Security / October 17, 2016

Pervasive Visibility: Key to Data Security

To keep ahead of potential attackers, agencies need to have a clear view of what is happening on their networks.

Visibility into data is critical for security. If you can’t see the data, you can’t protect it. Data is traversing the physical and virtual worlds and could be on-premises or in the cloud. For enterprises that have data in such heterogeneous environments, breaches are almost a foregone conclusion because any network will have blind spots and adversaries will find and exploit those weaknesses. Most advanced persistent threats (APTs) designed to steal data from victim networks will follow the APT Kill Chain Model, which breaks down attacker behavior into six stages: network reconnaissance; a phishing or zero-day attack; installing backdoor malware on victims’ computers; lateral movement to discover victim networks; data gathering; and finally data exfiltration. It’s important to look for malicious activities across all stages of the kill chain. This includes lateral movement such as victim computers contacting their command and control server and malware making DNS queries to these servers. In these scenarios, organizations can look to network metadata to provide an early warning system. Through metadata analysis, they can hone in on suspicious activity and then proceed with SIEMs, behavioral analytics, and machine learning tools to uncover or predict behavior of bad actors.

Resolving the Encryption Issue

A few years ago, only about five percent of data was encrypted. Gartner forecasts by next year as much as 50 to 80 percent of data will be encrypted and more than half of the threats will come through encrypted channels like SSL. Once considered a security mechanism, SSL has now become a dangerous threat vector.

Again, what you can’t see, you can’t protect. That’s why it is critical both to see data that’s in the clear and to decrypt any encrypted data so nothing is missed. The problem is that many cybersecurity tools either aren’t capable of decryption or would take a major performance hit during the process. Instead, what’s needed is an effective and efficient way to offload SSL decryption and continue to provide your cybersecurity tools with full visibility of all traffic to detect and prevent malware and other attacks.

Intelligent, Pervasive Visibility Across All Environments

All is the key. Traditional security solutions will only perform at a limited level unless they’re informed by intelligent, pervasive data visibility across all traffic—including the physical network, the virtual space, software-defined networks, and in the cloud.

Due to limited budgets, government agencies may be considering the cloud. However, they may also be delaying adoption because they are concerned that they’ll lack the necessary visibility to protect their mission-critical data. If they were guaranteed pervasive visibility before all else, they could defend data regardless of where it travels and where it resides and be more assured of keeping ahead of potential attackers at minimal cost.


Originally published in GCN

Back to top