Raise your hand if you have a pervasive view of your network…anyone?
By Dan Ramaswami, VP of Field Engineering
As defenders, we must know what we are defending in order to best defend it. But given how enterprise networks have become atomized, and how traditional network security technologies have been engineered, we’re dealing with far too many blind spots.
I’m an avid sports fan, and our situation reminds me of being at the old Boston Garden (now replaced by the very beautiful and modern TD Garden). The original Garden was an amazing sports complex where true feats of history happened, and Hall of Fame careers were made and minted. Yet, for all this marvel of sporting talent and prowess, limitations in materials and engineering at the time necessitated the placement of support posts in front of the view of the spectators. Sports fans there to witness history may have missed it because of these blind spots that were engineered into this amazing coliseum of sporting grandeur.
At the other end of the spectrum, modern mega stadiums engineered for scale in another way also run the risk of limiting visibility. Depending on where you’re seated, the players can appear so small you might think you’re watching ants. Scenes from the movie Space Jam come to mind.
For a long time, the security industry has engineered the same types of blind spots into the defenses of our networks. Whether that’s meant engineering for a need to support, much like the columns, or a need for capacity like super stadiums. In conversations with customers, I consistently hear that no one has a pervasive view of what’s happening in their Atomized Network which are composites of multi-cloud, on-prem, hybrid-cloud and remote sites. Here’s why.
Limitations of engineering for support
Think about traditional, appliance-based architectures. Instead of having visibility across the entire estate, we have to pick and choose the choke points where we’ll grab visibility from and accept the level of blindness inherent in that approach. In a 50-story office building that is just one of 20 buildings in an organization’s footprint, it isn’t feasible to put a box in every single network closet. It simply doesn’t scale. Threat actors know that if they want to move laterally and maintain a foothold, the best way to do that is to move laterally in the same collision area because there is very little chance of having network traffic visibility across the choke points that we’ve had to use as a concession due to scale.
Challenges of engineering for capacity
Visibility into network traffic moving to, from, between, and within clouds presents its own set of challenges. Traditional network security tools don’t natively support cloud environments, and cloud-based tools focus on providing visibility into specific cloud environments but very rarely into multi-cloud or the rest of the infrastructure. Additionally, all clouds are not created equal, and few standards exist for the type of data and level of visibility cloud providers offer. Here too, threat actors are savvy and take advantage of the opacity and gaps that make it difficult to detect and stop attacks as they move across the environment.
No more concessions: Visibility where you need it, when you need it
Netography has made these problems disappear, so there are no concessions. We don’t have to engineer-in support columns that block visibility and we don’t have to have a shrink of scale. Instead, we offer a pervasive view across the entire estate that doesn’t require hardware. We leverage existing infrastructure to gain comprehensive network visibility across on-premise, hybrid-cloud, and multi-cloud environments, including Amazon Web Services, Google Cloud, IBM Cloud, Microsoft Azure, and Oracle Cloud.
Our pure SaaS, network-centric platform serves as a kind of ratchet system to scale to fit customers’ needs from a visibility as well as a capacity standpoint. Customers can view intra-department and intra-floor lateral movement never seen before, as well as traffic within and across clouds—all in one place.
We take this comprehensive visibility even further because IP addresses are not always human recognizable on their own. So, we make it easy for customers to bring in and apply organizational-specific context to enrich everything they see. Instead of an alert just being “this IP address talked to that IP address”, customers receive true, high-fidelity, actionable alerts worthy of an outcome. Such as my previous example of a printer speaking to “The People’s Republic of Not Kentucky”.
Being able to use every compass point—coupling east-west visibility with every step of north-south activity—we provide customers with all the telemetry that exists around traffic movement regardless of directionality. For the first time ever, defenders can raise their hand and say “yes” we do have a pervasive view of the Atomized Network. With Netography, they have the best seat in the house for every sport.