Perimeter

12/21/2017
10:30 AM
Zeus Kerravala
Zeus Kerravala
Commentary
Connect Directly
LinkedIn
Twitter
Facebook
RSS
E-Mail vvv
100%
0%

Why Network Visibility Is Critical to Removing Security Blind Spots

You can't secure what you can't see. Here are four ways to shine a light on the dark spaces of your corporate infrastructure.

There's an axiom used by security professionals that states: "You can't secure what you can't see." This rather simplistic statement actually has many different meanings when it comes to securing a business because of the rapidly growing number of network blind spots that exist in today's information technology infrastructure.

I recently ran across a post on network visibility that did a nice job of describing how greater visibility enables better security. This is something I have been preaching for years. Below are what I consider the four top blind spots in networking, and the role that visibility plays to shine a light on them. But first a definition: network visibility is being able to "see" all endpoints and traffic that traverse the company network, which now extends to the public cloud.

Blind Spot 1: East-West Data Center Traffic
In the client-server era, all traffic went from a computer, into the data center, to the core, and back. This is known as north-south traffic. Securing this type of traffic flow means putting big firewalls and other tools in the core of the network where traffic would be inspected as it passed through. Over time the folks at VMware figured out a way to virtualize workloads and send traffic between them, even if they are in another location of the data center. This is known as east-west traffic. 

The challenge in securing east-west traffic is that it never passes through the core, so it bypasses all your traditional (and expensive) tools, as well as new ones such as behavioral analysis. Organizations could try to deploy security tools at every possible east-west junction, but that would be ridiculously expensive and complicated. Network visibility tools allow security managers to see every east-west flow and then individually direct them to specific security tools instead of sending all traffic to all tools. This enables organizations to move forward with initiatives that drive up the amount of east-west traffic, such as cloud, container, and virtualization initiatives, without putting the business at risk.  

Blind Spot 2: Internet of Things (IoT)
The IoT era has arrived and businesses are connecting non-IT devices at a furious rate. Building facilities, factory floor equipment, medical equipment, and other IoT endpoints are now connected to the company network. One of the challenges is that the majority of IoT devices, 60% according to ZK Research, are connected by an operational technology (OT) group and not by information technology teams. Network visibility can help IT discover these devices, infer what they are, and spot malicious traffic.  

For example, a connected device that sends traffic to Lutron Electronics every day is likely an LED lighting system. If the lights suddenly start communicating with the accounting server, a breach can be assumed and the device immediately quarantined. Without visibility, this could take months to find. With visibility, this breach could be found almost instantly.

Blind Spot 3: Insider Threats
Malicious users or infected devices can be very difficult to spot as they are typically "trusted." For example, a worker on vacation might have his or her laptop compromised when connected to free Wi-Fi service in a coffee shop. The person then returns to work, passes the authentication tests, and spreads the malware across the company. What's more, with traditional perimeter security, there is no way for a company to know that a disgruntled employee is stealing the entire customer database and selling it to a competitor because the traffic never goes through the firewall. In both cases, a good baseline of traffic helps security professional understand the norm, so if a worker's devices start exhibiting odd behavior, it can be flagged, quarantined, and inspected, minimizing the damage. 

Blind Spot 4: Cloud Traffic
The use of public cloud services such as Amazon Web Services and Azure has skyrocketed over the past several years and will continue to grow as more businesses move on-premises data and technology to a cloud model. One of the security problems with the cloud is that, by definition, cloud technology is located outside of the business's secure perimeter. Consequently, conventional wisdom asserts that data in the cloud can't be secured locally.

The truth is, almost all cloud providers offer tools that provide basic telemetry information, and some of the more advanced visibility vendors/network packet brokers now provide pervasive visibility into AWS, Azure, and other cloud service providers. This effectively makes the cloud an extension of the enterprise network. In addition to security, this data can be used for analytics, performance monitoring, or machine learning. 

We live in a world today where literally everything in a company is being connected, virtualized, mobilized, and pushed into the cloud, making data significantly more difficult to secure. If you can't secure what you can't see, then invest in network visibility tools that shine a light on security blind spots. Then shut them down!

Related Content:

 

Zeus Kerravala provides a mix of tactical advice and long term strategic advice to help his clients in the current business climate. Kerravala provides research and advice to the following constituents: end user IT and network managers, vendors of IT hardware, software and ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
acepsaepul23
50%
50%
acepsaepul23,
User Rank: Apprentice
7/9/2018 | 10:19:03 PM
Health Body
We at Expertsmind have come up with an Excellent and Probably the most effective amenities of management online tutoring. This certain service allows you to connect with our very capable management specialists and Cara Menyembuhkan Psoriasis Secara Alami Dan Cepat.
9199362202rR@
50%
50%
[email protected],
User Rank: Apprentice
7/5/2018 | 2:19:37 AM
Tutorial
Thank you very much for this posting.
acepsaepul23
50%
50%
acepsaepul23,
User Rank: Apprentice
7/4/2018 | 2:31:48 AM
Healthy Body
Core programs help students to comprehend the scope of action, historic improvement, future path and trends, and common types and roles of organizations that function in a vocation field. Visit : Obat Herbal Infeksi Kulit
jessicagross
50%
50%
jessicagross,
User Rank: Apprentice
1/3/2018 | 1:34:18 AM
Thanks for enhancing my knowledge on cloud service.
Awesome post its help us to inhanced my knowledge about the different type of data flows in the client and server websites and how cloud services are helping us to get secure data. This article can definately help some of my students in their assignment help.

 

 
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure Mentem,  7/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-3770
PUBLISHED: 2018-07-20
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
CVE-2018-3771
PUBLISHED: 2018-07-20
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
CVE-2018-5065
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5066
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-5067
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.