As 2023 draws to a close, it’s a good time to consider how security leaders may need to shift their cyber strategies in the new year. One thing that’s certain: threat actors will continue trying their hardest to exploit any cyber weaknesses they can find, so ensuring your organization’s cyber hygiene is in top form will remain critical. To that end, network visibility will be a crucial part of organizations’ transformational security plans in 2024.
With the cost of defending organizations against increasingly savvy threat actors climbing, security leaders are looking to buy down as much risk for the dollar as they can.
Network Visibility Will Be Crucial to Organizations’ Zero Trust Plans
Security leaders are already leaning into network detection and response (NDR) as a key strategy for cost effectively modernizing their networks. Not only does NDR play a crucial role in zero trust, it also picks up where tools like EDR and SIEM leave off.
With the cost of defending organizations against increasingly savvy threat actors climbing, security leaders are looking to buy down as much risk for the dollar as they can. NDR helps in that respect by giving organizations risk visibility that they can’t get from other tools and by providing east-west traffic data to make EDR, XDR, and SIEM tools work more efficiently and effectively.
Additionally, security leaders want to ensure their organizations’ cybersecurity investments will contribute to future cybersecurity plans. These plans are likely to include meeting government compliance mandates and zero trust security controls—all of which require the ability to visualize your entire constellation of endpoints, whether it’s servers or mobile devices on the tactical edge.
For example, within zero trust there are seven pillars, or focus areas, that are commonly accepted as necessary to work in concert to achieve an effective zero trust implementation. Visibility plays an ever-present role in each pillar:
- User - Can you see who is using your network?
- Device - Can you identify what devices are on your network?
- Data - Can you see the different kinds of data traveling around your network and where it’s going? Can you assess encrypted data for threats?
- Applications/Workload - Can you see what applications are in use?
- Network/Environment - Do you have a holistic picture of your network architecture?
- Visibility/Analytics - Can you monitor the activity on your network holistically?
- Automation/Orchestration - Can you establish a baseline of normal network activity, then apply AI to automate both detection of suspicious deviations from normal network and user behavior and policy enforcement?
Furthermore, as adoption of cloud and mobile technologies continues to increase and erode the traditional network perimeter in the process, the ability to monitor your network traffic–especially within the east-west corridor–becomes ever more critical. Even the best firewalls and endpoint detection systems cannot keep out every intruder, including malicious insiders who use their legitimate credentials to disrupt, deny, or thieve. East-west traffic is where you’ll discover the post-compromise behaviors, like reconnaissance, lateral movement, privilege escalation, command and control communications, and more, that signal an early-stage attack. If you are serious about mitigating risk to the mission, then visibility into east-west traffic, not just north-south traffic, is absolutely essential.
NDR also offers insight into what can’t be secured, what needs to be patched immediately, and what is well secured. This enables leaders to better communicate their organization’s risk exposure to the board and senior management team and to make informed decisions about their technology stack. Legacy applications that can’t be secured can be addressed immediately, while those in need of patching can be prioritized based on the category of risk. Retiring and consolidating applications not only leads to better security, it also reduces costs and complexity, and aids in budgeting for tech upgrades.
The ability to deter, detect, deny, defend, and quickly recover from malicious cyber activities will require a robust solution. A combination of technologies, processes and resources is likely to be part of your zero trust strategy. Developing a scalable, resilient, auditable, and defendable cybersecurity framework will also be crucial to strategically protect your environment. But it all starts with visibility. After all, if you don’t know what you’re protecting, how can you possibly defend it properly?
To share your perspective, check out the discussion on the ExtraHop customer community.