“The rapid growth of network data, the need to maintain a large number of applications, and the rapid development of technology; all these are driving the complexity of the network to rise. At the same time, cybercriminals are constantly upgrading their technology to seize network vulnerabilities and act recklessly. Knowing the full situation of network traffic is the best way to ensure high security and high performance. With only partial visibility, it is far from sufficient.
Author: Mark Pierpoint (President of Keysight Network Applications and Security)
The rapid growth of network data, the need to maintain a large number of applications, and the rapid development of technology; all these are driving the complexity of the network to rise. At the same time, cybercriminals are constantly upgrading their technology to seize network vulnerabilities and act recklessly. Knowing the full situation of network traffic is the best way to ensure high security and high performance. With only partial visibility, it is far from sufficient. Encrypted, lost, or damaged data can cause blind spots, so that performance issues and security risks can be exploited. This article explains why the implementation of a network visibility architecture is of vital importance to discovering and preventing possible dangerous blind spots; even for very mature companies, blind spots can cause serious damage to them.
Mark Pierpoint, President of Network Applications and Security, Keysight Technologies
1 What are the impacts of blind spots and network vulnerabilities on businesses outside the network?
Digital transformation is difficult to separate the network from the business itself, because everyone uses data in some form to improve processes, improve performance and customer satisfaction. According to a study published by McKinsey 4 years ago, only 40% of enterprises have accepted digital transformation. However, due to the impact of the epidemic, this ratio is now obviously much higher. There are various networks in more technology-based companies, including mobile networks that create major services for providers such as Verizon, and more operational technology (OT) networks beyond traditional IT. These may be critical for controlling HVAC in factories or office buildings, or for water and gas supply. In the past 2020, tremendous changes have taken place in all industries. More and more employees have begun to work from home, and there have been more and more digital connections between partners, suppliers and customers. Therefore, in the author’s opinion, the network is very closely connected with every enterprise, and the operation status of the network will directly affect the enterprise. If blind spots and vulnerabilities lead to data leakage, customers, employees, and many other aspects will be widely affected. Not long ago, a meat processing plant was invaded; a few weeks before that, Colonial Pipeline was attacked; SolarWinds was attacked even earlier. We still don’t know the impact of the attack on SolarWinds. Cognizant released a report about the attack the company experienced in the previous month in May 2020, and it is expected that the attack will have an impact of (50,000-70,000) million U.S. dollars on its business in this quarter alone. However, the monetary impact is clearly only part of it. It takes an average of 200 days for you to discover your own vulnerabilities and find out the specific reasons. Then it takes another 80 days to remediate the impact of the vulnerability. In addition, companies must also consider the loss of brand reputation and customers. Loss of customer data may cause greater consequences, and it will take longer to remedy. Therefore, it is very important to have a clear understanding of the network and the risks and vulnerabilities you face. Because of this, this is a very serious problem for most company boards today.
2 What is the point of sending the right data to the right tool at the right time?
It’s like going to the hospital to see a doctor. You received a blood test, but the report was sent to a radiologist, or you had an X-ray or CT, but the result was sent to a dermatologist. This is obviously not a good phenomenon. It is obviously unwise to send wrong information to the wrong place. This may sound like no big deal, but under normal circumstances, network monitoring and security tools will receive too much data, too little data, or inappropriate data. If this problem is not solved, companies will pay a high price. If used properly, we now have many effective tools available, but they can be very costly. The point here is not only to send the right data, but also to send the data at the right rate so that the tools don’t get overwhelmed. Suppose you have an IP voice tool. This tool knows nothing about video, if you want to get video analysis data from it, it will be useless. For an effective visibility architecture, the core is to optimize the number of tools you already have, especially the more costly tools. Cases prove that an appropriate visibility solution can save more than three times the deployment cost. However, we need to further develop the effectiveness of these tools, and sending the right data to the right place at the right time will help achieve this goal.
3 IT has the benefits of insight to solve problems faster and proactively
We usually talk about IT, but we also talk about OT, including in areas such as smart buildings and manufacturing, utilities, or transportation. We used to think that IT and business are separate. But I don’t think that today’s IT is just a supportive activity; on the contrary, in most cases, it is essentially inseparable from business development. If we only consider our own business without understanding our sales target, sales location and sales time, it will have a huge impact on how to combine products and enter the market in different ways or solve problems. If a company can diagnose faults faster because they have a visibility architecture that can provide insights into all network traffic, they can find these problems faster. Therefore, we will talk about how to reduce the mean time to repair (MTTR) from the usual hours to a few minutes. Ultimately, this will bring better results to our customers and their customers (end users). It is also important to realize that more than 30% of traffic in modern IT networks may be related to “management work.” In other words, these include handling backups, handling configuration changes, and handling copies of traffic used for visibility. Implementing these systems in the best way also helps improve the overall performance of the network.
4 The benefits of enterprise network visibility to end users
End users are always interested in continuing to use the types of services or functions they are accustomed to, whether they walk into a store and use a credit card to pay, or streaming video without freezing. Fundamentally, a well-structured visibility solution can play the value of extending the uptime of these services and functions. It is true that we can reduce loopholes. But in the final analysis, it is like an anti-theft alarm. Although it cannot prevent the thief from entering, it will give you an early warning. It allows you to deploy the right resources at the right time, allowing you to respond quickly and minimize losses. It is like a thermal imager, allowing you to see hot and cold spots clearly. It makes sense to spend a little money to solve hotspot issues and identify damaged areas, because we know that we will never be able to completely prevent heat loss. It enables companies to make proactive decisions, deploy capital more effectively, and take all these actions based on real data.
5 What are the biggest persistent cybersecurity threats?
First of all, network security threats cannot be avoided. Perhaps this is not surprising to everyone, but in every system we have, the weakest link is always people. Regardless of how vulnerabilities occur, most vulnerabilities require some information and an entry point to be effective. Phishing and other online scams that try to collect important information through social engineering prove this to us. The author believes that this will eventually continue to be one of the biggest challenges facing the cyber security world. Education and training and continuous safety awareness are critical to solving this problem and making progress. In addition, we will continue to see hackers targeting non-traditional areas. The SolarWinds case showed us the first major hacking attack in the supply chain. In a forward-looking security threat report released in 2019, we predicted this type of vulnerability. Don’t know if this is a good thing or a bad thing? It is not a good thing to make correct judgments about bad things. According to my estimation, this situation will continue to affect some non-traditional areas, because the ultimate goal of ransomware and other attacks is to bring down the enterprise by extracting funds. As the author said earlier, not long ago, a meat processing plant became the target of attackers. The amount of cybercrime today exceeds 6 trillion US dollars per year, and it continues to grow at a very rapid rate. The percentage of hackers brought to justice is still very low. As far as crime is concerned, cybercrime may be one of the lowest-risk causes because no one has to come forward in person, and may not even need local support, so they can get away with the law. If the company is not prepared, there will be a lot of remedial measures to be taken, and the costs of all aspects of these remedial measures will be very high. The Cyber Catalyst by Marsh joined by Keysight Technologies in 2020 is an interesting plan that points out the direction for the future. The program is aimed at insurance companies that provide insurance services against ransomware and other security vulnerabilities, helping them evaluate network products and security products that help reduce customer risks. This program provides training materials and access to best practices. If companies follow best practices or use specific certified products, their premiums will be reduced. This encourages every company to have a deep understanding of the best practices that can reduce the risk of vulnerabilities and how to quickly take remedial measures when vulnerabilities occur.