In 2021, Chief Information Officers (CIO) will need to take a closer look at how their IT infrastructure and security plans can be adjusted to better maintain business continuity.
As businesses realign their business continuity plans (BCP), business leaders will begin to move beyond the pandemic to readdress plans for disaster recovery and cybersecurity to manage and lower their risk.
A recent Deloitte research found that 85% of enterprises agree hybrid cloud is the “ideal” IT operating model, with 61% of respondents reporting the need for application mobility across clouds and cloud types as “essential.”
As hybrid work environments continue to stay mainstream in 2021, IT decision-makers have more time to consider what is working in their security strategy and what could be improved.
The pandemic has changed the way we access data, and the way we protect data needs to evolve as well. Increased cloud adoption and remote work will continue to push organizations to make new decisions on how to secure their infrastructure.
As we have seen in recent weeks, threats continue to become more sophisticated and threat actors are finding ways inside the organisation, targeting the most important data and systems, eyeing what brings them the most monetary value.
Identifying anomalous behaviour carries increasing importance once a malicious actor is on the inside of the hybrid network. Traditional defences focus on the perimeter and endpoints most often require agents to be deployed.
While these are essential components of a defence-in-depth, many organisations are reaching agent fatigue and understand that sophisticated attackers will get inside, and once there may tamper with agents and will almost certainly delete logs to cover their tracks.
The network, an oft passed by source for security, provides the greatest opportunity to covertly uncover attacks in progress on the network.
Network data is as close as you can get to the ground source of truth for every communication and interaction that takes place. It’s often said that “if it happened on the network – it happened.”
In the past, the complexity and volume of network data made it difficult to make use of this great resource. Organisations have come a long way to turn this unstructured data into a viable structured data source.
Using network data, Network Detection and Response (NDR), monitor all communications and employs machine learning to understand when abnormal behaviour is taking place on the east-west corridor to provide analysts with all the data they need to stop an attack once it’s inside the network.
If machine learning is taking place in the cloud, the speed and scale of data processing result in a faster response to threats.
By recording packet data, NDR can provide a valuable lookback source when the investigation is required to understand if you have been impacted by a threat like the recent Solarwinds SUNBURST exploit.
Solving visibility challenges with network data
Network data is a foundational source of information. In our interconnected digital world, everything—malicious or benign—crosses the network.
Visibility is a key component of cybersecurity. You have to see the activity to detect it. Network data tells you every IP, device, application and communication that is taking place.
Using this intelligence you can create a complete footprint across on-prem and cloud deployments and use machine learning to understand how the entire hybrid network should behave.
Inevitably, devices will connect to your network that do not or cannot have endpoint agents on them – like IoT or shadow IT. Using network data to discover those unmanaged devices you can monitor them for sketchy behaviour, and also provide intelligence as to where endpoints may not be instrumented or areas of your network that are unprotected.
Cloud acceleration and network data
We are living in a hybrid and multi-cloud world and this trend will continue. The complexity of these infrastructures makes seamless security coverage a real challenge. With this rapid acceleration of cloud adoption as a result of the pandemic, there is a strong case for network data as a central tenet of security. Network detection and response has enabled the same comprehensive visibility in the cloud. Higher-quality insights and fewer false positives will save time and prevent alert fatigue for chronically understaffed security professionals. Decisions can be made in real-time with context, based off of the most powerful, objective, complete source of data: the network.