Complexity is the enemy of security, so live off the land
By Martin Roesch
Enterprise networks have changed dramatically over the past 20 years, moving from buildings that contained workers and data centers to today’s “computing as you are” model. Applications and data are scattered across a complex environment consisting of multi-cloud, on-premises, and legacy infrastructure, being accessed by increasingly mobile and remote workers. We call this the “Atomized Network” and its complexity breeds obscurity.
Organizations struggle to defend their network because it is so dispersed and dynamic that they don’t know what they’ve got, what it is all doing, and what it might be vulnerable to. Unless you take extremely diligent efforts to identify and understand everything in your environment and maintain that level of visibility consistently, it is very difficult to secure for very long.
Complexity begets complexity
What’s more, since no security solution can address the entire challenge of securing a modern network, organizations use a “defense in depth” approach. The concept is that as we layer multiple tools, eventually we will arrive at a set of capabilities that will fully secure a network. But the reality is that the tools are all incomplete with some overlap between them, so it’s never been possible to achieve comprehensive coverage. Very few security technologies work together, even if they come from the same vendor, so they aren’t simple to use. As a result, now we have a complex environment that we’re trying to secure with interrelated, disparate solutions that security teams move between, hoping nothing falls through the cracks. But inevitably it does. Attackers live in the gaps – the gaps between these technologies and how they are integrated, which multiply as networks disperse.
Everywhere you add complexity, within the Atomized Network and with the new capabilities you introduce to defend it, you add inscrutability and gaps. Opportunistic threat actors take advantage of both to find and leverage weak points within a targeted organization’s infrastructure, remain undetected for months or even years, and execute damaging attacks. Clearly, complexity is the enemy of security.
Living off the land breeds simplicity
Netography’s approach to address complexity and secure the Atomized Network is based on the concept of living off the land, where you use what is native to the environment to protect the enterprise. It’s a simpler, more effective, and sustainable approach than conventional threat detection and application-aware security that has historically required deep packet inspection (DPI) appliances that were deployed in the middle of network traffic. In the Atomized Network there is no middle anymore, so appliance-based architectures are a dead end. Furthermore, DPI appliances are increasingly blinded as encryption of network traffic accelerates.
At Netography, we break with traditional security approaches and instead live off the land by collecting and storing metadata, not packets. Metadata in the form of flow data is already available for free across your multi-cloud, on-premises, and hybrid environment, and it is all you need for complete network visibility. The use of metadata allows for a very light deployment – there’s no hardware, no software, nothing to install. This leads to an incredibly fast time to value, just point and click to send your flow data to our portal and get started in a few minutes.
Living off the land has allowed us to design and deploy a solution that reduces security complexity in a number of additional ways:
- Our SaaS-based, universal platform delivers a much broader scope of network visibility for real-time and retrospective attack detection across your entire enterprise network footprint.
- A single portal provides a unified view of all your data, normalized, aggregated, and enriched with business and threat intelligence, to accelerate and simplify detection, hunting, and analysis.
- Our architecture enables cloud-hosted threat detection models that are written once and protect everywhere in minutes.
- Customized responses and remediation interfaces simplify automating the protection of your environment.
- Our integrations engine can remediate and block based on your already deployed technology stack as well.
Simple can be secured, but no environment is simple today. With Netography, our customers see that by living off the land, using resources and capabilities inherent to the Atomized Network, they can begin to address complexity to build the foundations required to secure their modern enterprise.