Network Visibility: See Mo’ Evil
Updated October 28, 2021.
Acrid gasoline fumes filled the rundown barn as a chainsaw revved too close for comfort. Hot breath brushed my ear with a taunting echo, “I want your pretty hair. I want your pretty hair.” I couldn’t see a thing, but perhaps that’s because my face was burrowed too far into the back of my husband’s neck as I clung to him like a crazed spider monkey. “R-u-n!!!”
When we finally emerged from “Field of Screams,” my head was pounding, but I was relieved to be in one piece. Not so relieved, though, to find my (most unsympathetic) friends pointing to a gaping, gap-toothed clown mouth. The ingress to maze two: “Last Laugh.” My heart sunk.
[An aside: I shall never be coerced into entering another Halloween corn maze.]
The most harrowing of it all? Nope, not the creepy clowns or harum-scarum chases, but instead, the long, lonely stretches of cornfields themselves. By contrast to the intermittent, “haunted” outbuildings, the seemingly forlorn fields felt less predictable, more sinister. Not that I would want to spoil the fun (ha!), but where were the night-vision goggles when I needed them most?! I knew creepers were lurking; I just couldn’t predict where and when they’d pop out. I had to keep moving. I had to pretend it was all going to be okay. It was an anticipation altogether different from the Heinz Ketchup variety.
And then . . . it got me thinking. Is this what network and security operators deal with on a daily basis? The Dark Web, too, is a sinister maze full of creepy clowns. A place where bitcoins are traded for purloined data, where implied “letters of marque” are issued by nation states conducting cyber proxy wars, and where a good pair of “network-vision” goggles could come in handy.
Disturbing Behavior
In a recent survey of network and security-focused IT professionals, global advisory firm Enterprise Strategy Group (ESG) found that the majority of respondents believe that the complexity of network security operations is not improving. In fact, it’s trending in the negative direction—primarily due to increased traffic, more connected devices on the network, and a diversity of point products used to address emerging and known security threats. Nearly the same percentage of respondents agreed they experience limited network visibility, with room for improvement.
Other findings showed that more than half of the respondents must decrypt SSL traffic for security monitoring purposes—while at the same time analyzing metadata and monitoring for network performance and availability. And even though point tools may individually be capable of these tasks, on the whole, a platform-based approach presents a better option.
A platform simplifies everything, slowing down the chaos and solving multiple needs at once in an automated, optimized fashion. If you’ve seen the movie Deadpool, it’s a bit like that scene where he only has one bullet, but three bad guys to fend off. He finds a way to economize and align the shot to take care of all three with that single round. In the same way, a platform optimizes tool performance by getting the right data to the right tool at the right time.
Eyes Wide Shut
The risks today are infrastructure complexity combined with an expanding data surface (more traffic, more devices) and numerous, formidable security threats. The fact that hackers have gained access to networks and are staying for the long haul (read: advanced persistent threats) isn’t news to network and security operators. But it is a continuing challenge to combat. Network and security operators know that hackers are lurking; they just aren’t quite sure where. Or when they’ll attempt to exfiltrate data. Or even what they’re after.
But what if they could see them? What if they could eliminate the element of surprise? What if they had night-vision goggles for the Dark Web?
People don’t often equate their security problems with lack of visibility, but they should. Visibility—delivered via a centralized platform—is the only thing that is going to bring order to the kluge that is the modern-day network.
Network and security operators have made substantial investments in tools they aren’t using or, at minimum, not to maximum benefit. And the more tools they continue to add for security or monitoring, the more potential breaking points. What’s more, the speed of data traversing networks exceeds the ability of tools to process it.
Data is the value of the network, but there are so many things that can go wrong with it—stolen data, denial of access to data, inability to meet compliance goals. And no matter where it resides (data centers, public/private clouds, remote sites), it needs protecting and, therefore, organizations need greater visibility. If they can see more evil, they can stop more evil.
It’s time for enterprises, both large and small, to take the issue of online security super seriously. Just as my friends need to take me super seriously when I say no more corn mazes for me. Though I knew it was all a show, I was terrified. But what about when you know it isn’t fake? Hysteria is contagious and dangers in the cyber world are real, and not to be ignored.
Originally published in SecurityWeek