Nowadays, defending against asymmetrical cyber warfare using the old paradigm of focusing on North-South traffic is no longer valid. Attackers have discipline, creativity and more aggressive plans as the attack surface continues to expand with more digital assets inflating the value.
Most cyber attacks and defence will start from a North-South direction, but once inside the network, an attacker will spread horizontally using East-West tactics. This is the precise moment when a combination and synchronization between visibility tools and security tools will be imperative.
The Visibility Layer and the CISO Playbook Strategy
The visibility layer enables the deepest packet-level analysis to identify network anomalies and characteristics that can allow for a better understanding of how network elements communicate and what end points or flows exist across the entire digital warfare map.
Within a cyber security framework, visibility is a fundamental pillar and serves as a collaborative tool for both SecOps and NetOps. Additionally, Chief Information Security Officers (CISOs) understand that in their playbook strategy, visibility tools are strategic building blocks. These tools serve red and blue team exercises and live operational activities that should systematically collect, detect and secure dynamic and complex networks and digital assets.
In the modern CISO playbook, there must be a strategy for how analysis tools use advanced techniques and algorithms to automate highly complex processes that were handled in the past exclusively by human analysts to detect proof points of security compromise in the ocean of data that is passing their network. Yes, their network...that has faded boundaries that span physical and logical borders extended by the nomadic nature of users or machines that communicate between them via mobile and fixed line networks from physical layer and up to APIs. All seven OSI layers are active in rapid mode and require visibility and correlation to set trusted and untrusted binary policy rules in the CISO playbook.
This gets even more complex with asymmetrical traffic and structured and unstructured data that increases the exponential demand for machine learning, deep learning and artificial intelligence. Such measures are imperative to cope with human factors that are unable to scale to handle large and complex Advanced Persistent Attacks (ATP). Without deep visibility into every packet level, any tight and precise playbook will be incomplete - you can't automate processes that can't see the threat...
Visibility serves as a fundamental pillar for in-line threat mitigation and out-of-band security analytics that scan data that is either stored, at rest or collected in motion at any wire speed on modern high speed networks. And, a collective effort of NetOps and SecOps teams will be required as they form a new structure in an emerging new CISO playbook.
Forensics and Telemetry Data
As organizations continue to understand the value of network security and the mediation layer of visibility, two areas of interest for packet-level inspections arise: network telemetry and forensics.
Forensics is associated with raw data, without change or modification, that will provide a very detailed analysis of an investigation. Visibility tools enable efficient collection of raw data that capture whole packets or net flow/IPFIX logs and any raw data to consider as valid for later stages. Such data can be retrieved, analysed and replayed as proof of evidence.
On the other hand, visibility into network telemetry data offers insights into a full spectrum of real-time traffic from a given source with detailed snapshots of sessions and packet headers, rather than packet payload or content. Telemetry data shows real-time actions and provides the basis of security policy frameworks for SecOps, while NetOps plays a counterpart role to deliver the "essential dots" in a big picture story.
Visibility in the abstracted and agile era of the cloud poses new challenges and opportunities in the big picture strategy. More appliances transform into virtual security and monitoring tools and require agile deployments in strategic points of networks. This is not obvious, as traditional frameworks between NetOps and SecOps might slow down with the introduction of new solutions and adjustments to the playbook. Adding a new generation of visibility platforms to the IT organizational playbook is necessary to collect and deliver precision data for hosted virtual security and monitoring tools to form new architectural concepts that streamline the adaption of new tools, reduce complexity of operations and form practical threat prevention in motion.
Today’s IT playbook must be agile today’s threats, attacks, networks and infrastructures are. To be effective in this new world, new visibility platforms such as the Niagara Open Visibility Platform™ can “connect the dots” to establish the bigger picture to serve security agility and streamline the common needs of NetOps and SecOps activities. To learn more, please visit www.niagaranetworks.com