Dr. Mark Pierpoint, President, Network Applications and Solutions, Keysight Technologies
By operating more and more in digital spaces, we gain more capabilities and value, but we are also exposed to many new vulnerabilities. Cybersecurity oversights have consequences, and the cost of a breach can be assessed in terms of lost business, loss of credibility, or even loss of life.
Four concepts will help achieve the ultimate result that security professionals are looking for: keeping everything running while keeping everything secure. The first two ideas, readiness and organization robustness, are a general purpose, while the next two, security visibility and security auditing, are more specific.
Everything and Everyone, Connected
Throughout the world, many perpetrators are attempting increasingly sophisticated attacks. Their goal is to disrupt the lives, businesses, or governments of their victims and, increasingly, to extort payment for not doing so.
It's safe to say that they love the opportunities presented by the long-term vision of “everything and everyone connected”. On the plus side, the value of this idea has been amplified by the lessons learned during the pandemic: connectivity is essential for customers, businesses, and governments.
Users today have higher expectations, such as instant access, no lag, and XNUMX/XNUMX availability. In fact, recent surveys show that end users are more concerned with XNUMX/XNUMX availability than security.
Everything and Everyone, Protected?
When our devices and service providers can offer reliable, ubiquitous, and continuous connectivity, they bring us enormous benefits. But this is a double-edged sword. The dark side of ubiquitous connectivity is a rapidly expanding attack surface. More access by more users and more devices creates what seems like an infinite number of potential access points.
As a consequence, there may be severe vulnerabilities in communication networks, defense systems, Industrial IoT deployments, and connected cars, among others. With virtualized networks, open APIs, mandatory interoperability, and the massive use of LINUX, many crucial technologies add to the risks.
And then there is the data: individuals, companies, and governments are generating massive amounts of high-value data. While stricter regulations have increased the penalties for the publication of private information, this does not appear to have slowed the rate of publication.
All of this raises the crucial question: How well is everyone and everything protected?
Everything working, everything safe
At Keysight we have spent a lot of time talking to our clients about these issues. And while it's easy to get lost in the details, we can take a step back and clearly state the end goal: keep everything running while keeping everything even more secure. So the ultimate measure of success is keeping your core business running while keeping everyone and everything safe.
On a day-to-day basis, keeping everything secure depends on your tools and your perspective. Let me give an example. A thermal image of a well built house could easily represent your network. You could, in fact, use a leaky house for your purpose, but you may not be aware of all the points where heat is escaping.
You might not be able to stop XNUMX percent of the losses, but you could do something. As a starting point, an experienced structural engineer, equipped with the right tools, could quickly assess the situation and offer recommendations that will make your home a more comfortable place to live and help you save money.
Two General Recommendations
A variety of manufacturers, including Keysight, can do the same for you and your network. Four key recommendations will help you be prepared for the capabilities they offer. Two are general and strategic, specifically robustness and preparation. The other two are specific and tactical: security visibility and security auditing.
In the face of present and future realities, organizations that are not adequately prepared will become increasingly fragile. The durable alternative is robustness. The key factors for success in robustness are awareness and action. Awareness is realistic and pragmatic: it assumes that you've been and that you will attacked. Furthermore, we suggest that you prepare to have “time critical response” as your standard tactic. Action plans should speed progress from detection, confirmation, remedy and recovery. Staying ahead depends on continuous learning and adjustment.
The foundation of robustness is the preparation. A basic environment that is probably familiar: people, product, process, and tools. For your people, training and preparation are, of course, essential. But beyond training, security competitions have adopted from the military that they prevent your practice sessions from being predictable and boring.
On the product side, the percentage of security failures caused by misconfigurations is still around 90 percent, but testing dramatically reduces this number. As staff are maintained, even as risks and exposures increase, process improvements and automated tools improve speed of detection and response.
Two Specific Recommendations
While the four-part environment may be familiar, there are plenty of tools, all of which promise to fix your problems. The right tools make a material difference in robustness and preparation:
- Full coverage has both qualitative and quantitative aspects.
- Security visibility needs to be north, south, east, west, and even to the farthest, darkest corners of your network.
- Security auditing is the process of pressure testing your network.
As a final point, new solutions should be able to easily integrate with your current tools, ideally simplifying your processes at the same time.
Let's take a close look at visibility and auditing, which are specific recommendations. Visibility brings us back to the thermal image of the leaky house. A proper tool provides a higher level of visibility into where the leaks are occurring.
The same thing happens with your network. If you don't know what data is traversing your network, what application is active, and who is talking, you simply don't know your own network.
This is where visibility solutions come in. Whether in a cloud or on a physical network, these tools can provide a variety of useful insights: intelligently select the traffic to analyze; or intelligently steer some or all traffic to next-generation firewalls, data loss prevention tools, or sandboxes.
Some visibility solutions can also create critical metadata with information about traffic, reducing visibility overhead: Who is speaking on the network? Where does this data originate? In what applications? In which browser?
In other words, visibility capabilities can provide everything a security engineer needs to know to detect, find, confirm, and make a decision.
The security audit includes stress testing your network using a comprehensive and realistic simulation of the harshest possible conditions it may experience. This includes attacks on the network itself and insurance. Security Operations, or “SecOps,” is a collaborative effort between information technology (IT) security teams and operations. The focus is on integrating tools, processes, and technology to achieve the collective goal of keeping the organization secure while reducing risk and improving agility.
SecOps tools called threat simulators allow you to hack your own network before hackers do. For example, breach and attack platforms like Keysight's Threat Simulator allow you to safely simulate attacks on your production network, identify gaps in coverage, and fix potential vulnerabilities before attackers can exploit them.
The Measure of Success
Moving forward, our increasingly connected world requires new security tactics. The foundational elements are preparation, robustness, visibility, and pressure proof. These will help you achieve the ultimate measure of success: keeping everything running while keeping everything more secure.
