Network visibility is crucial for many things: making sure that the equipment works properly monitoring and tweaking the network’s performance and protecting it against attacks.
“Network visibility also helps you update your cybersecurity strategy based on current threats. It’s important for the short term, as this is a very dynamic world, and for the long term because it allows an organization to improve its cyber resilience,” says Amit Bareket, CEO of Perimeter 81.
The most common network visibility challenges today are due to the sheer number of different networks and endpoints utilized by today’s distributed workforce. On top of that, another big challenge is to analyze if an incident is real/false/false-positive and decide what action take, he adds.
“Visibility of the network, particularly for a large organization with countless network entries and endpoints, is key in being able to identify any unusual activity and address it immediately. It is essential to detect an attack in real time and respond as fast as possible. Hence, being able to monitor your network and quickly detect any network anomalies is a key defense strategy.”
Achieving network visibility
According to him, to achieve that degree of visibility the CISO and the company’s security team must:
- Clearly map out their network and network endpoints
- Do a survey of all the different IaaS services, software services, business applications, data centers and local networks their organization utilizes
- Map out the levels that should be associated with each of these corporate resources (e.g., only the sales teams should be authorized to access CRM resources, and only development teams should have access to staging environments).
“After mapping out your organization’s network and compliance standards, you’ll want to build the security strategy and mitigation plan (which will include SaaS/SDP, etc.),” he notes.
He recommends using the following NIST-based approach:
“With your security mitigation plan in place, I recommend utilizing a flexible Network-as-a-Service (NaaS) that will allow you to customize and segment network access, as well as provide granular network visibility. Also, it’s important to seek out a solution that will integrate with your organization’s Identity Providers and include built-in two-factor authentication to meet all your organization’s compliance requirements.”
Traditional hardware services, as well as open source VPN solutions, can be highly limited in offering scalable and streamlined network visibility due to the amount of manual configuration and overhead involved, he says.
Cloud-based SaaS security services like secure NaaS solutions can offer a much more cost-effective alternative because of very little overhead and maintenance costs, while providing the option of employing a grow-as-you-go approach and benefits such as unlimited bandwidth and high availability.
With the current shortage of skilled IT security staff, it also makes sense to employ solutions that are easy to set up and deploy, integrate with both local networks and cloud-environments, offer seamless cross-platform compatibility, and allow skilled staff to concentrate on dealing with incidents.