Aaron Ross, APAC Manager of Technical Services at Paessler, tells us without 360-degree visibility those responsible for safeguarding the sanctity of an organization’s data are flying blind. He says: “CIOs trying to solve the visibility issue are frustrated with too many complex, reactive solutions, which makes them vulnerable to sophisticated threats and attacks, as well as network downtime.”
360-degree visibility is a fundamental cybersecurity and IT risk management strategy that will help to protect critical infrastructure assets and sensitive information. But the increasing complexity of distributed enterprise networks makes this extremely challenging. Digital Transformation is increasing the complexity due to IT infrastructures becoming borderless. The key issue here is that you cannot protect critical infrastructure assets you cannot see.
According to a report by Deloitte – The Value Of Visibility – Cybersecurity Risk Management Examination, implementing a sound cybersecurity and IT risk management program is essential to protecting brands and can give organizations a jump in addressing mounting regulatory requirements.
This includes the Australian Government’s new Cybersecurity Strategy 2020, which will mean that company directors will have responsibilities for cybersecurity, including legal duties to ensure a reasonable standard of IT security in their company to combat risks.
There are increasing legal responsibilities for the operators of the nation’s critical infrastructure too, who will need to allow the Australian cyber spy agency into their networks to fend off any major attacks.
This includes those operating ports, waterworks, power plants, telecommunications, defense organizations, universities, financial services firms, banks, healthcare organizations and those in the food and grocery sectors. There are severe penalties for non-compliance in excess of A$10,000 per day.
Most organizations today have multiple solutions that provide visibility across cloud workloads, on-premise, database, distributed endpoints and users. This quickly results in a fragmented view of an enterprise’s critical infrastructure.
Fragmented view
There is currently a high dependency on point solutions for critical infrastructure visibility when what is needed is a unified 360-degree view of the entire technology infrastructure. CIOs trying to solve the visibility issue are frustrated with too many complex, reactive solutions, which makes them vulnerable to sophisticated threats and attacks, as well as network downtime.
Vulnerability management is not high enough on the priority list for most organizations and despite being advised to take a risk assessment approach to vulnerability, boards need to be educated on the importance of moving away from just checking a box to actually managing risk.
A research study, conducted by the Ponemon Institute, The State of Vulnerability Management in the Cloud and On-Premises, highlights the vulnerability management challenges for hybrid multi-cloud environments. The importance of automated, risk-based prioritization is one of the report’s key takeaways. It also said that the most dangerous security vulnerabilities continue to expose critical assets as a result of chasing down false positives and vulnerabilities that pose minimal risks.
IT administrators are struggling to gain visibility into the far corners of their critical infrastructure and often do not know how to prioritize risk. This blurry vision of the network adds pressure on already resource stretched IT teams to prioritize security in order to protect their critical infrastructure. Without 360-degree visibility, those responsible for safeguarding the sanctity of an organization’s data are flying blind.
Combating threats
In the battle to protect their hybrid multi-cloud networks in an increasingly threat-heavy environment, other tools such as encryption can get in the way. Without the ability to perform what is often known as ‘SSL inspection’ or ‘break and inspect’, organizations can’t examine much of the data moving in or out of their networks.
A mass of scattered information means it is difficult to identify a malicious user, a lateral threat or suspicious activity across a distributed network. Without comprehensive visibility, how do you identify and protect high risk, critical assets?
Post-COVID vulnerabilities
We are beginning to see skeleton staff that operated during COVID-19 now return to the workplace, in a staggered fashion. This adjustment in workflows can lead to mishaps and without full visibility lead to anomalies and changes to assets and devices in the environment, vulnerabilities brought in from devices that were used in the home can unknowingly cause major issues.
According to an article by the Australian law firm, Minter Ellison, lingering issues with remote access now constitute a threat to core business operations and stability. IT and telecommunications systems face new levels of strain and the impact of those systems failing has intensified.
360-degree visibility helps performance
In most enterprises there are separate teams, using different tools, to handle network performance monitoring (NPM) and application performance monitoring (APM) when they really need a system that delivers powerful network discovery, detailed device inventory and automatic network maps. These need to be brought together in a unified system to achieve real-time, end-to-end performance monitoring and troubleshooting, and proactive problem resolution.
Australian organizations should look at a system that provides network traffic analytics and contextual forensic insight to the traffic flowing across their networks, allowing them to monitor, visualize and report on every network conversation. The ultimate goal is to resolve degradation in user experience before users even notice there is a problem.