Software Development
Cybersecurity / Digital access / Guest posts

It is time to rethink network security, visibility and control

The CEO of Netography and former founder, CEO and CTO of Sourcefire explains what the atomized network entails and what adopting the model could do for the network security industry in this guest op-ed.

Network security has changed since this NetLogic product was all the rage. (Photo by Flickr user htomari, used via a Creative Commons license)

This editorial article is a part of Technology of the Future Month 2022 in Technical.ly's editorial calendar. This month’s theme is underwritten by Verizon 5G. This story was independently reported and not reviewed by Verizon 5G before publication.

This is a guest post by Martin Roesch, the CEO of Annapolis-based network security company Netography. Roesch, the creator of Snort and a founding executive of Sourcefire, adapted this submission from his paper, “A Reckoning: The Massive Implications of Losing Network Visibility and Control.”

Corporate infrastructure has changed drastically over the last several years. Applications and data are scattered across complex environments. Networks have become atomized, which means they are dispersed, ephemeral, encrypted and diverse.

The idea of the atomized network not only defines multi-faceted environments but also incorporates the modern workforce that relies on them — one that operates on-premises, remote or hybrid, utilizing many different endpoints. To defend our environments, we must fully appreciate what today’s networks really look like and the doctrinal shift that’s required in enterprise security. Moreover, as enterprise security undergoes this shift, so must the way we think about this complex reality.

We must evolve now

We need to recognize the world for what it is today, not what it used to be, and build for that world. As the composition of network environments continues to evolve, we’re on the cusp of another significant movement and it’s clear the next shift needs to happen. The fundamentals of security haven’t changed, but the environment in which security professionals operate — the composition of the networks we need to protect, the categories of attacks we face, the teams we operate within and the effectiveness of the capabilities we’ve relied on historically — has.

The big picture is that some of the core approaches to network security are being made obsolete.

What makes traditional technologies obsolete?

With as many security technologies that are now available, the solutions have yet to evolve with the problem. Instead, they only address parts of the problem with no regard for the whole, which has created functional and operational gaps in threat detection and prevention on the network.

For example, while endpoint detection and response (EDR) and zero trust architectures are critical, the importance of network visibility and control has gotten lost in the hype, and new categories of attacks reveal the consequences of the reduction in capabilities. These solutions were supposed to obviate the need for network-based threat detection and protection, but zero-trust, identity-based access permission models can be bypassed or circumvented. In the meantime, EDR has limitations in the sense that once an attacker has access to the network whose security has been falling by the wayside, they have plenty of places to hide and take advantage of gaps.

Many organizations aren’t aware of every endpoint connected to their atomized network. Even if they are, that endpoint may be out of their control, from the high-tech vending machine in the breakroom to a consultant’s smart device. Entire classes of devices can be left unprotected, so having an effective network security architecture beyond access control and access brokering is even more important.

Additionally, the pervasive use of encryption in software-as-a-service and zero-trust environments blinds deep packet inspection (DPI) technologies. And there is no way to deploy DPI technologies in relevant timeframes when they are primarily delivered on appliance-based architectures and the concept of defined locations has all but disappeared.

Technologies responsible for network security aren’t as effective as needed to address the major evolutionary pressure the atomized network brings. And nothing has replaced them.

What security for today’s atomized network requires

Changes in corporate infrastructure and network composition will undoubtedly continue. Organizations must evaluate their networks as they stand today, identify areas where their protection efforts may lag and evolve to gain control of their networks. Organizations need to rethink their network security visibility and control with a new architecture built for the current atomized world — architecture that boasts fundamental capabilities to inform operators on what they’ve got in their networks, what it’s doing and what’s happening to it.

Read Roesch’s full paper
Companies: Netography
Engagement

Join the conversation!

Find news, events, jobs and people who share your interests on Technical.ly's open community Slack

Trending

‘Shark Tank’ reruns and mentorship prepared Baltimore entrepreneur for her primetime moment

Baltimore daily roundup: B-360's policy moves; a foundation's fight for financial inclusion; Digital Navigator training

Baltimore daily roundup: Johns Hopkins dedicates The Pava Center; Q1's VC outlook; Cal Ripken inaugurates youth STEM center

Baltimore daily roundup: Scenes from an epic Sneaker Ball; Backpack Healthcare in Google AI accelerator; local tech figures' podcast

Technically Media