How to See the Invisible to Strengthen Network Security

With the adoption of new services and technologies like 5G, connected devices, sensors, edge computing and automation, networks are becoming increasingly complex, and these complicated networks power some of the most sensitive organizations. in the world. These sophisticated interconnected networks now enable governments, healthcare facilities, utility providers and other public services to deliver faster, more efficient and more available services to users around the world. These networks are the backbone of network infrastructure services.

But the problem is that while these architectures support efficiency and performance, they also increase the organization’s attack surface. There is a lack of transparency and coverage on highly complex networks due to the fact that many data lakes are siled or inaccessible to administrators or their security tools. Without complete visibility, you can’t get an accurate picture of what’s going on, leaving room for threats to sneak in unseen.

Existing solutions have failed to fully address this issue, thus necessitating a new approach – one purpose-built with the complexities of large interconnected and heavy network volumes and complex network architectures in mind.

What happens when you lack transparency

To gain complete visibility into a network, cybersecurity and networking teams need a solution that can capture every packet from an organization’s network, examine each packet, and perform rapid analysis – responding to the question: “Is it legitimate or suspicious? »

It may have been easier to answer this simple question in the past, but the increased complexity of networks has made it much more difficult. Even the most advanced solutions available are limited in capacity to a maximum of 40 gigabytes per second. And if you place such a solution in an environment that processes petabytes of data per second, that’s the equivalent of a drop in the ocean when it comes to monitoring.

What happens as a result is that for many organizations, there are significant parts of the network that are not being closely monitored – or even observed at all. Many organizations in this situation will then choose to focus on only a few sensitive areas of the network, leaving a troubling lack of overall transparency.

This creates a major problem. An architecture misconfiguration or network failure can start in any one of hundreds or even thousands of network devices. This can lead to a substantial compromise in network security. The resulting lack of transparency leads to unmitigated threats, unforeseen attacks, and other potentially dangerous security anomalies.

It’s not theoretical. The massive cybersecurity attack against SolarWinds in December 2020 was one of the largest and most sophisticated attacks ever, compromising around 100 companies and a dozen government agencies.

Where traditional approaches fail

These blind spots in your network are where bad actors will find their way, so a lack of transparency need not continue. A report by Enterprise Management Associates found that, aside from rare insider attacks, 99% of cyberattacks traverse the network in some way.

And the truth is, legacy solutions can’t keep up. Some organizations assume that adding specialized monitoring to each network device, combined with network monitoring and detection solutions, will solve the problem.

But detecting increasingly sophisticated cybercriminal activity requires a holistic view and the ability to analyze patterns across many devices. And that requires covering your entire network with monitoring and detection solutions. It’s expensive; it requires a lot of network changes and device configurations, it can have a negative impact on performance, and therefore is practically not feasible, so in reality you have to make trade-offs on a day-to-day basis – where to monitor, cover and protect and where (and this is the majority of the network) no.

A New Approach: Next-Generation Network Detection and Response

According to Forrester Research, 62% of respondents plan to increase their network security technology budgets in 2021. But security doesn’t have to come at the expense of performance, and gaining visibility doesn’t have to be so complicated. Network detection and response (NDR) solutions offer a way to address these issues by using techniques such as machine learning to create a baseline for what is normal in a network. They monitor traffic in real time to establish this baseline, with alerts issued when unusual behavior is detected.

But old NDR tools won’t suffice for today’s networks. Fortunately, there are now next-generation NDR tools that make network security even simpler with solutions that can be quickly integrated and are more affordable. This leads to a faster time to value. These tools do not require agents, sensors, or probes, allowing for effortless scalability no matter how complex the network. They also provide full visibility into NS/EW traffic (inbound/outbound and internal to the organization).

Closing security vulnerabilities

This is an unfortunate consequence of technological progress: as networks grow in complexity and scale, they also expand their threat landscape. When organizations don’t have visibility on the network, they essentially put up the message “Welcome!” sign for intruders because they don’t know where their security holes are. Because 100% network packet capture is unrealistic and coverage is expensive and only as good as your visibility, that’s where next-gen NDR capabilities can help. By learning what normal traffic looks like for your network, NDR provides effective monitoring and alerting with increased efficiency and effectiveness.

Written by Eyal Elyashiv.

Follow the latest news live on CEOWORLD magazine and get news updates from the United States and around the world. The opinions expressed are those of the author and not necessarily those of CEOWORLD magazine. Follow CEOWORLD magazine on Twitter and Facebook. For media inquiries, please contact: [email protected]

Kevin M. Risinger