Month: February 2020

Network Security and
Management Challenges – Part 2: Visibility

Original Entry by : Endace

Stop Flying Blind: How to ensure Network Visibility

Network Visibility Essential to Network Security

Key Research Findings

  • 89% of organizations lack sufficient visibility into network activity certain about what is happening.
  • 88% of organizations are concerned about their ability to resolve security and performance problems quickly and accurately.

As outlined in the first post in this series, lack of visibility into network activity was one of the key challenges reported by organizations surveyed by VIB for the Challenges of Managing and Securing the Network 2019 research study. This wasn’t a huge surprise: we know all too well that a fundamental prerequisite for successfully protecting networks and applications is sufficient visibility into network activity. 

Sufficient visibility means being able to accurately monitor end-to-end activity across the entire network, and recording reliable evidence of this activity that allows SecOps, NetOps and DevOps teams to react quickly and confidently to any detected threats or performance issues. 

Context is Key

It might be tempting to suggest that lack of network visibility results from not collecting enough data. Actually, the problem is not possessing enough of the right data to provide the context that enables a coherent big-picture view of activity – and insufficient detail to enable accurate event reconstruction. This leaves organizations questioning their ability to adequately protect their networks.

Without context, data is just noise. Data tends to be siloed by department. What is visible to NetOps may not be visible to SecOps, and vice versa. It is often siloed inside specific tools too, forcing analysts to correlate data from multiple sources to investigate issues because they lack an independent and authoritative source of truth about network activity. 

Typically, organizations rely on data sources such as log files, and network metadata, which lack the detailed data necessary for definitive event reconstruction. For instance, while network metadata might show that a host on the network communicated with a suspect external host, it won’t give you the full details about what was transferred. For that, you need full packet data. 

In addition, network metadata and packet data are the only data sources that are immune to potential compromise. Log files and other data sources can be tampered with by cyber attackers to hide evidence of their presence and activity; or may simply not record the vital clues necessary to investigate a threat or issue.

Combining Network Metadata with Full Packet Data for 100% Visibility

The best possible solution to improving visibility is a combination of full packet data and rich network metadata. Metadata gives the big picture view of network activity and provides an index that allows teams to quickly locate relevant full packet data. Full packet data contains the “payload” that lets teams reconstruct, with certainty, what took place.

Collecting both types of data gives NetOps, DevOps and SecOps teams the information they need to quickly investigate threats or performance problems coupled with the ability to see precisely what happened so they know how to respond with confidence.

This combination provides the context needed to deliver both a holistic picture of network activity and the detailed granular data required to give certainty. It also provides an independent, authoritative source of network truth that makes it easy to correlate data from multiple sources – such as log files – and validate their accuracy.

With the right evidence at hand, teams can respond more quickly and accurately when events occur. 

In the next post in this series, we’ll look at how to make this evidence easily accessible to the teams and tools that need it – and how this can help organizations be more agile in responding to security threats and performance issues.

Introducing the Network Security and
Management Challenges Blog Series

Original Entry by : Endace

Recent research provides insight into overcoming the challenges of managing and securing the network

Network Security and Performance Management Research

A Big Thank-You

We’d like to take this opportunity to thank all of the companies and individuals that participated in both studies. Without your participation, it would not have been possible to produce these reports and the valuable insight they contain.

For those who didn’t get a chance to participate, please click here to register your interest in participating in our 2020 research projects.

Last year, Endace participated in two global research studies focusing on the challenges of protecting enterprise networks. The results of both provide powerful insights into the state of network security today, and what organizations can do to improve the security and reliability of their networks. In this series of blog posts, we’re going to take a deep dive into the results and their implications. 

We commissioned an independent, US-based research company, Virtual Intelligence Briefing (VIB) to conduct the research underpinning the Challenges of Managing and Securing the Network 2019 report. VIB surveyed senior executives and technical staff at more than 250 large, global enterprises to understand the challenges they face in protecting against cyberattacks threats and preventing network and application performance issues. 

Organizations from a range of industry verticals including Finance, Healthcare, Insurance and Retail participated. Annual revenues of participating companies were between $250M and $5B+, and respondents included senior executives such as CIOs and CISO, as well as technical management and technical roles. 

Our second research project was with Enterprise Management Associates (EMA) and was focused on looking at what leading organizations are doing to improve their cybersecurity and what tactical choices are making the biggest difference. This research was based on responses to a detailed survey of more than 250 large enterprises across a wide range of industries .

You can download a summary of EMA’s report here: “Unlocking High Fidelity Security 2019“.

So what did we find out? 

When it comes to securing their networks from cyberattacks, organizations find it hard to ‘see’ all the threats, making detection and resolution of security and performance issues cumbersome and often inconclusive. They lack sufficient visibility into network activity, with too few tools in too few places to be confident they can quickly and effectively respond to cyber threats and performance issues.

The need for greater agility was also a common challenge, with alert fatigue, tool fatigue and lack of integration between tools making the investigation and resolution process slow and resource-intensive. 

Organizations also face significant economic challenges in the way they are currently forced to purchase and deploy solutions. This leaves them unable to evolve quickly enough to meet the demands imposed by today’s fast-moving threat landscape and 24×7 network and application uptime requirements. 

In this series, we’ll explore each of these three challenges – Visibility, Agility and Economics – while also looking at how they are intrinsically inter-related. Understanding and addressing all of these challenges together revolutionizes network security and management, and enables organizations to realize greater efficiency while saving money.

Our next post will look at why organizations lack visibility into network activity and how they can overcome this challenge.