Network Defense Platform: The Evolution Needed for Modern Enterprise Security
Blog Article Published: 08/15/2023
Originally published by Netography.
Written by Martin Roesch, CEO, Netography.
I’ve written before that the fundamental organizing principles of network security include protecting users, applications, data, and devices. With these organizing principles, it’s not uncommon for enterprise network security teams to compartmentalize how they secure these things based on the location they reside.
However, the fundamentals have changed as the definition of the components that form an enterprise network have changed. The enterprise network has evolved to a hybrid collection of cloud plus on-premises infrastructure, users, applications, data, and devices, and often includes OT and IoT environments. I call this the Atomized Network. You may simply call this, “your network.”
While many organizations have embraced this shift, many are still trying to balance redundancies in their tech stacks and their teams to improve the efficiency and effectiveness of their security. For example, having network operations, security operations, and cloud operations all analyze similar types of threats or post-compromise indicators in different organizations using different tools with similar goals is not only less efficient, it can also make an organization blind to what is happening in the gaps of these three disparate views.
With the network growing to now encompass the cloud, and everything that is built there plus traditional on-premises, what are these enterprises to do?
I’m going to let the suspense build on that answer for a minute. When I go back almost 25 years to when I first developed Snort, I did it because there was an obvious arrow missing in the quiver that security practitioners and teams needed to defend their networks the way they were then. The need for those capabilities, while the use cases for it have changed and expanded significantly, is still relevant today.
Fast-forward to now, and the rhetorical question I just posed to you, my answer is similar: provide the capabilities of a modern architecture that helps security practitioners and teams defend their networks the way they are now. Simply put, anyone with a network – which, again, is now comprised of cloud and on-prem instances with users, applications, data, and devices, in IT, OT, and IoT environments – needs a Network Defense Platform (NDP).
An NDP, with its evolved network monitoring and protection technology and architecture, reflects that the center of gravity for network monitoring and security has shifted to the cloud. This new platform is cloud-native, and relies on enriched metadata to help organizations gain comprehensive visibility in real-time, validate governance, and monitor, detect, and respond to compromises in any environment. It succeeds where costly appliance-based legacy architectures have proven to fail. It is a fundamental platform for organizations struggling with adhering to Zero Trust policies, gaining singular visibility to all of their cloud and on-prem traffic, and drowning in low-fidelity alerts vs. actionable insight. You can also:
- Close critical visibility gaps in the cloud and on-prem in IT, IoT, and OT environments left by appliance- and agent-based technologies
- Complement existing monitoring and protection technologies by deploying Fusion in minutes to detect anomalous activity in environments beyond reach of the current tech stack
- Accelerate compromise detection and threat hunting and improve true time-to-action (T3A)
- Reduce DDoS damage by assessing and improving the efficacy of mitigation tools
- Monitor and enforce governance policies and regulatory requirements, such as Zero Trust, social media, or PCI-DSS at scale
- Direct flow logs you might’ve otherwise sent to your SIEM to reduce costs and gain immediate context around your events for faster response
- Validate current infrastructure and configuration for optimization
The more tools, the more people needed to support them, the more complexity, and, ultimately, the harder it is to get everything to operate effectively and efficiently. Appropriately addressing threats to Atomized Networks and being able to do so in a comprehensive way that is also approachable for all the different teams – cloud, security, and network operations – is the name of the game.
You might be thinking, “No, not another ‘single pane of glass’.” That’s not what we have here. It is a truly integrated platform for your entire Atomized Network. You do have other options, but they are anchored in legacy on-prem architectures, not designed to be agile, and require complex and costly licensing of sensor appliances, management consoles, and endpoint agents. Or, they require deep packet inspection and are blinded by the pervasive use of encryption or require expensive supporting infrastructure to deliver value. Finally, the traditional traffic monitoring approaches simply cannot give visibility of both on-prem and cloud in a way that’s both comprehensive and affordable.
This isn’t an either/or scenario or doesn’t have to be. An NDP can complement existing tools to help you derive more value. For teams that operate in a bifurcated model where they have multiple visibility and security tools for cloud and on-prem, trying to synthesize a picture of what is happening on a modern network is extremely difficult and time-consuming. Having an NDP that is unified and provides capability across all environments is a more comprehensive way of understanding the activities of network-connected systems and providing appropriate security capabilities.
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.