Solving the Tower of Babel Challenge
Blog Article Published: 04/20/2023
Originally published by Netography.
Written by Martin Roesch, CEO, Netography.
Today’s Atomized Networks, which are dispersed, ephemeral, encrypted, and diverse (DEED), pose numerous network monitoring and security challenges for the teams responsible for defending and managing them. Here, I’m going to dig into the last “D” in DEED – diverse – and what I refer to as the “Tower of Babel” problem.
Diverse environments and tools
In modern enterprises, especially large enterprises, Atomized Networks consist of up to three types of environments: IT, cloud, and operational technology (OT) environments. The issue that arises from diversity across these environments is that in many cases we have different tools for each environment. There are traditional IT network security tools from the old guards we all know. Each cloud provider has their own set of native tools for visibility into their specific cloud environment, but very rarely into multi-cloud environments. So, the addition of tools like cloud security posture management (CSPM) help provide some level of visibility and understanding across clouds. And, OT environments use entirely different sets of solutions to understand what they’ve got, what it is doing, and what’s happening to it.
Diverse languages and teams
Additionally, each tool in each environment, including in each of the different clouds, frequently has its own configurations and threat definitions, and its own eventing and reporting platform. These tools may or may not be looking for the same things and they all use their own discrete languages that were designed by the people who built them to define what a hostile activity or an anomaly looks like. How they generate events will vary based on the platform and how they describe them may vary depending on whether they use CVEs or some other naming convention. And it’s almost certain there’s one team running the IT technology, another team running the OT technology, and a different team running the cloud technology.
No cohesive picture
The fundamental problem to solve in diverse networks is that we have different technologies that are being informed about security issues in different ways and are reporting what they are seeing in different ways, and we have different operational teams trying to put this picture together into a cohesive whole. This leads to big gaps in the security technologies and attackers live in those gaps.
When something does happen and, suddenly, we need cross-functional capability because an attacker has infiltrated the IT network and moved laterally into the OT network or the cloud environment and then back in through another mechanism, our efficiency and efficacy to detect and respond goes way down. We’ve built this Tower of Babel – with all these different technologies, using different languages that different teams need to try to make sense of – which significantly slows down the ability of organizations to be responsive, if they can muster any kind of response at all.
So, how can we deal with the challenges the diverse aspect of DEED environments creates?
Decades-old security companies try to retrofit their architectures for the Atomized Network with little success because the fundamental architecture of a fielded technology is extremely difficult to change. And typically, they still lack OT solutions which have their own set of requirements for the environments they are meant to apply to. So, companies go down the acquisition path. But creating a scalable, integrated, and extensible platform to provide visibility and control across interrelated, diverse solutions remains a huge problem. Often, they end up creating bolt-ons and users have to move between multiple panes of glass and multiple environments, still using tools with different capabilities and languages.
One common language and platform
Instead, the answer is to treat every environment the same with an approach that is architected for diverse environments. Have one common language to describe what threats and compliance look like, and one eventing and reporting platform that everyone can use to see what they’ve got, what it is doing, and what’s happening to it across environments.
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.