Network Security
packet volume with ‘Big Data’ at Cloud-scale becomes overwhelming without intelligent pre-processing.
Why are data analytics an important consideration? You cannot manage what you cannot see, and it is impossible to accurately analyse and secure all data-in-motion without full visibility into all – even encrypted – traffic. By integrating data analytics tools, NetOps teams can become more productive, networks can run more efficiently and cybersecurity improves significantly. Analytics tools categorise data-in-motion and intelligently identify threats for further inspection. For example, internal data between Microsoft Teams, Slack or Zoom is likely to be very low risk. Low-risk, duplicate, or irrelevant data will therefore no longer clog up the network or tool capacity. For IT and SecOps teams, there will be fewer, more reliable alerts that they can act on more efficiently and productively.
How should businesses be looking to secure their data?
All organisations produce, store, or interact with sensitive data of some sort. Financial Services firms, for example, protect hugely critical data and a second-rate cybersecurity system is out of the question. With dispersed and often remote teams, plus the growth of personal and unmanaged IoT devices, Gartner has confirmed that one of the most useful and important tools is Network Detection and Response (NDR). The best NDR tools should be measured not on how many detection alerts they produce, but on the quality of investigations and speed of responses they enable. Effective outcomes require expert curation of detections, powerful investigation capabilities like search, and the right set of ecosystem integrations for appropriate response. An additional consideration is the benefit of using a centralised decryption tool to enable full visibility of threats, which increasingly ride in encrypted network data.
Please could you explain a bit more about cloud visibility, and why it is important?
Cloud visibility is important not just within a single cloud but across all the clouds that an organisation may touch. Most organisations are operating with a hybrid infrastructure whether intentional or accidental, creating a gap in visibility. Network tools lack visibility into cloud traffic, and cloud tools lack visibility into network traffic. This gap results in “islands of visibility” that forces IT teams to re-do compliance processes and struggle to optimise user experience and security at the enterprise level, vs IT optimisation within each siloed cloud. The solution to this gap is elastic visibility across the hybrid cloud. End-to-end visibility is needed to unify data and meta-data from different clouds with different methods of data ingestion and different versions of tools.
What are the current threats of data breaches and how can we safeguard against this? The threat is higher than ever, sadly having worsened during the global pandemic, as evidenced by both reported breaches and unreported breaches implied by industry studies. One approach is to consider the Zero Trust framework, which is a set of principles to minimise implicit trust given to individuals or devices. There are many actions to take within this framework, but the essence is www.pcr-online.biz
42-43 PCRApr21 Network Security Gigamon.indd 43
to recognise that breaches have become more of a “when” than an “if,” and that Information Security teams must complement threat prevention with threat detection and response. Good hygiene with network segmentation is a key first step. Endpoint Detection and Response can increase the chances of detecting a threat via managed (but not unmanaged) endpoints. Visibility into the network itself becomes the critical backstop, since east-west threat movement, command and control beaconing, and much more may be visible only in the data-in-motion. Channel partners have a huge opportunity to act as trusted advisors, helping each customer build towards a Zero Trust Architecture in the manner that is right for them.
How is the increase in data volume impacting our networks?
Data volume continues to grow exponentially, which has implications far beyond upgrading the “speeds-and-feeds” on an enterprise local area network. Monitoring itself becomes more difficult with less margin for error as inline monitoring and security tools can become overwhelmed. One interesting trend is 5G, which will dramatically increase and improve data volumes for mobile users. Channel partners can help Enterprises form their own 5G strategies, taking advantage of opportunities from cost reduction to even greater agility and experience for mobile users. Visibility in the 5G network is absolutely critical, especially considering the control plane and user (data) plane will be separated, making it more challenging to assure experience.
Please could you explain a bit more about managed services and the importance of this? Channel partners must become trusted advisors to customers to help them navigate the complexity of today’s IT world. The first step is consultative selling, but this can be followed by taking a much more active role in directly supporting customers with their challenges by managing specific services for them, even including security services. The channel always must ensure its customers are getting the best value from the technologies they are investing in, and can create a win-win by going beyond advice and implementation, into management, operation and administration. From here, a more lucrative partnership is being built between channel partners and customers.
April 2021 | 43
22/03/2021 16:29