A Sense of Security Blog

Cloud Adoption and Encryption Don’t Have to be the Enemies of Network Visibility


Network visibility is a term that’s thrown around a lot today; and a lofty goal that IT professionals are striving to achieve. The term is often used to mean achieving visibility into anything from endpoints that are connected to the network all the way to deep packet inspection (DPI), to something as simple as correlating network logs or Netflow.


However, true visibility for networks AND connected infrastructure like endpoints, as critical as it is for breach discovery and revealing potential threats, is hampered by the migration of core IT assets and services to the cloud and the increased adoption of encrypted traffic.


There are two major culprits that limit network visibility. One is increasing network complexity, especially with dynamic infrastructure such as virtual machines and mobile devices. The second is the accelerated migration of key business applications to the cloud. Cisco’s Global Cloud Index predicts that by 2020, 92 percent of workloads will be processed in public and private cloud data centers, and just 8 percent in traditional data centers.


And on top of it all, most enterprises are struggling with network blind spots caused by encrypted traffic on their networks. A recent Ponemon study found that 64 percent of organizations cannot detect malicious SSL encrypted traffic, and 62 percent do not currently decrypt SSL traffic – yet half of ALL known cyber attacks used SSL encryption to evade detection in the past year. At this point the alarm bells should be ringing. All of this points to the possibility that there is a gaping hole in our security strategy that is being exploited constantly by threat actors.


The reality is that many of today’s security and analytics tools are completely missing things on the network that need to be secured. Just about all of the vendors out there rely on packet captures and deep packet inspection of data payloads.  Some rely on Netflow and log collection. Even in combination none of these solutions are suited for providing a complete level of visibility in the cloud and are all but useless when it comes to monitoring for malicious activity in encrypted payloads.


Both cloud adoption and encrypted traffic usage is here to stay – and only going to increase. We know this, which is why Lumeta takes a different approach by providing a deeper understanding of network traffic all the way to the endpoint to deliver greater network visibility. Our patented approach of leveraging network control plane traffic (BGP, OSPF, DNS, DHCP, ARP, etc.)  and interrogation of network infrastructure means we gain full real-time visibility into the entire end-to-end infrastructure, even as it stretches into the cloud, while also monitoring for dynamic changes in real-time.


Even better, we can perform monitoring for breach detection by applying security intelligence to our analysis of this control plane traffic without being concerned about encryption. Control plane traffic doesn’t carry encrypted user data payloads. Why is that important? Lumeta provides an early warning for malicious activity before an attacker is ready to breach your systems and exfiltrate data.


Lumeta takes a truly unique approach that offers the ability to not only discover and track over 20 percent unknown, rogue and shadow IT infrastructure, but also monitor in real-time by using passive and active listening techniques.  Lumeta Spectre offers companies Cyber Situational Awareness, providing unmatched real-time network context into dynamic network elements, endpoints, virtual machines and even cloud-based infrastructure paired with threat intelligence. To learn more about common blind spots in stopping attackers and other challenges contact us for more info at: info@www.lumeta.com.  To learn more about Lumeta Spectre, go to http://www.lumeta.com/products/spectre/.