virtually guarantees attacks where there’s profit or geopolitical advantage in it, which puts organizations of all kinds at risk. To realize the promising innovations just on the horizon, and indeed beyond, networks will need to be secure-by-design. In 2025, this dynamic will become clear, as enterprises, service providers, and government alike set their priorities on building networks that are secure from the ground up.
About the Author
Bill Diaz is Vice President of Vertical Solution Business at Check Point Software
Bill is a Telecom Industry Executive with over 34 yrs of Sales, Account Management, Engineering, Operations, Delivery, Program Management and Relationship Building experiences with Senior Level Clients and Colleagues in both Domestic and International environments.
Mr. Diaz leads Check Point’s Vertical Solutions Business Unit consisting of our Telco, Cable, Colo, MSSP and Public Sector (Fed/SLED) organizations. He manages a talented group of cyber security business, sales and technical professionals across the Canadian, United States and Latam Markets. He focuses on selling, delivering and supporting an E2E Security portfolio consisting of Cloud, Network, End Point, SASE and a robust set of Managed Services offerings.
Mr. Diaz has established, built, and scaled the business by 5X over the last 3.5 yrs with double digit growth during the last 24 months.
Bill can be reach at our company website: https://www.checkpoint.com/ and https://www.linkedin.com/in/william-a-diaz
