How to increase cyber defense agility for the next lockdown

If this worldwide lockdown has taught us anything, it’s that we’re not nearly agile enough and we really need to prepare for future scenarios. Whether the next lockdown comes with a second wave of COVID-19 or as a reaction to an entirely separate catastrophic event, we need to be prepared.

SecOps teams are learning a valuable lesson: when you can’t physically get onsite to make changes and upgrades to security infrastructure, your ability to deal with security threats slows significantly, and cyber defense agility is greatly reduced.

In the current COVID-19 environment, organizations not only face increased exposure to immediate cybersecurity risks, but also challenges in their ability to deploy new or upgraded tools and applications to keep pace with new security threats. Staff working remotely from their homes, on unsecured networks, surrounded by foreign IoT, BYOD, and new working patterns has exponentially increased the attack surface in ways unforeseen by many IT teams.

With every day that passes during the current pandemic, the lack of cyber defense agility and lack of visibility into what goes on across a network is one of the biggest cybersecurity issues.

What’s needed is a thorough understanding of the infrastructural shortcomings that this crisis is showing up, and a plan on how we can overcome these challenges in the future, if (when) we experience similar situations that necessitate secure, long-term, remote access to enterprise networks and resources.

Network architecture is on lockdown

Even before the self-isolation requirements, the vast majority of enterprises already found the process of selecting and deploying new security and performance monitoring solutions cumbersome and slow. New security and monitoring solutions are often deployed as hardware-based solutions, taking months to evaluate, select, purchase and deploy.

Add a pandemic that virtually eliminates physical access to the equation and one more issue becomes apparent very quickly: solutions based on proprietary hardware appliances require physically present human beings to deploy, maintain and upgrade.

In this sense, those solutions are behind the curve – certainly when compared with data centers where server virtualization has delivered highly efficient resource utilization, agile deployment and significant cost savings, and made remote management commonplace.

The same is now available for network security and network monitoring, where a common platform can host a range of commercial and open source network analytics solutions virtualized in a similar way. However, to date we see that many organizations have not yet embraced this common platform approach, and continue to struggle with slow, cumbersome deployment of new capabilities.

In the current environment, where teams are challenged to remotely defend an ever- increasing attack surface, ensuring they can deploy remotely new tools and capabilities on demand with no physical access to the datacenter is extremely challenging. At worst critical threats may slip through the net exposing the organization to malicious cyber actors. At best, it makes agile response difficult and further exacerbates the alert fatigue that SecOps, NetOps and IT teams are already battling against.

Ensuring that these teams – as well as external service providers – are well prepared and equipped to quickly deploy and make use of best-in-class network security and network monitoring tools ought to rank at the top of every CISO’s priority list when business-as-usual (or whatever that becomes) resumes. And right underneath that is working out how to make the infrastructure flexible enough so that changes can be made without having to have people onsite.

What can organizations do to improve cyber defense agility for the next lockdown?

Throughout this COVID-19 crisis, companies are learning many “life lessons,” some of which will transform operational models for the better. With the current, hardware-based approach to security being such a roadblock to enterprise cybersecurity agility, companies are in a perfect position to address gaps in the current approach to achieve better network visibility, security and agility in the future.

In a nutshell, organizations need to shift to implementing a network architecture that lets them deploy detection and analytics tools remotely. The only way to maintain both the visibility of the network and the agility to detect and deal with issues is to virtualize security tools.

This means encouraging security teams to deploy solutions that are not dependent on proprietary hardware appliances, but rather software solutions that can be deployed on open platforms.

Adopting a common, virtualized hardware platform removes the hardware dependence that currently forces organizations to be physically present in order to deploy security solutions from various vendors. These security and analytics solutions can be deployed as and when needed remotely, as virtualized software applications. It’s not only remote, agile deployment, but it also gives organizations the freedom to choose the security, application performance and network performance solutions that best suit their needs, independent of the underlying hardware.

The same virtualized hardware platform can host not just network security solutions, but also network and application performance tools. When all tools share access to a common source of data, correlating events and integrating solutions to streamline investigation and resolution workflows becomes easy. SecOps, NetOps, IT and DevOps teams all reap the same visibility, agility and cost-efficiency benefits and the teams can collaborate with each other.