Network visibility can reverse the security asymmetry challenge

Securing a business network has never been easy, but the task is becoming increasingly more difficult.

Years ago, there was a single ingress/egress point to get into the network. The delineation between what was public and what was private was obvious.

Today, that’s all changed. The rise of mobile devices, Wi-Fi access points, cloud applications and software-defined everything has increased the number of entry points into a company from one to tens, hundreds or even thousands for large organizations. For example, it’s common for a worker to connect to some kind of “free” Wi-Fi network when travelling without having any idea who might own that network, browse the web and infect their mobile device.

In fact, ZK Research studies have shown that about 1 percent of all mobile devices used for business purposes are infected today. The worker then comes back into the office, attaches the device to a company access point and spreads the malware across the company.

This creates what I call the “security asymmetry” problem. Security professionals need to secure an increasingly larger number of entry points, but the bad guys need to find only one way in—and the problem is getting worse as network security becomes more complicated.

I recently hosted a webinar on this topic with Jeff Harris, senior director of security solutions at Ixia, and Glenn Chagnot, director of visibility products at Ixia. The goal of the webinar was to help security professionals understand how network visibility can be used to reverse this security asymmetry problem.

During the event, we asked several poll questions to get a sense of where the audience is today with respect to the topic. The first question asked: “With all the tools you have today to secure your data, compared to five years ago, do you find security to be easier to implement, about the same or more complex?” Seventy-one percent said “more complex.” This should be no surprise, as the average number of security vendors a company works with today is 32, according to ZK Research.

We asked a follow-up question: “Which technologies create the biggest blind spots?” And the top two responses were “encrypted traffic” (50 percent) and “Internet of Things” (33 percent).

Again, those results aren’t shocking, but they do foreshadow more problems ahead. Over the past five years, the amount of encrypted traffic has gone through the roof, as it seems almost every website and cloud application is encrypted.

With respect to the Internet of Things, the industry is still in its infancy. And when it comes to the number of connected endpoints, as Bachman Turner Overdrive said, “You ain’t seen nothing yet.” We are on the verge of connecting literally everything to the company network, which will increase the number of entry points and attack surfaces by orders of magnitude and make the asymmetry problem even more acute.

Network visibility key to addressing security asymmetry problem

Reversing this challenge may seem like an impossible task, similar to the Boston Red Sox reversing the curse of the Bambino. However, the latter was overcome, proving anything can be reversed, and the technology now exists to reverse the asymmetry problem and even swing it in the good guys’ favor. The key is network visibility.

With end-to-end visibility, a business can build a baseline of what “normal” traffic looks like. Any deviation from this would warrant investigation from the security team. In the example I gave of the mobile professional, the norm for that worker could be to connect to the email server, web server and perhaps an internal application. When infected, the device may also connect to something that is not normal for that user, such as the accounting server. At that point, the device should be quarantined and the investigative process started. Even if the malware uses some kind of advanced sandbox evasion technique, it will eventually create traffic patterns never seen before.

Now the asymmetry problem can be reversed. Once the network has been breached, the malware will want to spread across the organization, creating a large amount of unusual traffic. For the malware to be effective, all of this new traffic needs to stay hidden, but the security team just needs to find one instance of it to isolate it and eliminate it. Advantage security team.

The last question we asked the audience was about their concern regarding network security after the webinar compared to their thoughts on the subject when the event started. Half of the attendees said they were more concerned. It’s OK to be more concerned. In fact, everyone should be. But before you add that 33rd security vendor, make sure you have the visibility tools in place to quickly find breaches so those security tools can actually do what they are designed to do.