It is time to rethink network security, visibility and control

Corporate infrastructure has changed drastically over the last several years. Applications and data are scattered across complex environments. Networks have become atomized, which means they are dispersed, ephemeral, encrypted and diverse.

The idea of the atomized network not only defines multi-faceted environments but also incorporates the modern workforce that relies on them — one that operates on-premises, remote or hybrid, utilizing many different endpoints. To defend our environments, we must fully appreciate what today’s networks really look like and the doctrinal shift that’s required in enterprise security. Moreover, as enterprise security undergoes this shift, so must the way we think about this complex reality.

We must evolve now

We need to recognize the world for what it is today, not what it used to be, and build for that world. As the composition of network environments continues to evolve, we’re on the cusp of another significant movement and it’s clear the next shift needs to happen. The fundamentals of security haven’t changed, but the environment in which security professionals operate — the composition of the networks we need to protect, the categories of attacks we face, the teams we operate within and the effectiveness of the capabilities we’ve relied on historically — has.

The big picture is that some of the core approaches to network security are being made obsolete.

What makes traditional technologies obsolete?

With as many security technologies that are now available, the solutions have yet to evolve with the problem. Instead, they only address parts of the problem with no regard for the whole, which has created functional and operational gaps in threat detection and prevention on the network.

For example, while endpoint detection and response (EDR) and zero trust architectures are critical, the importance of network visibility and control has gotten lost in the hype, and new categories of attacks reveal the consequences of the reduction in capabilities. These solutions were supposed to obviate the need for network-based threat detection and protection, but zero-trust, identity-based access permission models can be bypassed or circumvented. In the meantime, EDR has limitations in the sense that once an attacker has access to the network whose security has been falling by the wayside, they have plenty of places to hide and take advantage of gaps.

Many organizations aren’t aware of every endpoint connected to their atomized network. Even if they are, that endpoint may be out of their control, from the high-tech vending machine in the breakroom to a consultant’s smart device. Entire classes of devices can be left unprotected, so having an effective network security architecture beyond access control and access brokering is even more important.

Additionally, the pervasive use of encryption in software-as-a-service and zero-trust environments blinds deep packet inspection (DPI) technologies. And there is no way to deploy DPI technologies in relevant timeframes when they are primarily delivered on appliance-based architectures and the concept of defined locations has all but disappeared.

Technologies responsible for network security aren’t as effective as needed to address the major evolutionary pressure the atomized network brings. And nothing has replaced them.

What security for today’s atomized network requires

Changes in corporate infrastructure and network composition will undoubtedly continue. Organizations must evaluate their networks as they stand today, identify areas where their protection efforts may lag and evolve to gain control of their networks. Organizations need to rethink their network security visibility and control with a new architecture built for the current atomized world — architecture that boasts fundamental capabilities to inform operators on what they’ve got in their networks, what it’s doing and what’s happening to it.