To Secure the Atomized Network, Don’t Bring a Knife to a Gunfight
Originally published by Netography.
Written by Martin Roesch, CEO, Netography.
You don’t bring a knife to a gunfight. Yet, that’s exactly what we’re doing when we try to secure today’s atomized networks with piecemeal approaches and network security architectures designed decades ago. To fully appreciate the limitations and understand the implications for organizations as they shape their security strategy moving forward, we need to talk about the four attributes of this new environment.
The atomized network is dispersed, ephemeral, encrypted, and diverse which makes it incredibly difficult to get the capabilities of network visibility and control where we need them, when we need them. Here’s why.
Dispersed. Modern enterprise networks are comprised of multi-cloud, hybrid-cloud, and on-premises infrastructure. Research finds that 89% of organizations have a multi-cloud strategy and 80% are taking a hybrid-cloud approach. Practically speaking, what this means is that in a dispersed environment, especially in cloud environments, getting sensing infrastructure deployed so we can see what we’ve got and what it is doing is very tricky. Frankly, it’s also pretty tricky in most physical environments especially across large campuses and organizations with operations in other parts of the world. An appliance as a physical device has a limited purview into a network environment and it is very difficult to change that if an attack happens in a part of the network where there is no coverage. There are also expertise and budgetary constraints that cap how many devices can be deployed and maintained. All these factors limit our ability as defenders to have visibility and control across the entire atomized network.
Ephemeral. Especially in cloud environments where workloads can spin up and down in a matter of minutes without the knowledge and buy-in of security teams, the ephemeral nature of today’s modern networks presents additional challenges. Capability needs to be available in ephemeral environments without deploying sidecars or virtual appliances, managing license keys, and integrating with remote management infrastructure. Real-time visibility needs to be deployable without complex requirements and overhead to enable it. Additionally, in many cases most virtual appliances simply collect cloud data and ship it back to an on-premises appliance for analysis and action, so the costs and limitations of physical appliances follow.
Encrypted. Encryption is a problem for all deep packet inspection (DPI) systems because it makes it difficult to see into the network traffic to inspect packets. And the workarounds to get that function are becoming ever harder to deploy and ever more expensive, from both a performance and financial standpoint. In many cases, a separate piece of hardware is required to do the decryption, or devices that have decryption capabilities built-in can be used but pay a potentially heavy price in performance. Either way adds complexity and cost and imparts performance overhead.
Diverse. Atomized networks consist of up to three typical types of environments, IT, cloud, and operational technology (OT)—from an IP-enabled vending machine to a robotic assistant on a factory floor. The problem with diversity across all these environments is that we have different network monitoring and security solutions for each environment. Traditional security tools for IT environments are rarely well-suited for cloud environments, each cloud provider has their own set of native tools, and OT environments require dedicated OT monitoring technology. Each of these technologies has different management platforms, different languages for describing what threats and compliance look like, different eventing, reporting, and remediations, as well as different teams that operate them. When something does happen what follows is a massive coordination effort across all these technologies and teams. The challenge is not just trying to figure out what the technologies are telling us but also how the teams are interpreting that data, before we can build anything approaching a complete picture of what is happening.
The friction between these groups and technologies and between the technologies and their functionality creates gaps. Attackers live in the gaps and the fallout is evident. Nearly 60% of organizations surveyed say they deploy more than 30 tools and technologies for security, but cyberattacks continue to rise—by 42% in the first half of 2022 compared to 2021.
What Constitutes Security Firepower for Today
As we shape our security strategy for a world that is dispersed, ephemeral, encrypted, and diverse, we need to make sure we’re not bringing a knife to a gunfight. Consider a SaaS-based approach with a licensing model that’s friendly to providing network visibility and control where and when it’s needed in every type of network environment. A solution that is encryption agnostic can provide an equal set of network security capabilities to users, regardless of the presence of encryption on a network. And the use of one language to describe good and bad across any of the environments that comprise the atomized network, with one place to go for a composite view, gives teams capabilities to come together to analyze all their data, make decisions, and respond to events in real time as they emerge.
We need to rethink network visibility and security with an approach that’s built for now, not for 20 years ago, so we can be confident we have the firepower to defend our atomized networks.
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.