Skip to main content

Reality is grey, not block or allow

Joel Esler
VP of Threat Research

For the security industry, the traditional stance for security controls is an all or nothing approach. If the reason for connecting to an application or entity isn’t clear, or if it does something suspicious, block it. Otherwise, allow it. But the reality is, there isn’t one extreme or the other. There’s a large gray area in the middle. Legitimate applications can reach out to any website or service including those that are risky, and the flip side is also true; malicious applications can reach out to known good entities. 

To give users greater assurances about their data, where it is going and how it is being used, a transparency model has emerged. Large application and service providers are informing the customer what the application is doing so they have the information they need for informed consent. The General Data Protection Regulation (GDPR) and the California Consumer Privacy Act are also centered around a transparency model, to enable consumers to have more control over their personal information and data privacy. Even down to apps and browsers from certain manufacturers that are blocking third-party cookies, tracking cookies, and other privacy-violating technologies.

In contrast, the security industry’s block or allow model is a first line of defense to address data security. But when you can’t definitively say whether a website or an application is good or bad, threats and risk can hide in the grey. Social media is just one example where information isn’t available to make a blanket determination. You may not be aware of what is going on in a social media app, so you can’t make informed decisions to block or allow individual services to connect to the network—and the challenge is growing.

Think about the reality of today’s hybrid work environment where end users aren’t sitting on a corporate network with robust security controls. It’s increasingly difficult to detect and defend against threats when your applications and data are scattered across a complex and fluid environment consisting of multi-cloud, on-premise, and legacy infrastructure, being accessed by mobile and remote workers. We call this the Atomized Network, and with it the gray area is ever-expanding. 

Armed with this information, what are you going to do to you protect your users and your network?

Visibility into the gray
You can’t defend what you can’t see, so visibility is key. You also need to be able to act fast, even automatically, because threats evolve incredibly quickly. Phishing attacks can come and go in a matter of minutes, changing IP addresses or other elements until someone unwittingly clicks on an attachment or link. A new study shows ransomware can complete its mission in as little as four minutes, with most variants getting the job done in under an hour. When you operate in a complex, dynamic environment, you need to be able to look at network traffic from your entire network in real-time and easily distill what is going on to defend against it. 

One of the great things about the Netography Fusion platform is that it provides visibility and control across the Atomized Network—without requiring security teams to jump through hoops, so you can move fast.  

Our SaaS-based, universal platform provides complete visibility into today’s dynamic network for real-time and retrospective block or allow decisions across your entire footprint. A single portal provides a unified view of data from all the devices in your multi-cloud, on-premises, and hybrid environments. There’s no need to switch between multiple consoles and conventions to interpret a mix of data types. Data is normalized and aggregated in a single place, so it is easy to use. With visualizations you can manipulate and analyze data quickly to make more informed decisions in the moment. 

While block listing and allow listing will likely continue to serve a function in the security team’s toolbox, you also need a way to see the nuances of gray. With Netography, you can interpret and act decisively on a far greater range of data to protect your Atomized Network and users connecting from anywhere.