The evolution of networks has accelerated under the pandemic as more organizations have embraced multi-cloud and hybrid-cloud strategies, with remote workers accessing data and applications dispersed across complicated computing environments.
While some traditional network security tools have failed to meet today’s security requirements, a new paper by Netography urges the industry to evolve defensive strategies and address all stages of the threat continuum as networks have become dispersed, a process the firm calls "atomized."
The paper, written by Netography CEO Martin Roesch and titled “A reckoning: The massive implications of losing network visibility and control,” highlighted that the security community has ignored the fundamentals of network visibility and control, despite the use of zero trust architectures and endpoint detection and response (EDR), giving attackers plenty of places to hide and cause chaos across the cloud.
“We thought we had built a better mousetrap with zero trust and moved to the cloud, but the need for network-based security has not lessened,” Roesch wrote in the paper. “Two-thirds of enterprises do not see moving fully to the cloud, ever. And when authentication mechanisms are subverted, or identity-based access control systems are abused to gain deep access into the network, the pervasive use of encryption makes compromises incredibly difficult to detect and prevent with existing network technologies.”
Netography’s announcement is an essential reminder of how little of a traditional perimeter remains when the organizations are securing their critical infrastructure, Mike Puterbaugh, CMO at Pathlock, told SC Media.
“Today, massively distributed applications take advantage of the cloud’s efficiency and, in turn, further reduce that traditional perimeter,” Puterbaugh said.
Without a comprehensive defensive strategy, EDR has become the only line of defense against attackers. However, Roesch said that although EDR provides unique visibility into local processes and system activities, it has limitations if the attackers adopt techniques outside of its coverage and area of responsibility. And many endpoints and networked devices cannot run EDR agents at all.
John Steven, CTO at ThreatModeler, agreed with Roesch and urged the organizations to apply new visibility capabilities that can work in distributed, opaque, and heterogeneous environments.
“This is true across all layers of [organizations’] stack — infrastructure, network, middleware, and application,” Steven told SC Media in an email.
Improving network visibility associated with the cloud environment has always been challenging. Roesch told SC Media that many security solutions have been developed only to tackle part of the issues, which has caused “functional and operational gaps” when it comes to network threat detection and prevention. Therefore, Roesch’s team has built a cloud-scale and network-centric platform to close the gaps by generating unified capabilities regardless of the nature and location of what is being defended.
According to Roesch, this platform, called Netography Fusion, can deliver a real-time network event stream with anomaly detection and compliance analysis.
Casey Ellis, founder and CTO at Bugcrowd, told SC Media that Netography’s effort to improve network visibility is a meaningful step as the issue is “incredibly pervasive and underrated,” and he is looking forward to seeing where it goes.
Jason Hicks, Field CISO and executive advisor at Coalfire, added that Netography’s solution conceptually makes sense to him and looks promising, though it should be thoroughly evaluated in a live environment to fully ascertain the level of promise.
“The devil will be in the details of what data sources are supported, what remediation tools are supported, as well as how complicated the tool is to configure, deploy, and utilize,” Hicks said.
FICO, a software company that provides analytics tools to help organizations manage risk and optimize operations, is one of early adopters of Netography Fusion.
And this Netography platform has provided FICO unprecedented visibility and ability to manage network threats in a centralized way as the company has begun moving to multi-clouds, Shannon Ryan, senior director of Core Security Services and Architecture at FICO, told SC Media in an interview.
Ryan highlighted that from an operational perspective, SaaS-based Fusion does not require hardware and software installation and is easy to use. From a technical perspective, the platform provides quick real-time feedback, which matches the company’s need for daily driven reports. And lastly, from a business perspective, it helps the company effectively save hidden costs that traditional tools would generate.
“[Netography Fusion] really opens a door for our business,” Ryan said.