By Craig
Johnson, Senior Technical Solutions Architect, Forward Networks
Visibility and complexity, problems that have
plagued cybersecurity and IT practitioners for decades, are still huge issues.
A 2021 IDG survey found that 81% of practitioners
struggle to identify the depth of a breach, and 68% find it challenging to
identify what devices are in the network and its topology. This is not
surprising. The network is now a piece of critical infrastructure that can't
afford to go down, and its depth and breadth in the cloud and on premise is not
something that many organizations could have imagined in the early ‘90s.
A Problem Already Too Big, and Growing
Security practitioners have always maintained
that you cannot secure what you can't see, but what we can't see keeps growing.
Take common vulnerabilities as an example. As of June 10, 2022, there were over 177,000 known CVEs (Common Vulnerabilities and Exposures)
listed in the NIST Database. While security teams KNOW that remediating these vulnerabilities
should be a priority, keeping up with numbers that high just isn't scalable for
even the largest and most well-funded organizations.
While statistics may vary, security organizations
are dealing with almost 55
critical vulnerabilities PER DAY and some recent data
shows that organizations are taking nearly two months to remediate
critical risk vulnerabilities, with an average mean time to remediate (MTTR) of
60 days. This is due to sheer volume, as well as difficulty in sharing prioritized, actionable
information in a manner that is easy for network engineers to understand and
act on. For example, when the network team receives the information, it's a raw
report lacking specificity (e.g. which alerts are new). Without this level of
detail, the process is still time consuming and prone to human error.
Another example of "not seeing" is when existing
solutions can't talk to each other. A large majority of enterprises using the
cloud today rely on the security tools and services
provided by their cloud providers. Those services are easy to use, readily
available, scalable and reliable, BUT they are also siloed AND designed to be
used by knowledgeable cloud users who are not necessarily security experts. The
comparative simplicity of management features reduces the operational overhead
needed to configure and manage them compared to stand-alone security products,
but engineers can't trace problems across multiple cloud environments which is
necessary for businesses now.
Data Without
Context Is Just More Noise
Despite three
decades and a plethora of security tools and solutions, companies still need
simple, straightforward ways to provide new visibility and insight into what is
basically an old problem. There are a multitude of mature, threat-specific
security solutions on the market today, but the deluge of information these
tools provide in different formats and languages can be overwhelming. Security
teams are so hammered with alerts that they ignore them because they don't come
with the context to actually solve problems. The teams have a ton of data, but
not much is actionable. In fact, according to IDG, organizations are still
looking for easy and immediate solutions that give them additional visibility
with 88% wanting real-time network monitoring capabilities and 85% are seeking
improvement in network-breach response times.
What is needed are tools and techniques that reveal
the full, enterprise-wide picture including hybrid and multi-cloud presented in
a way that is easy to understand and act on.
Organizations cannot understand their security posture without
understanding every piece of the infrastructure - the endpoints that run
applications and services, the firewalls where policies are implemented and
(importantly) the network that interconnects them all. Network and security
operations teams need to work together to fully visualize all possible data
paths and network traffic behaviors to truly understand potential
vulnerabilities across on-prem, hybrid and multi-cloud environments and should
embrace tools that offer a single source of truth that everybody can
collaborate around.
##
ABOUT THE AUTHOR
Craig Johnson is a Senior Technical
Solutions Architect, at Forward Networks, the only provider of network digital
twin technology that delivers network agility, predictability, and security for
on-premises and multi-cloud environments. He has over two decades of experience
working in computer networking and engineering with expertise in data center,
routing protocols, switches, and IP Multicast.