• United States



Contributing Writer

The Network Is The Security

Nov 09, 20112 mins
Advanced Persistent ThreatsBig DataCisco Systems

Large organizations doubling down on network monitoring in response to APTs

How do you detect sophisticated attacks in progress? It isn’t easy. Large organizations collect data from a number of sources like log files and NetFlow and then organize and analyze this data using tools like log management and SIEM. Based upon the recently-published ESG Research Report, “U.S. Advanced Persistent Threat Analysis,” these tried-and-true security methods are no longer enough. What’s missing? Granular detail about the network — network behavior, payload analysis, packet analysis, application-layer analysis, network performance, etc. from layers 2 through 7 of the OSI stack. Here are a few data points from the report which leads me to this conclusion:1. 68% of organizations depend upon network management tools to determine if they are experiencing a cyber attack. The next closest response was “log file analysis” at 51%.2. Of those organizations that have created or modified security processes in response to APTs, 52% have, “improved network traffic monitoring for attack patterns or other anomalous behavior.”3. Of those organizations that have purchased new security technologies in response to APTs, 42% purchased network behavior monitoring technologies. This and other data in the report tell me that large organizations really aren’t sure about what’s going on in their network. This impacts business operations AND leaves them vulnerable to attack — a lose-lose if there ever was one. I have several thoughts about what this means:1. Cisco is in a very good position to help address the network visibility problem since it owns most of the network. As such, it should investing heavily in network monitoring technologies for security as well as performance.2. If anyone still needed a reason why RSA purchased NetWitness, here it is. 3. Look for the security industry to pay far closer attention to open source network monitoring tools like Suricata, HTTPry, and Sguil. 4. There is a huge data problem on the horizon and enterprises need to capture, normalize, and store terabytes of data while simultaneously analyzing this data in real-time. SQL databases are no longer a fit here. 5. Network monitoring pure-plays like Compuware, ManageEngine, NetScout, NetQoS, Net Optics, NetScout, and Quest are missing a big opportunity if they don’t look long and hard at a network security monitoring play. 6. Monitoring is just the tip of the iceberg. With better data and analytics, CISOs can take automated actions to enforce granular policies. More on this soon.

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author