Driving To Gapless Visibility – Why Real-Time Network Visibility From Data Center To Cloud Is Essential
By William Toll, Sr. Director, Product Marketing
The famous old adage, “You can’t improve what you don’t measure,” is similar to the driving force in cybersecurity defenses today, “You can’t protect what you can’t see.”
With the explosion of new deployment types and the integration of modern, cloud-based applications and corporate systems hosted in company-owned data centers, many teams are struggling with gaps in visibility. Legacy on-premises network visibility solutions don’t scale to modern cloud environments, and cutting-edge cloud-native network visibility tools don’t cover hybrid deployments or integrate with legacy platforms. Add to this the fact that attacks are appearing and executing faster than ever before.
Attackers know this. They are leveraging the visibility gaps, pervasive encryption, siloed teams, and lack of real-time situational awareness to hide in the gaps.
As you expect, the results are tragic. Poor or partial visibility decreases analyst productivity and job satisfaction, hinders automated processes, weakens end-user experiences, and increases the risks of compliance audit issues.
The tension between business units and the security and network professionals and operational teams with deep cloud expertise is growing. While there is more acknowledgement that legacy network visibility and control platforms are unable to protect the Atomized Network, the fact that these visibility gaps are so pervasive that it’s generating a backlog of critical gaps and challenges that need to be addressed.
A call for action on visibility
In 2022, CISA started developing the extensible Visibility Reference Framework (eVRF) to help organizations identify and evaluate visibility in digital environments. CISA states in the RFC that the idea is to “provide a framework for organizations to identify visibility data that can be used to mitigate threats, understand the extent to which specific products and services provide that visibility data, and identify potential visibility gaps. This knowledge can then be used to direct resources to close visibility gaps and enhance overall visibility into potential threats”.
The new eVRF framework is starting to drive more interest in architecting and implementing solutions that can provide visibility and context-specific insights about the networks that modern organizations are building across multiple clouds. For example, does your organization have complete visibility for cloud API connections connected to applications hosted in corporate data centers? Or does your organization have the ability to know if updates to a cloud application that was pushed have active network connections with production (correct) or test (incorrect) databases hosted in the corporate colocation provider?
The goal should always include implementing good real-time hybrid-cloud network visibility while ensuring that the organization can continue to rapidly innovate with new applications and integrate with existing applications. That means any visibility gaps in North-South or East-West must be closed. Additionally, with the rapid growth of interest in detecting and providing visibility for internal threats, even when traveling over encrypted networks, you’ll want to make sure that all traffic is visible, alert-enabled, and searchable.
It’s not all uncommon today for an organization’s encryption to fail to protect the company by making it much more difficult to detect evidence of data being stolen and to assess what part of the organization or network has been compromised. Marty Roesch, the CEO of Netography, stated in the white paper The Reckoning: The Massive Implications of Losing Network Visibility & Control, “With as many security technologies as are available now, the solutions have not evolved with the problem. Instead, they have only been developed to target parts of the problem with no regard for the whole, which has created functional and operational gaps in threat detection and prevention on the network; gaps that can only be addressed with a methodology and architecture for treating networks as a unified composite to be secured by an overarching platform.”
Visibility remains the fundamental cybersecurity strategy to protect users, applications, data, and devices. Even the best hybrid-cloud architectures, cryptography, access controls, and network segmentation fall down when there is a lack of visibility. You can’t protect what you can’t see.”
Be sure to read “The Reckoning,” it contains a set of questions in a checklist format that will help your organization assess its level of visibility and control for its Atomized Networks.