Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

12/21/2017
10:30 AM
Zeus Kerravala
Zeus Kerravala
Commentary
Connect Directly
LinkedIn
Twitter
Facebook
RSS
E-Mail vvv
100%
0%

Why Network Visibility Is Critical to Removing Security Blind Spots

You can't secure what you can't see. Here are four ways to shine a light on the dark spaces of your corporate infrastructure.

There's an axiom used by security professionals that states: "You can't secure what you can't see." This rather simplistic statement actually has many different meanings when it comes to securing a business because of the rapidly growing number of network blind spots that exist in today's information technology infrastructure.

I recently ran across a post on network visibility that did a nice job of describing how greater visibility enables better security. This is something I have been preaching for years. Below are what I consider the four top blind spots in networking, and the role that visibility plays to shine a light on them. But first a definition: network visibility is being able to "see" all endpoints and traffic that traverse the company network, which now extends to the public cloud.

Blind Spot 1: East-West Data Center Traffic
In the client-server era, all traffic went from a computer, into the data center, to the core, and back. This is known as north-south traffic. Securing this type of traffic flow means putting big firewalls and other tools in the core of the network where traffic would be inspected as it passed through. Over time the folks at VMware figured out a way to virtualize workloads and send traffic between them, even if they are in another location of the data center. This is known as east-west traffic. 

The challenge in securing east-west traffic is that it never passes through the core, so it bypasses all your traditional (and expensive) tools, as well as new ones such as behavioral analysis. Organizations could try to deploy security tools at every possible east-west junction, but that would be ridiculously expensive and complicated. Network visibility tools allow security managers to see every east-west flow and then individually direct them to specific security tools instead of sending all traffic to all tools. This enables organizations to move forward with initiatives that drive up the amount of east-west traffic, such as cloud, container, and virtualization initiatives, without putting the business at risk.  

Blind Spot 2: Internet of Things (IoT)
The IoT era has arrived and businesses are connecting non-IT devices at a furious rate. Building facilities, factory floor equipment, medical equipment, and other IoT endpoints are now connected to the company network. One of the challenges is that the majority of IoT devices, 60% according to ZK Research, are connected by an operational technology (OT) group and not by information technology teams. Network visibility can help IT discover these devices, infer what they are, and spot malicious traffic.  

For example, a connected device that sends traffic to Lutron Electronics every day is likely an LED lighting system. If the lights suddenly start communicating with the accounting server, a breach can be assumed and the device immediately quarantined. Without visibility, this could take months to find. With visibility, this breach could be found almost instantly.

Blind Spot 3: Insider Threats
Malicious users or infected devices can be very difficult to spot as they are typically "trusted." For example, a worker on vacation might have his or her laptop compromised when connected to free Wi-Fi service in a coffee shop. The person then returns to work, passes the authentication tests, and spreads the malware across the company. What's more, with traditional perimeter security, there is no way for a company to know that a disgruntled employee is stealing the entire customer database and selling it to a competitor because the traffic never goes through the firewall. In both cases, a good baseline of traffic helps security professional understand the norm, so if a worker's devices start exhibiting odd behavior, it can be flagged, quarantined, and inspected, minimizing the damage. 

Blind Spot 4: Cloud Traffic
The use of public cloud services such as Amazon Web Services and Azure has skyrocketed over the past several years and will continue to grow as more businesses move on-premises data and technology to a cloud model. One of the security problems with the cloud is that, by definition, cloud technology is located outside of the business's secure perimeter. Consequently, conventional wisdom asserts that data in the cloud can't be secured locally.

The truth is, almost all cloud providers offer tools that provide basic telemetry information, and some of the more advanced visibility vendors/network packet brokers now provide pervasive visibility into AWS, Azure, and other cloud service providers. This effectively makes the cloud an extension of the enterprise network. In addition to security, this data can be used for analytics, performance monitoring, or machine learning. 

We live in a world today where literally everything in a company is being connected, virtualized, mobilized, and pushed into the cloud, making data significantly more difficult to secure. If you can't secure what you can't see, then invest in network visibility tools that shine a light on security blind spots. Then shut them down!

Related Content:

 

Zeus Kerravala provides a mix of tactical advice and long term strategic advice to help his clients in the current business climate. Kerravala provides research and advice to the following constituents: end user IT and network managers, vendors of IT hardware, software and ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Keira15212607741768014318
50%
50%
Keira15212607741768014318,
User Rank: Apprentice
11/5/2019 | 4:50:50 AM
Re: Healthy Body
Glad to read the post as it is really informative. Look forward to reading such more news here. 
qubjordan
50%
50%
qubjordan,
User Rank: Apprentice
10/12/2019 | 4:21:13 AM
Re: Healthy Body
thanks for sharing this post i really appreciate all of your hard work keep it up your post was really helpful i will make sure to share it more forward. 
AssignmenthelpA191
50%
50%
AssignmenthelpA191,
User Rank: Apprentice
6/17/2019 | 5:09:01 AM
Assignment Help Australia
I had read your post. The information provided in the post is knowlegable and provide information about cloud, IOT etc. Thanks and Regards
jessicaah
50%
50%
jessicaah,
User Rank: Apprentice
6/5/2019 | 1:56:56 AM
Network visibility
Network visibility is important and the purpose of this article is on enhancing the understanding about newtwork visibility which is great. This has really helped me in gaining a good insight about network visibility which will definitely help saving students lives at https://studentlifesaviour.com/sg
traininganddevelopment
50%
50%
traininganddevelopment,
User Rank: Apprentice
2/11/2019 | 6:42:35 AM
This is a nice post.
Thanks for sharing. This is a nice post.
Assignmenthelp
50%
50%
Assignmenthelp,
User Rank: Strategist
2/11/2019 | 5:53:00 AM
Thanks for sharing
Hi,

Thanks for sharing.  Assignmentfirm service providing all college students assignment help and writing help. Thank you.
solusitetapsehat
100%
0%
solusitetapsehat,
User Rank: Apprentice
1/20/2019 | 10:12:10 PM
Re: Thanks for enhancing my knowledge on cloud service.
Yes, thanks for all the information, this is very useful. best regards to all.
 
Don't forget to visit our site :
Obat Tetes Penyakit Telinga Bernanah Dan Berdengung
LaurenA200
100%
0%
LaurenA200,
User Rank: Apprentice
9/14/2018 | 4:04:33 AM
Network Visibility
Thanks a lot!
A very informative blog I must say. It is a very interesting blog for the people who want to learn more and more about network Is Critical to Removing Security Blind Spots.

 
jessicaah
100%
0%
jessicaah,
User Rank: Apprentice
7/30/2018 | 6:25:57 AM
Importance of network visibility
There is significant importance of network visibility whether it is for a network or for a website. The four ways discussed in this article are efficient, and i will definitely apply them on my website at: https://australianassignmenthelp.com/
acepsaepul23
100%
0%
acepsaepul23,
User Rank: Strategist
7/9/2018 | 10:19:03 PM
Health Body
We at Expertsmind have come up with an Excellent and Probably the most effective amenities of management online tutoring. This certain service allows you to connect with our very capable management specialists and Cara Menyembuhkan Psoriasis Secara Alami Dan Cepat.
Page 1 / 2   >   >>
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19010
PUBLISHED: 2019-11-16
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
CVE-2019-16761
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0...
CVE-2019-16762
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any...
CVE-2019-13581
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
CVE-2019-13582
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.