The 007 film series was and still is one of the most iconic movie series of all time.
As the author of this piece, my favorite one is “Skyfall”. It premiered in 2012, and I can tell that I’ve watched it, like, one hundred times and I will come back to it in the future.
But we are here to discuss cybersecurity. Yes! Let me tell you about one of my favorite scenes in the movie.
It’s when “M”, the Head of Secret Intelligence Service, described the threats that they are facing saying:
“Well, I suppose that I see a different world than you do. And the truth is what I see frightens me. I am frightened because our enemies are no longer known to us. They do not exist on a map. They are not nations or individuals. Look around you. Who do you fear? Can you see a face, a uniform, a flag? No! Our world is not more transparent now, it’s more opaque! It’s in the shadows. That’s where we must do battle. So before you declare us irrelevant, ask yourselves, how safe do you feel?”
And while she was giving this speech, the threat she was describing had already breached the security perimeter and started moving laterally through the building. After a few lines, the threat reached the room…and BANG!
The one thing “M” wants the attendees to understand is that, worse than being breached, is the lack of visibility of such a threat.
Her speech can be summarized in one sentence: You can’t protect yourself from what you can’t see.
And when it comes to enterprise security, network visibility is key.
What is network visibility after all?
Network visibility is about the ability to stay aware of all the activities and data that is crossing your network. The goal of having a wide and clear visible network is to discover any blind spots and halt any malicious behavior..
Okay, so what’s the issue with network visibility?
Complexity, visibility, threats.
The SANS Network Visibility and Threat Detection survey gathered responses from 213 respondents representing a broad cross-section of organizations with at least 1,000 employees.
The report states that more than 93% of respondents indicated that they manage more than a thousand endpoints and almost 90% manage between hundreds to thousands of servers.
As companies grow into public and private cloud environments, going beyond the traditional infrastructure, the report states that 51% of the companies use tools from more than 10 vendors, with 18% utilizing more than 20.
Complexity definitely affects security by making it more difficult to achieve visibility and to streamline security practices. (not sure what this sentence means?)
But when asked about how visible their network are, only 38% of respondents had high or very high levels of confidence in their ability to discover all of the devices connecting to their networks, with just 6% expressing a very high level of confidence.
While the majority of respondents (52%) claim high visibility into traffic entering and leaving their network (north-south traffic), only 17% claim the same level of visibility into traffic moving within their networks (east-west traffic).
This lack of visibility in lateral movement traffic surely has its own consequences. More than 64% of respondents reported suffering at least one successful attack within the last year.
Having visibility into every device and how each is meant to behave on your network is crucial to understanding its normal traffic and what could be considered a deviation.
But there are some challenges that stop companies from achieving the desired level of visibility. 62% of respondents claim that Lack of staff is a major challenge when trying to keep up with visibility, while 51% also added that lack of time — including having other issues with greater importance — is also a challenge
A way out?
One of the solutions to acquiring wide visibility on a network is to get help from automation.
In the previous blog post, we discussed the influence of security automation and how it helps to address the talent shortage and alert fatigue, and to gain visibility.
Security automation helps enterprises gain visibility by being adaptive to changes across all the devices in the network, no matter how large scale the network is.
Once you have an adaptive view of how the network should behave and what the user behaviors within it look like, you can easily surface malicious activity and respond to threats.
As a conclusion, let’s take up a poem recited by “M” in the same scene I discussed, dedicated to all security professionals out there battling cyberattacks every single day.
“We are not now that strength which in old days moved earth and heaven, that which we are, we are. One equal temper of heroic hearts, made weak by time and fate, but strong in will. To strive, to seek, to find, and *not* to yield.”
We invite you to know more about a solution that will enhance your network visibility and try it if you are serious about your security posture.