To state the obvious, expanding the reach of IT security and protecting the organisation from cyber-security threats remains the primary challenge for CIOs. The number and complexity of threats is increasing, and the increased use of cloud computing, mobility and social media has made strong security the highest priority.
As enterprises grapple with an increasing number of threats, one thing has become clear: Network security is the foundation for cyber strategy. This is because only the network has the ability to see every connection from every end user, regardless of where the user connects from – be it a teleworker in a home office or on the road, or an employee accessing applications while in the corporate office. With this detailed view the network can identify connected assets, provide visibility into their actions, and stop attackers before they steal critical information.
Though the security industry has provided valuable tools to defend against attacks for years, they have been limited in their effectiveness largely due to their inability to quickly scale to meet today’s threats. “The enterprise network today no longer sits within four secure walls. Traditional security solutions are often distributed and deployed in larger numbers across the entire enterprise network – from wired to wireless to remote access. This is unsustainable. Maintaining network security and operational efficiency in today’s distributed enterprise networks demands new technology that takes a more holistic approach to network access security,” says Rabih Daboussi, Managing Director of Cisco UAE.
GB Kumar, VP and Geo Head, Tech Mahindra, agrees: “Traditional defenses are increasingly becoming policy-enforcement points rather than robust defenses against cyber intrusions. For example, URL filters are still useful for enforcing acceptable-use policies around employee Web surfing, but no longer effective at defending against dynamic drive-by download attacks. Integrating these traditional defenses does little to thwart new generation of threats. Against dynamic threats, traditional defenses like firewalls, IPS, AV, anti-spam, and security gateways collapse, leaving a wide-open hole for cybercriminals.”
Nicolai from HelpAG says traditional security tools can’t protect against the complex malware types we are seeing today. “Take, for example, firewalls which are essential part of network security. They are very limited in their features and lack the ability to close unnecessary ports, dynamically route packets and protect against denial-of-service attacks. They also lack the ability to analyse packets for malware and identify if an attack is taking place on the network,” he adds.
As IT trends such mobility and cloud blur the lines of technology, the network remains the only platform that provides real-time cyber awareness and protection mechanisms. This is where network visibility solutions step in.
“A network visibility solution gives the administrator the power to monitor traffic, regain control of the network in some cases, monitor the network usage, redistribute limited resources to where is needed and identify compromised hosts. All this together provides a security enhancement to the network while optimizing it,” says Khalid Muasher, Business Development Manager- Middle East, Bitdefender.
With disparate devises and hosts, enterprise security teams need a holistic view of their network. With such a comprehensive view of the network, security teams can view hosts in the network, as well as configurations, classifications and other pertinent information.
“It’s important to have granular visibility and control across the network. This visibility into network behaviour helps administrators get to the root of the attack’s cause and block flood traffic while allowing legitimate traffic to pass freely. It also hands administrators the ability to conduct real-time and historic attack analysis for in-depth forensics. In addition, advanced source tracking features can help defensive efforts by pinpointing the address of a non-spoofed attack, and can even contact the offender’s domain administrator,” says Kalle Bjorn, Director – Systems Engineering, Fortinet.
Ideally, network visibility solutions provide a macro view and also allow network managers to drill down into a micro view of each device, providing information on users, applications, vulnerabilities, and more. But, does this affect the performance of the network? The industry is divided on this.
“In our experience, the performance of these networks is actually enhanced by the network visibility solutions. This is because network visibility gives administrators critical information about all the application traffic volumes, times which traffic peaks, potential bottlenecks in the network, etc. Furthermore, these solutions are specifically designed to identify and flag unauthorised and unwanted traffic that can result in the consumption of large amounts of bandwidth,” says Solling.
Muasher says network visibility solutions may affect network performance as they actively inspect packets. “This causes specific overhead. Depending on the amount of data being transferred across the network, the amount of noise and configuration, the impact can be visible or not.”
Visibility in detecting security events still remains a huge weakness for most enterprises. Companies often buy best-of-breed solutions from different vendors and then don’t have the means to correlate and analyse information across these solutions. The SIEM industry was created to pull all these log files back into one location for analysis, but few companies have actually achieved this objective.
In this context, can some of these network visibility solutions be described as SIEMs? Yes, says Daboussi, pointing out to Cisco Identity Services Engine (ISE), which is a next-gen identity and access control policy platform that enables enterprises to enforce compliance, enhance infrastructure security and streamline their service operations.
Kumar from Tech Mahindra says SIEMs are a different class of products. “SIEM products are a different category of security solution that collects and correlate data from a different networking and security appliances. Network analysis and visibility solutions capture the network traffic and perform analytics on that to identify security threats.
“The network visibility product can be integrated with SIEM to provide vital log information to the SIEM to enable the network administrators to have a deeper visibility of the network from security perspective.”
Currently, only a few security vendors play in this area of technology and one can expect to see more network visibility solution to hit the market over the next year or so. “Robust security capabilities (both logical and physical) and privacy policies are critical enablers of the Internet of Everything Economy. The IoE Value at Stake projections are based on increasingly broad adoption of IoE by private-sector companies over the next decade. This growth could be inhibited if technology driven security capabilities are not designed to protect the privacy of both company and customer information. This is the time for security vendors to be enhancing their offerings for customers globally,” says Daboussi.
The way to ‘see’ into your network often comes with a hefty price tag, as these solutions are much more expensive than traditional solutions. This brings up the question what kind of customers would benefit from a network visibility solution?
“Targeted customers for network visibility products are governments, enterprises, internet service providers and datacenters because they rely on network security as they work with it on a daily basis. Financial and insurance companies, banks and public services are also major customers, as the use of a SIEM / network visibility tool is required for compliance reasons. However, there is a growing demand in the small and medium businesses as well for network visibility appliances, as the latest security breaches have once again served a tough lesson about the devastating effects of data theft,” says Muasher.
Solling says today any enterprise organization, regardless of size, could benefit from network visibility. “Better still, is to consider the implications of not having such a solution in place. The results of a study recently conducted by Forrester Consulting have indicated that a lack of network visibility negatively impacts the ability of IT staff to identify and resolve critical application performance issues, leading to substantial losses in business productivity and revenue.”
As organisations become more and more dependent on IT systems to support business processes it is important that critical systems and the network are protected and suffer little or no downtime. Network visibility makes plays a key role in this and is therefore a vital part of the security