Organizations across all industries have a network visibility gap problem. Most enterprises today have countless endpoints connecting to the network thanks to the proliferation of Internet of Things (IoT) devices, the move to cloud computing and the convergence of IT and operational technology (OT) — which includes industry-specific technologies like medical devices or factory machines — that are necessary to keep businesses running. The end result is IT and security staff aren’t able to see all of the activity happening on their networks, which can lead to undetected intrusion by threat actors and serious security incidents for the organization.
The rise in endpoints comes at a time when bad actors are becoming more sophisticated and more organized, according to Pedro Abreu, chief strategy officer of ForeScout, and these bad actors are very good at making themselves invisible. Everyone within the enterprise, starting with the board of directors and down through the company, needs to increase their level of cyber awareness and recognize how to turn the invisible into visible on the network.
Trends that make the network invisible
The Bring Your Own Device (BYOD) movement can be blamed for starting this visibility gap in the network. Abreu pinpoints the problem on Christmas 2010, the year Apple came out with the iPad, and when executive-level employees wanted to use their new gifts to access work emails and other data. “They became so enamored with the technology,” Abreu added, “that they demanded their IT departments to allow them to connect the devices, regardless of the security implications.”
While IT organizations were challenged by this influx of new ‘consumer’ devices, because of the limited number of operating systems on smartphones and tablets, organizations were able to develop solutions to address this risk. They may not have been able to see every device, but when they did, they could install software directly on the device to protect their networks.
The challenge is much bigger with IoT. “One, it is not just employees using their own devices; every function in the business is coming to the table and saying, ‘I need this,’” said Abreu. “Two, IT doesn’t have a choice to add security functions to those devices. Most of them are closed and come in thousands of different operating systems.” It’s why you need a different security approach that works at the network level rather than depending on installing software on the device itself.
The growth of cloud computing has also created a visibility gap. Gone are the days when IT had physical control of their servers. Now, they leverage public clouds like AWS or create their own hybrid clouds. While these cloud architectures give companies tremendous agility to bring new applications and services, it also means that they are quickly losing visibility into these environments. “Security teams are struggling. One of our customers estimated that they have somewhere between half a million and a million virtual servers, but could not say exactly how many. That is a huge gap,” said Abreu.
Finally, there is the convergence of IT and OT. OT networks have always been around, but in the past, the approach to security was to ‘air-gap’ them from the internet and the rest of the corporate IT environments. Now, industries see how the data generated by OT can help the overall business, and they are shifting to connect those devices to more networks. “Organizations are beginning to realize they have a lot more risk, and they need to provide more security for it,” Abreu explained.
Closing the visibility gap
With these trends — and particularly with IoT — you have to change the way you address security. “Without visibility of these endpoints, IT loses control,” said Michael Roling, who, as chief information security officer for the state of Missouri, oversees an employee network of over 40,000. “We have to focus on technology that helps mitigate some of the risk of losing control.”
Ideally, every individual endpoint will have security built in, but that’s not possible, especially in IoT, as manufacturers aren’t yet building security into the devices. Organizations, then, need to step up and solve the security problem. That’s why adding the security function at the network level is a more viable solution. Adding these tools at the network level then gives IT the ability to see every endpoint and handle security accordingly. Because, after all, you cannot protect what you cannot see.
“Visibility is now a key piece of security programs,” said Andrew Howard, chief technology officer of Kudelski Security. “Without visibility of your network, your security tools won’t matter.”
“You have a house that has 10 windows,” explained Abreu. “All of a sudden it has 100, then 1,000, then 10,000. At some point, you can’t be as safe as you were when you had 10 windows and knew what was coming in and out of that house.”
Many organizations take pride in their safety standards. It’s time to have that same attitude about cybersecurity. Good security means being able to have full visibility of every device connecting to the network so you can see potential threats and having the right security tools to address the concerns brought by IoT, OT and the cloud.
“It’s about understanding the risks,” said Abreu, “and companies being able to protect themselves. If you know everything that’s on your network, you can make more educated decisions about where to spend your cybersecurity budget.”