Closing the network security gap

By understanding that a network security gap exists and by leveraging the right adaptive security technologies, eliminating vulnerabilities across the network becomes much easier.

abstract circuitry with padlock for security
Thinkstock

Network architects and security engineers are looking for ways to be proactive in their approach to network security. By taking information gleaned from leading network performance and analytics solutions, matching it against policy and then automatically, and in real-time, updating traffic flow and network configuration they can ensure network integrity and security.  Some people are calling this closed loop an 'adaptive response'.

There are many approaches to adaptive response, for the sake of this article adaptive response is used by security teams as part of a layered defense analysis. This is accomplished with information and security context being pushed and pulled from various security solutions, and ultimately provides automated actions that can be applied in any given security issue based on this information.

The challenge

Adaptive response only works when there is a simple way to collect data, and then connect the analytics (I know what I have) to the action (this is what I want to do with it).  Current network security architectures include controls, endpoint solutions, threat intelligence and access management with each doing its job well, but not necessarily playing well together. Each has its own place and role in the architecture creating security intelligence that require a lot of people and time to analyze and then take action. Where the analytics are incredibly powerful and readily available, collection and action are not.  Gartner defines the three key stages of a threat intelligence strategy to be acquire, analyze, and action; it’s precisely the acquisition and action stages that are missing. 

Gartner predicts that, by 2020, 40 percent of large organizations will have established a “security data warehouse” to support advanced security analytics. To harness the power of analytics, organizations need better data management in order to close the network security gap to produce automated (adaptive) response.  The trick is finding a solution that can act as both the acquisition point and the action point without performance or scale limitations.

Disaggregation and automation go together

For the gap to be properly closed, with automation, it’s very important to note the performance and scale required. This can only be achieved when hardware is separated out from the heavy lifting of the analytics. This disaggregated approach requires new thinking, but it leads to the right place, with all the network traffic analysis and smarts in the cloud (where they should be, and using whatever tools). With the right analysis in the right place it is easy to then set the directives to adjust and filter bad traffic in disaggregated and optimized hardware.  

This philosophy of disaggregation is the enabler of real security automation through control points which are the answer to closing the network security gap. 

Ensuring security and traffic flow across the network requires a solution with full transparency, which also has full line-rate performance and is ultra-precise. By leveraging these capabilities, you now have full control of any packet with any user-defined rule to deliver a wide choice of actions programmed through REST or BGP FlowSpec: accept, drop, rate-limit, copy, redirect, ACL and more.  The ability to program hundreds of thousands of different rules and have the network respond at a per flow level gives control back to the network architects and security engineers who can now define policy, flag anomalies through rigorous analytics and automatically shut down bad flows at any scale. 

Summary

There is no end of the cyber threats that large organizations need to defend against. To help stop today’s and tomorrow’s threats, it requires much greater visibility and analysis of security data throughout the organization. Traditional security solutions are limited due to the primary architecture with old approaches to data stores and because of various other rigid elements. The complexity and lack of flexibility created by so many security technologies applied across a large network can be the bottleneck in effectively finding and solving security issues. Adaptive response changes the traditional security posture of finding, analyzing and acting from day/hours to minutes/seconds.

By understanding that a network security gap exists and by leveraging the right adaptive security technologies, eliminating vulnerabilities across the network becomes much easier. With an adaptive security approach based on a clean disaggregation of hardware from software, network integrity can quickly move to the next level and deliver a more unified defense.

This article is published as part of the IDG Contributor Network. Want to Join?

NEW! Download the Winter 2018 issue of Security Smart