Network security

How to see the invisible for enhanced network security

With the adoption of new services and technologies like 5G, connected devices, sensors, advanced computing and automation, networks are becoming more and more complex and these complex networks are powering some of the most vulnerable organizations. world. These sophisticated interconnected networks now enable governments, healthcare facilities, utility providers and other public services to deliver faster, more efficient and available services to users around the world. These networks are the backbone of network infrastructure services.

But the problem is, while these architectures support efficiency and performance, they also increase the organization’s attack surface. There is a lack of transparency and coverage on very complex networks due to the fact that many data lakes are siled or inaccessible to administrators or their security tools. Without full visibility, you can’t get an accurate picture of what’s going on, leaving room for threats to creep in without being seen.

Existing solutions have failed to completely solve this problem, so a new approach is required – one specially designed taking into account the intricacies of large and interconnected network volumes and complex network architectures.

What happens when you lack transparency

To gain full visibility into a network, cybersecurity and networking teams need a solution that can capture every packet in an organization’s network, examine every packet, and perform rapid analysis, in answering the question “Is it legitimate or suspicious?” “

Previously, it was perhaps easier to answer this simple query, but the increased complexity of networks has made this task much more difficult. Even the most advanced solutions available are limited in capacity to at most 40 gigabytes per second. And if you put such a solution in an environment that handles petabytes of data per second, that’s the equivalent of a drop in the sea when it comes to monitoring.

What happens as a result is that for many organizations there are significant parts of the network that are not closely watched, or even observed at all. Many organizations in this situation will then choose to focus only on a few sensitive areas of the network, leaving a troubling lack of overall transparency.

This creates a major problem. An architectural misconfiguration or network failure can start in any of the hundreds or even thousands of network devices. This can lead to a substantial compromise in network security. The resulting lack of transparency leads to unmitigated threats, unanticipated attacks, and other potentially harmful security anomalies.

It is not theoretical. The massive cybersecurity attack on Solar winds in December 2020 was one of the largest and most sophisticated attacks ever, compromising a hundred companies and a dozen government agencies.

Where traditional approaches fail

These blind spots in your network are where bad actors will find their way, so the lack of transparency should not continue. A report of Business management associates found that apart from the rare insider attacks, 99% of cyberattacks pass through the network in one way or another.

And the truth is, legacy solutions can’t keep up. Some organizations assume that adding specialized monitoring to each network device, along with network monitoring and discovery solutions, will solve the problem.

But detecting increasingly sophisticated cybercrime activity requires a holistic view and the ability to analyze patterns across many devices. And that requires covering your entire network with monitoring and detection solutions. It’s expensive; this requires a lot of network changes and device configurations, it can have a negative impact on performance, and therefore is hardly feasible so in reality you have to make compromises on a daily basis – where to monitor, cover and protect and where (and this is the majority of the network) no.

A new approach: next-generation network detection and response

According to Forrester Research, 62% of respondents plan to increase their network security technology budgets in 2021. But security doesn’t have to come at the expense of performance, and gaining visibility doesn’t have to be so complicated. Network detection and response Solutions (NDR) provide a way to resolve these issues by using techniques such as machine learning to create a baseline for what is normal in a network. They monitor traffic in real time to establish that baseline, with alerts issued when unusual behavior is detected.

But legacy NDR tools won’t suffice for today’s networks. Fortunately, there are now next-generation NDR tools that make network security even easier with solutions that can be quickly integrated and are more affordable. This leads to a faster recovery time. Such tools do not require agents, sensors, or probes, allowing for effortless scalability, regardless of network complexity. They also provide full visibility into NS / EW traffic (inbound / outbound and intra-organization).

Bridging security gaps

It’s an unfortunate consequence of technological progress: As networks gain complexity and scale, they also expand their threat landscape. When organizations don’t have network visibility, they basically display the “Welcome!” Message. Sign for intruders because they don’t know where their security holes are. Since 100% network packet capture is unrealistic, and coverage is expensive and as good as your visibility, this is where next-generation NDR capabilities can help. By learning what normal traffic looks like for your network, NDR provides effective monitoring and alerting with increased effectiveness and efficiency.

Written by Eyal Elyashiv.

Follow the latest news live on CEOWORLD magazine and get updates from the US and around the world. The opinions expressed are those of the author and are not necessarily those of CEOWORLD magazine. Follow CEOWORLD magazine on Twitter and
Facebook. For media inquiries, please contact: [email protected]

Source link

Leave a Reply

Your email address will not be published.