Virtualization Technology News and Information
We Need New Visibility Into Old Problems

By Craig Johnson, Senior Technical Solutions Architect, Forward Networks

Visibility and complexity, problems that have plagued cybersecurity and IT practitioners for decades, are still huge issues. A 2021 IDG survey found that 81% of practitioners struggle to identify the depth of a breach, and 68% find it challenging to identify what devices are in the network and its topology. This is not surprising. The network is now a piece of critical infrastructure that can't afford to go down, and its depth and breadth in the cloud and on premise is not something that many organizations could have imagined in the early ‘90s.

A Problem Already Too Big, and Growing

Security practitioners have always maintained that you cannot secure what you can't see, but what we can't see keeps growing. Take common vulnerabilities as an example. As of June 10, 2022, there were over 177,000 known CVEs (Common Vulnerabilities and Exposures) listed in the NIST Database. While security teams KNOW that remediating these vulnerabilities should be a priority, keeping up with numbers that high just isn't scalable for even the largest and most well-funded organizations.

While statistics may vary, security organizations are dealing with almost 55 critical vulnerabilities PER DAY  and some recent data shows that organizations are taking nearly two months to remediate critical risk vulnerabilities, with an average mean time to remediate (MTTR) of 60 days. This is due to sheer volume, as well as difficulty in sharing prioritized, actionable information in a manner that is easy for network engineers to understand and act on. For example, when the network team receives the information, it's a raw report lacking specificity (e.g. which alerts are new). Without this level of detail, the process is still time consuming and prone to human error.

Another example of "not seeing" is when existing solutions can't talk to each other. A large majority of enterprises using the cloud today rely on the security tools and services provided by their cloud providers. Those services are easy to use, readily available, scalable and reliable, BUT they are also siloed AND designed to be used by knowledgeable cloud users who are not necessarily security experts. The comparative simplicity of management features reduces the operational overhead needed to configure and manage them compared to stand-alone security products, but engineers can't trace problems across multiple cloud environments which is necessary for businesses now.

Data Without Context Is Just More Noise

Despite three decades and a plethora of security tools and solutions, companies still need simple, straightforward ways to provide new visibility and insight into what is basically an old problem. There are a multitude of mature, threat-specific security solutions on the market today, but the deluge of information these tools provide in different formats and languages can be overwhelming. Security teams are so hammered with alerts that they ignore them because they don't come with the context to actually solve problems. The teams have a ton of data, but not much is actionable. In fact, according to IDG, organizations are still looking for easy and immediate solutions that give them additional visibility with 88% wanting real-time network monitoring capabilities and 85% are seeking improvement in network-breach response times.

What is needed are tools and techniques that reveal the full, enterprise-wide picture including hybrid and multi-cloud presented in a way that is easy to understand and act on.  Organizations cannot understand their security posture without understanding every piece of the infrastructure - the endpoints that run applications and services, the firewalls where policies are implemented and (importantly) the network that interconnects them all. Network and security operations teams need to work together to fully visualize all possible data paths and network traffic behaviors to truly understand potential vulnerabilities across on-prem, hybrid and multi-cloud environments and should embrace tools that offer a single source of truth that everybody can collaborate around.




Craig Johnson is a Senior Technical Solutions Architect, at Forward Networks, the only provider of network digital twin technology that delivers network agility, predictability, and security for on-premises and multi-cloud environments. He has over two decades of experience working in computer networking and engineering with expertise in data center, routing protocols, switches, and IP Multicast.

Published Monday, June 20, 2022 7:31 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2022>