For most of the last 30 years, businesses have strived to create enterprise networks that are performant, resilient, and secure. Securing these networks has been, and continues to be, a major focus for CISOs. However, over the last decade, security leaders have come to a realization -- their enterprise has already been hacked, or they do not know it yet. This means an enterprise cannot assume that its network is safe - even though millions may be spent on securing it. In order to be vigilant and maintain protection, it’s important for security managers to understand the most common pitfalls and ways to overcome outdated notions of enterprise networks and network visibility. Here is a rundown of some of the most critical flaws:
Misunderstanding where network visibility is needed today
Network visibility is about seeing your business processes in effect in the enterprise. It shows who is talking to who, when, and how often. In today’s “everywhere enterprise,” network visibility is not just visibility on the enterprise network, but visibility from devices to cloud providers. In the context of monitoring cybersecurity and IT defenses, it means how much insight an organization’s teams have into the activities of its IT assets and users, as well as the infrastructure in place to detect and respond to security incidents in a timely manner.
One of the most jarring realities for some IT managers is understanding that an enterprise network just may not be essential to their particular business. For example, for small enterprises, it’s potentially not worth having a network at all, and instead, treating all users like remote users with appropriate Zero Trust controls and connecting devices to apps through a cloud-based secure gateway. That being said, larger enterprises often have too much legacy and sunk costs in enterprise networks to make a full switch. It all comes down to being nimble and flexible to your business needs and not being afraid to deviate from “what’s always been done.”
Prioritizing one network from other parts of the enterprise
Network security needs to correlate with events coming from endpoints and combine with insights coming from email and other social communication methods. It’s key to think about network security as part of the security fabric and not a silo.
To maximize network visibility, an enterprise has to think beyond its own pipes and think about all the networks it does business on. This means gaining visibility on the network traffic from devices as they roam the world. It also means getting visibility to, from, and inside cloud providers, and even the cloud applications themselves. All of this communication visibility is important for an enterprise to allow the right business processes and catch someone trying to disrupt or take advantage.
Relying on legacy tools offering minimal context
Services alone will only take you so far as a security operations team. The reality of today’s security landscape is that MSSP and co-management can’t take enterprises where they need to be in terms of visibility. Security tools need to be integrated to better detect and orchestrate a response. Additional security context needs to be brought in from all sources, including cloud applications.
One of the key ways organizations can improve their cybersecurity posture and capabilities across their IT ecosystem is by implementing XDR. While the existing security management toolset has helped to improve visibility into the enterprise security posture, the tools are still far from perfect. SIEM and EDR offerings still threaten to overload security operations teams with alerts, and even MSSPs struggle to deal with alert fatigue and the scale and complexity of corporate IT environments. Open XDR, specifically, reduces security complexity by bringing flexibility and visibility to disparate technologies and data sets while speeding response by force multiplying teams with machine learning and automation.
Managing security while protecting the organization from a growing number of threats is increasingly a complex endeavor – but it’s also an increasingly critical capability given the significant disruption and impact breaches can, and have proven, to cause. Unfortunately, it is not getting easier any time soon as the corporate network perimeter disappears and organizations adopt an increasing number of cloud services, IoT devices, and emerging technologies which expands the attack surface with a class of endpoints that largely lack proper security controls. Visibility into the entire IT ecosystem is one of the most essential components of a strong cybersecurity posture, yet organizations report that visibility is one of the biggest challenges to improving their cybersecurity initiatives. To forge a path forward, it starts with identifying common misconceptions and rectifying systems to better align with today’s realities.
Brian Foster is Head of Product at ReliaQuest.