2020 brought with it a series of changes with very little notice, and left even less time for planning. A year after a mass work-from-home migration, it has become clear that the changes seen in 2020 marked a turning point, not an anomaly, for today's IT security teams. The reactionary proliferation of remote access and cloud adoption will only continue as organizations see their long-term benefits.
The lessons learned during this transition year should be applied to your future strategy. To help inform your security efforts in 2021, you can download the recent SANS infographic, offering a year of insights from SANS Institute surveys, distilled into five key lessons.
As we move past the one-year milestone, it's time to think critically about what's working, and what could stand to improve. For more on what's coming in the next year, ExtraHop's Mike Campfield joined Enterprise Security Weekly to discuss why network detection and response (NDR) is critical to the future of security. We summarized his key takeaways:
The Data Lake Unicorn
There are a number of potential data sources for security. In an ideal world, you'd have a single, shimmering lake of information, with every tool looking at the same data. Unfortunately that's not the world we live in. Data isn't water; it's complex and abstract, existing in many different formats and languages.
Traditionally, security professionals have looked first at the data provided to them from endpoint and logging tools. For a long time, there was simply too much network data to process. Now machine learning, using the vast compute power of the cloud, can drink from the firehose for us and return actionable insights.
Campfield recommends looking at network data first and using that as the foundation of your security strategy, reversing the traditional approach.
Why Network Data First?
Network data is a foundational source of information. At the risk of being tautological, looking at the network can tell you what's on your network. In our interconnected world, everything—malicious or benign—must cross the network to achieve anything, making it the logical place to look first for visibility within your enterprise.
Further, there are many cases where network visibility can expose the blind spots that other tools have missed. Inevitably, devices will connect to your network that don't or can't have endpoint agents on them. NDR can not only instantly monitor those devices for sketchy behavior, but also can provide you with an up-to-date inventory to keep your endpoint and logging tools in the know.
Those traditional security tools also have gaps in their cloud coverage, and with cloud adoption rapidly accelerating, there's a strong case for NDR as a central tenet of security.
NDR in the Cloud
We're living in a hybrid and multicloud world. The complexity of these infrastructures makes seamless security coverage a real challenge.
By working with cloud providers to open up packets to security vendors, network detection and response has enabled the same comprehensive visibility in the cloud that it gives elsewhere. Higher-quality insights and fewer false positives can save time and prevent alert fatigue for chronically understaffed security professionals. Decisions can be made in real time and in context, based off of the most powerful, objective, complete source of data: the network.
Network detection and response is one of the top-growing segments in security today. To learn more about why it belongs in your 2021 strategy, check out the ESW podcast.