Perimeter

12/21/2017
10:30 AM
Zeus Kerravala
Zeus Kerravala
Commentary
Connect Directly
Facebook
LinkedIn
Twitter
RSS
E-Mail vvv
100%
0%

Why Network Visibility Is Critical to Removing Security Blind Spots

You can't secure what you can't see. Here are four ways to shine a light on the dark spaces of your corporate infrastructure.

There's an axiom used by security professionals that states: "You can't secure what you can't see." This rather simplistic statement actually has many different meanings when it comes to securing a business because of the rapidly growing number of network blind spots that exist in today's information technology infrastructure.

I recently ran across a post on network visibility that did a nice job of describing how greater visibility enables better security. This is something I have been preaching for years. Below are what I consider the four top blind spots in networking, and the role that visibility plays to shine a light on them. But first a definition: network visibility is being able to "see" all endpoints and traffic that traverse the company network, which now extends to the public cloud.

Blind Spot 1: East-West Data Center Traffic
In the client-server era, all traffic went from a computer, into the data center, to the core, and back. This is known as north-south traffic. Securing this type of traffic flow means putting big firewalls and other tools in the core of the network where traffic would be inspected as it passed through. Over time the folks at VMware figured out a way to virtualize workloads and send traffic between them, even if they are in another location of the data center. This is known as east-west traffic. 

The challenge in securing east-west traffic is that it never passes through the core, so it bypasses all your traditional (and expensive) tools, as well as new ones such as behavioral analysis. Organizations could try to deploy security tools at every possible east-west junction, but that would be ridiculously expensive and complicated. Network visibility tools allow security managers to see every east-west flow and then individually direct them to specific security tools instead of sending all traffic to all tools. This enables organizations to move forward with initiatives that drive up the amount of east-west traffic, such as cloud, container, and virtualization initiatives, without putting the business at risk.  

Blind Spot 2: Internet of Things (IoT)
The IoT era has arrived and businesses are connecting non-IT devices at a furious rate. Building facilities, factory floor equipment, medical equipment, and other IoT endpoints are now connected to the company network. One of the challenges is that the majority of IoT devices, 60% according to ZK Research, are connected by an operational technology (OT) group and not by information technology teams. Network visibility can help IT discover these devices, infer what they are, and spot malicious traffic.  

For example, a connected device that sends traffic to Lutron Electronics every day is likely an LED lighting system. If the lights suddenly start communicating with the accounting server, a breach can be assumed and the device immediately quarantined. Without visibility, this could take months to find. With visibility, this breach could be found almost instantly.

Blind Spot 3: Insider Threats
Malicious users or infected devices can be very difficult to spot as they are typically "trusted." For example, a worker on vacation might have his or her laptop compromised when connected to free Wi-Fi service in a coffee shop. The person then returns to work, passes the authentication tests, and spreads the malware across the company. What's more, with traditional perimeter security, there is no way for a company to know that a disgruntled employee is stealing the entire customer database and selling it to a competitor because the traffic never goes through the firewall. In both cases, a good baseline of traffic helps security professional understand the norm, so if a worker's devices start exhibiting odd behavior, it can be flagged, quarantined, and inspected, minimizing the damage. 

Blind Spot 4: Cloud Traffic
The use of public cloud services such as Amazon Web Services and Azure has skyrocketed over the past several years and will continue to grow as more businesses move on-premises data and technology to a cloud model. One of the security problems with the cloud is that, by definition, cloud technology is located outside of the business's secure perimeter. Consequently, conventional wisdom asserts that data in the cloud can't be secured locally.

The truth is, almost all cloud providers offer tools that provide basic telemetry information, and some of the more advanced visibility vendors/network packet brokers now provide pervasive visibility into AWS, Azure, and other cloud service providers. This effectively makes the cloud an extension of the enterprise network. In addition to security, this data can be used for analytics, performance monitoring, or machine learning. 

We live in a world today where literally everything in a company is being connected, virtualized, mobilized, and pushed into the cloud, making data significantly more difficult to secure. If you can't secure what you can't see, then invest in network visibility tools that shine a light on security blind spots. Then shut them down!

Related Content:

 

Zeus Kerravala provides a mix of tactical advice and long term strategic advice to help his clients in the current business climate. Kerravala provides research and advice to the following constituents: end user IT and network managers, vendors of IT hardware, software and ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
jessicagross
50%
50%
jessicagross,
User Rank: Apprentice
1/3/2018 | 1:34:18 AM
Thanks for enhancing my knowledge on cloud service.
Awesome post its help us to inhanced my knowledge about the different type of data flows in the client and server websites and how cloud services are helping us to get secure data. This article can definately help some of my students in their assignment help.

 

 
acepsaepul23
50%
50%
acepsaepul23,
User Rank: Guru
7/4/2018 | 2:31:48 AM
Healthy Body
Core programs help students to comprehend the scope of action, historic improvement, future path and trends, and common types and roles of organizations that function in a vocation field. Visit : Obat Herbal Infeksi Kulit
9199362202rR@
50%
50%
[email protected],
User Rank: Apprentice
7/5/2018 | 2:19:37 AM
Tutorial
Thank you very much for this posting.
acepsaepul23
50%
50%
acepsaepul23,
User Rank: Guru
7/9/2018 | 10:19:03 PM
Health Body
We at Expertsmind have come up with an Excellent and Probably the most effective amenities of management online tutoring. This certain service allows you to connect with our very capable management specialists and Cara Menyembuhkan Psoriasis Secara Alami Dan Cepat.
jessicaah
50%
50%
jessicaah,
User Rank: Apprentice
7/30/2018 | 6:25:57 AM
Importance of network visibility
There is significant importance of network visibility whether it is for a network or for a website. The four ways discussed in this article are efficient, and i will definitely apply them on my website at: https://australianassignmenthelp.com/assignment-help-canberra
LaurenA200
50%
50%
LaurenA200,
User Rank: Apprentice
9/14/2018 | 4:04:33 AM
Network Visibility
Thanks a lot!
A very informative blog I must say. It is a very interesting blog for the people who want to learn more and more about network Is Critical to Removing Security Blind Spots.

 
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.