Avoid Dead Reckoning: Why Zero Trust Requires Network Visibility

Editor’s note: This is part two of a four-part series. For part one, see, “Be Sure to Whack Your Cybersecurity Blind Spots.” part three, see “Precryption: The Zero Trust Prescription for Decryption, and for part four, see Harness East-West Visibility for Defensive Security.” This series is also available as an ebook.

Introduction: Closing the Information Gap

Dead reckoning is how 18th-century sailing ship captains estimated their longitudinal position in the open ocean.

Dead reckoning relies on speed and time calculations from a known point, but it is subject to approximation errors and can be off by dozens or even hundreds of miles.

Similarly, the Zero Trust journey requires complete and accurate information about where you are starting from and exactly how you will get there. Approximation won’t cut it.

The Gigamon Deep Observability Pipeline gives you the packet-level data you need to be sure you can trust your network. Without that level of detail, you are just approximating your position in the Zero Trust journey.

What Is Zero Trust?

Zero Trust is a concept, not a technology. Its basic tenet is not to trust anything in your environment that could lead to a breach or incident. Technology is essential to achieving Zero Trust, but technology by itself cannot tell you whether you have achieved it, let alone whether you can maintain it.

Achieving Zero Trust is a process relying on frameworks and methodology. No single solution is right for everyone. You must go through the steps and pay sufficient attention to Zero Trust to be confident that you have achieved the goal.

Frameworks such as those published by NIST, CISA, SABSA, and OWASP help by giving you lists of things to evaluate and the context within which to understand whether you have adequately identified and addressed your risks and vulnerabilities.

Zero Trust means evaluating and remediating risks at every layer of the stack, every network communication point, every application/integration point along the way, every access to the database, and back again.

The Challenge Is Bigger Because of the Internet

Cyber threats have expanded from targeting and harming computers, networks, and smartphones — to people, cars, railways, planes, power grids, and anything with a network connection.

Data is the building block of the digitized economy, and the opportunities for innovation and malice around it are incalculable.

Estimates have half the world’s data in public clouds by now, and with generative AI, the need for data and processing will continue to grow unabated and with no end in sight. While the world focuses on the benefits of these technological advances, cybercriminals focus on exploiting the new attack surfaces.

It’s an arms race — the criminals are investing heavily in the latest technology and building tremendously powerful data centers, intent on infiltrating organizations for financial gain.

The moment you let your guard down is the moment you leave yourself open to attack. And the network serves as the gateway for attacks.

Visibility into the Network Is Essential

Visibility into data in motion is a critical aspect of understanding the current state of the network.

When an endpoint or application workload is compromised, telemetry data generated at that level cannot always be trusted.

Network visibility at the packet level provides the reliable telemetry needed to detect any such compromise.

Zero Trust focuses on protecting resources (assets, services, workflows, network accounts, etc.), not network segments, as the network location is no longer seen as the prime component to the security posture of the resource.

But you must be able to observe all network traffic accessing those resources and filter out metadata about the connection from the data being transported. Monitoring tools should also be able to detect anomalies in the data being transported.

The Solution

The Gigamon Deep Observability Pipeline efficiently collects packet-level and network-derived intelligence from anywhere in the network and delivers it to any combination of security and network management tools, making them more effective at detecting threat activity.

Gigamon provides the actionable network-derived intelligence and insights you need to eliminate security and performance blind spots across hybrid cloud infrastructure and achieve new levels of efficiency.

The Gigamon Deep Observability Pipeline supports all popular environments, efficiently delivering network-derived intelligence to any combination of monitoring tools, such as:

• Network traffic analyzers: Palo Alto, Fortinet, Cisco, Nokia, Ericsson
  
  
• Application monitoring and SIEM tools: Armis, IBM, LogRhythm, LiveAction, Splunk
  
  
• Network intelligence and observability tools: Datadog, Elastic, Sumo Logic, Dynatrace, New Relic

Gigamon enriches raw packet data and sends the right data to the right tool, extending its value.  Gigamon performs deep packet inspection to determine where the data is coming from and where it’s going, and transforms it into the optimal format for each tool. 

Different tools want to see different data. For example, some want to see the full network packet, some just the application metadata, while others combine network and application-level data.

The requirement for the Gigamon Deep Observability Pipeline is based on several factors:

• Multiple agents for multiple tools can be eliminated using the Gigamon Universal Cloud Tap
  
  
• Avoiding duplication of tools — some work with different stacks, and multiple tools compound resource and skills issues
  
  
• Existing tools don’t talk to each other, making it difficult to have a common view of the network
  
  
• Gigamon can pull together all the information required to detect issues to tell you not only when an application is not performing well but also tell you why
  
  

Gigamon also offers a range of GigaSMART^® applications that can remove duplicate packets, set filtering criteria (for high-priority packets, for example), or just look at the header and not store an entire media stream.

Gigamon adds the required network-derived intelligence to application observability tools that lack visibility into what’s happening at the network level.

The Intellyx Take

The transition from perimeter security in an implicit trust model to a complete Zero Trust environment can be a difficult and time-consuming journey. It involves ensuring the right monitoring tools are in place to get the data you need to detect and prevent incidents, outages, and breaches.

Network-level observability is foundational to Zero Trust. With so many more applications moving to the cloud — and accessed via the public internet — and so many more devices connected to the network, it’s critical to any Zero Trust posture to understand what is going on at the network level.

The Gigamon Deep Observability Pipeline confronts this problem thoroughly and comprehensively — working with any network device and virtually any monitoring tool, and providing a consolidated view of all network traffic across any modern hybrid cloud infrastructure.

If the network isn’t safe, you don’t have Zero Trust. And if you don’t have Zero Trust, there’s a non-zero chance you will get hacked. 

After all, knowing where you are is the first step toward getting where you want to go. The Gigamon Deep Observability Pipeline gives you the knowledge you need to start and complete your journey safely to Zero Trust.

Copyright © Intellyx LLC. Gigamon is an Intellyx customer. Intellyx retains final editorial control of this article. No AI was used to produce this article.