Network Security: Seeing is Understanding
One of the big problems with network security is that it is not a fair fight. IT teams work around the clock to securely provision new equipment, deploy applications, update systems, patch software and monitor networks, in order to close off the thousands of potential vulnerabilities that a hacker could target. Yet that hacker only needs to find one small chink in the organization’s armor in order to gain access to its networks and data. And this problem is becoming even more skewed in favor of attackers, as organizations increase the numbers of devices, endpoints and applications they use.
So how can organizations swing the balance back in their favor? Perhaps the most critical factor is unobstructed network visibility, which enables IT teams to quickly identify problems across their infrastructure, and move swiftly to resolve them. Earlier this year, we co-hosted a webinar with Zeus Kerravala of ZK Research, to discuss this specific issue, and to show how visibility plays a critical role in helping security professionals to quickly identify and respond to emerging threats.
While running the webinar, we asked the audience a series of questions to find out more about the challenges they are facing. We asked: ‘Which technologies create the biggest network blind spots?’ The top responses were encrypted traffic (50%), and Internet of Things (33%). Over the past five years, the amount of encrypted network traffic has increased dramatically, and SSL traffic is already estimated at up to 25% -30% of all web traffic. Encryption protects data, but also protects would-be attackers by hiding malicious packets. And the Internet of Things is adding more and more connected endpoints to networks, further increasing complexity, traffic and the size of the network attack surface – and further obscuring the view of IT teams into what is happening.
However, with end-to-end network visibility, a business can build a baseline of what ‘normal’ traffic looks like on its networks. Any changes from these normal patterns should be a trigger for the security team to investigate – for example, an application or group of users accessing a resource or database that they would not normally access, or a PC sending data packets to an untrusted external server. Both of these types of traffic could indicate a malware or bot infection, enabling the IT security team to quickly identify compromised machines and quarantine them for disinfection.
IT teams can get this level of visibility using advanced network monitoring tools that load-balance, filter, deduplicate and trim network data without losing information – and also decrypt SSL traffic, without overburdening existing firewall solutions. This ensures that teams can cut through the excessive noise generated by their network equipment, and expose threats that may otherwise be hidden inside encrypted traffic, giving a clearer picture of what is really going on across their networks.
This in turn helps to rebalance the odds in the fight against threats. When it comes to security, the ability to clearly see deviations from normal network traffic patterns drives understanding of where threats may be lurking – and the faster you can see those threats, the faster you can deploy protections on your networks against them.