The Home of the Security Bloggers Network
Home » Security Boulevard (Original) »
Networks are becoming increasingly complex as organizations adopt a raft of new technologies and services, including edge computing, automation, connected devices, sensors and 5G. These complex networks undergird the essential services of organizations across sectors. These architectures support efficiency and performance, but they also expand the organization’s attack surface.
Transparency and coverage across highly complex networks are lacking because of siloed data lakes inaccessible to administrators and their security tools. It’s impossible for organizations to have an accurate picture of what’s taking place without complete visibility, which leaves room for threats to infiltrate the network unseen.
Current solutions on the market are inadequate and do not fully address this challenge. Organizations dealing with the many intricacies of extensively interconnected networks with heavy traffic volumes and complex architectures are better suited for purpose-built solutions.
Conventionally, networking and cybersecurity teams must capture every single packet of an organization’s network in order to gain full visibility. The solution must be capable of looking at each packet and performing a quick analysis to determine whether it’s legitimate or suspicious.
Increasingly complex networks have made this simple query far more difficult. Today’s environments are handling petabytes of data per second whereas the solutions are limited to 40 gigabytes per second, at most. It’s the equivalent of monitoring a drop of water across the entire sea—basically impossible.
Consequently, many organizations have major swaths of their network that aren’t being closely monitored—if they are observed at all. Typically, an organization will focus on a few sensitive areas of the network, leaving a troubling lack of overall transparency. This often leads to an architectural misconfiguration or a network failure among one of the hundreds (or even thousands) of network devices, substantially compromising the overall network’s security. This opens the door for unmitigated threats, unanticipated attacks and other potentially harmful security anomalies.
This concern is more than a thought experiment. The SolarWinds attack in December 2020 was one of the largest and most sophisticated attacks to date, compromising around 100 companies and a dozen government agencies.
Lack of transparency or visibility into unseen sections of the network is a potential entry point for attackers and must be addressed immediately. Analysts at Enterprise Management Associates found that, aside from the rare insider attack, 99% of cyberattacks traverse the network in some way and that legacy solutions can’t keep up.
Some organizations assume that adding specialized monitoring to each network device, coupled with network monitoring and detection solutions, will address the problem. However, a global view and the ability to analyze patterns between multiple devices is necessary for detecting increasingly sophisticated cybercriminal activity. This requires covering the entire network with expensive monitoring and detection solutions that require timely modification and device configurations and can also negatively impact performance. Instead, organizations are forced to make compromises and cut corners, choosing to monitor, cover and protect only certain areas of the network.
More than half (62%) of respondents to a Forrester Research survey expected to increase their network security tech budgets in 2021. Security doesn’t have to come at the cost of performance, and gaining visibility doesn’t have to be so complicated. Network detection and response (NDR) solutions could be the solution.
Traditional iterations of NDR solutions wouldn’t suffice for today’s network, but with a new wave of next-generation NDR tools, network security is simplified and can be rapidly deployed through self-onboarding at a fraction of the cost. Affordable and accessible, these tools lead to a faster time-to-value without requiring any agents, sensors or probes. This enables effortless scalability and full visibility into the NS/EW (inbound/outbound and in-organization) traffic despite any network complexity.
There’s no denying that the threat landscape increases in proportion to the scale and complexity of a network. And while 100% network packet capture is ideal, it is also completely unrealistic and unattainable. Next-gen NDR solutions address these threats and lack of network visibility by understanding what normal traffic looks like and identifying anything potentially harmful.
Eyal Elyashiv is co-founder and CEO of Cynamics.
eyal-elyashiv has 1 posts and counting.See all posts by eyal-elyashiv
The Home of the Security Bloggers Network