Imagine an IT security team as a navy crew at sea. A torpedo blasts the ship’s side below the water line. As the water floods in, they can’t even see the hole, let alone fix it. Instead, everyone turns to the pumps to keep the ship afloat.
This is the state of many security programs today. Despite a plethora of point solutions, security teams lack visibility into what they’re trying to protect, their most pressing risks and the security tools at their disposal. Thus security teams operate in constant reactionary mode, while a strategic, proactive security program remains elusive.
The growing popularity of virtual networks further complicates visibility issues. Virtual machines are spun up at a moment’s notice, and security groups and tags are assigned – but not necessarily in line with broader security policies. Network security teams may have no access to management consoles and limited insight as to how changing network architectures affect their attack surface.
But with comprehensive network modeling extending into virtual networks, network security engineers can gain the needed visibility to unify security and compliance processes across their hybrid hardware and virtual environments.
A major challenge to policy and access verification in hybrid environments is complexity. The mixture of physical, virtual and cloud networks with their various security groups and tags, as well as traditional ACLs, makes manual comparison and analysis almost impossible. But by normalising this data and combining hybrid network policies, network access can be analysed end to end and visualised within the model.
Historically, data centres have been protected by perimeter security technologies analysing north-south traffic –traffic into and out of the data centre. Traditional data centre designs assume that all east-west traffic – traveling within the data centre – occurs in trusted, well-protected zones. Recent data breaches, however, have shown that this assumption is no longer valid. Microsegmentation is capable of dividing east-west traffic within the data centre into smaller, more protected zones; but without security visibility into how microsegmentation is implemented, it’s difficult to verify policy is adhered to across the network.
By combining and modeling north-south and east-west policies network security teams can gain end-to-end access visibility throughout their hybrid network. Model-driven visibility also provides a more realistic view of applied policy at the host level rather than verifying access only at “chokepoints” or gateways to the virtual network.
Vulnerability detection in virtual networks
One added benefit of modeling virtual and cloud environments is scanless vulnerability detection. Security analytics applied to the model can deduce vulnerabilities using product configuration and version information. This can significantly decrease reliance on active or third-party scans which are harder to operate on virtual and cloud networks. Incorporating vulnerability intelligence gives a fuller picture of how these networks impact overall risk.
By unifying hybrid IT environments in one model and normalising their data, organisations can break down the barriers that traditionally existed between physical, virtual and cloud networks for comprehensive, streamlined security management.
This information can be further distilled into a simple picture of the organisation’s unique attack surface. Using attack surface visualisations, CISOs to “in-the-trenches” security practitioners to board members can quickly see the interconnectedness of their IT infrastructure and where their most critical security exposures lurk. Attack surface visibility gives an intuitive and deeply analytical tool to make fast, informed decisions regarding incident response, operations and security investments. It provides a common language and reference to stop reacting to symptoms and start treating root causes of security issues, creating a proactive, holistic security program.