The state of the network is … complex and possibly insecure.
There are many reasons to step up the security of today’s networks, such as:
- Defensive cyber warfare for governments
- Cyber theft and fraud prevention for banking and financial services organizations
- Protecting intellectual property for high tech, manufacturing, oil & gas, media and many others
- Privacy of PHI (protected health information) for healthcare and health insurance
Not to mention that organizations participating in mergers, acquisitions and divestiture activities need to perform their IT due diligence to ensure that the transactions bring true business value, and not diminished by unknown network connectivity issues.
But to take a step back … regardless of the reasons driving your need to step up security, it’s important to understand the reasons of why the network is so complex.
20% Gap in Network Visibility
Not that it’s easy to secure a network, but adding to the challenge is the typical gap in network visibility that large organizations experience – on average a 20% gap. You can’t secure what you don’t know.
The network visibility gap comes about due to:
- Unmanaged & Unsecured Devices:
BYOD and “non-traditional” IP connected devices (such as physical security devices, manufacturing systems and medical equipment) in the network create gaps in information. Also, organizations are continuing to introduce IPv6 into their networks, and not all of their current network and security management tools are capable of including IPv6 into the mix.
- Disappearing Network Edge:
Traditional device management is not designed to handle today’s virtual, cloud and mobile infrastructure.
- Corporate Change:
Rapid change due to M&A, consolidation and outsourcing requires costly manpower to address.
Network Situational Awareness
Today’s organizations need network situational awareness which will enable them to gain comprehensive intelligence on every connection, device and leak path across the enterprise – closing the gap on network visibility. This is the first step in proactive network security.
Network situational awareness involves the collection, correlation and normalization of network information to produce a common operational picture of the network infrastructure. It provides a comprehensive visualization of the current IT infrastructure, identifying critical and/or sensitive infrastructure components. Network situational awareness also involves identification of policy violations and potential network vulnerabilities. The foundational intelligence is required to make decisions impacting security, compliance and forensics.
Network security managers need to obtain an authoritative census of the network architecture, including real-time network infrastructure change (broadcast, OSPF, BGP, etc.) and policy violations. They need answers to questions such as: What does the network really look like? What devices are really using it? How? Does this violate policy?
In order to secure a network, managers need to understand the true topology of a network – the address space that is in use, and the connections that are accessible. They need to have a comprehensive device census and profiles of the devices. They need to understand port usage and identify certificates in use. They need to understand the “edge” of the network under management.
Network security managers need to identify unknown networks, potential leak paths (internal or to the public Internet), and forwarding policy violations to assure that network segmentation is in place and effective. They need answers to questions such as: What network enclaves are really able to reach others? Does this violate policy? Is there any forwarding between multi-homed hosts? Are there any unauthorized bridging devices on my network? Managers need to understand the segmentation between hybrid physical/virtual environments.
The larger the network, the more important – perhaps critical – it is to have this network situational awareness.
The state of the network is complex and constantly changing. But the state of the network can be tracked, based off of real findings starting with an authoritative census of the network infrastructure.