Skip to main content

Megatrends and the doctrinal shift in enterprise security

Martin Roesch

We’ve seen an interesting progression over the last decade in how we think about the cloud and security. As organizations started moving to the cloud, it became apparent that compared to what was possible in the days of on-premise systems, the ability to secure what’s running in someone else’s environment is relatively limited. They have largely relied on access controls and configuration management to secure their cloud environments. And now they are exploring solutions like CSPM, CNAPP, and other acronyms, that are focused exclusively on understanding risk in the cloud

But the reality is, 67% of IT professionals view hybrid cloud as their permanent destination, so enterprise computing environments aren’t all or nothing. Applications and data are scattered across a complex environment consisting of multi-cloud, on-premise, and legacy infrastructure, being accessed by increasingly mobile and remote workers. 

We call this the Atomized Network and it is the first megatrend that is exposing deficiencies in security architectures and offerings for the modern enterprise. The Atomized Network is a fluid computing environment where applications, data, and even system resources are in a perpetual state of motion. This “computing as you are” movement, which became the norm overnight for business survival in the face of the pandemic, is difficult to secure with the tools that are available. Legacy security vendors that are appliance-based and focus on “middleboxes” are architecturally on the wrong side of history. To remain relevant, they are trying to rearchitect their solutions to include virtual and cloud appliances, with limited success. Meanwhile, cloud security vendors are focused on providing visibility into cloud environments, but very rarely into on-premise and legacy environments. Security teams move between a mix of consoles and aging or inadequate approaches, each uniquely configured and managed, hoping nothing falls through the cracks.

The second megatrend underpinning a shift in how we approach security for today’s enterprise is Zero Trust. Traditionally, deep packet inspection (DPI) appliances have been the go-to approach for threat detection and application-aware security on the network. However, the rapid adoption of Zero Trust initiatives is accelerating the encryption of network traffic. As Zero Trust becomes the norm, DPI is increasingly blinded, and its value dramatically declines. After all, you can’t inspect traffic that you can’t decrypt and you can’t deploy middlebox appliances when, in the Atomized Network, there is no middle anymore. Appliance-based architectures are increasingly a dead end.

A new generation of opportunistic threat actors is taking advantage of the chasm between legacy and cloud-only security providers to observe, learn, and isolate weak points in their victim’s infrastructure. Living in the gaps—which multiply as networks disperse—they are waging attacks that are incredibly difficult to detect in anything approaching real time, which eliminates the opportunity for rapid response.

Together, the Atomized Network and Zero Trust are driving a doctrinal shift in enterprise security. At Netography, we’ve attacked the challenge of securing the Atomized Network and we’re doing it in a way that gets you ahead of the inevitable limitations of DPI. 

Netography secures the Atomized Network with a SaaS-based, universal platform that provides complete network visibility for real-time and retrospective attack detection across your entire footprint – multi-cloud, on-premise, and hybrid environments. We do this by taking a “less is more” approach. There’s no hardware, no software, nothing to deploy. And we upend existing approaches by living off the land, collecting and storing metadata in the form of flow data that is available across the entire network infrastructure without capturing and inspecting full packets. Our architecture enables users and the Netography Threat Research Team to write threat detection models once and protect everywhere in minutes. A single portal provides a unified view of your entire atomized network providing data enriched with business and threat intelligence to accelerate and simplify detection, hunting, and analysis. Customized responses and remediation interfaces make it easy to turn detection into response.

There is going to be a long tail of on-premise infrastructure for decades, enterprise computing environments will continue to disperse, and encryption will be increasingly pervasive as the years pass. Security teams are losing visibility as time marches on and along with it, control. Organizations need a partner that sees and has been preparing for this doctrinal shift for years, with a solution architected for a new era in enterprise security.