Authored by: David Sajoto, Vice President, Asia Pacific and Japan, ExtraHop
Hackers often look for the weakest links to exploit in an organisation to find their way inside the network and move laterally towards the target they seek. When there is a data breach, it is natural to point fingers to identify who is most responsible. But it’s not just a security problem. Breaches happen because of a systematic breakdown that involves many different teams across an organisation. The whole organisation needs to be committed to security to provide the best chance at avoiding a breach.
When a network event occurs, it is crucial to understand the root cause quickly. Is it a security incident that needs to be investigated, is it an application error or a cloud misconfiguration? It’s critical to determine who should respond and how. When the source of the event cannot be determined because of finger pointing, resolution is delayed, and the business suffers, by either allowing attackers more time to breach the network or unplanned downtime.
Every IT team, whether security, cloud or network, has its own responsibilities and its own list of priorities. But these teams are often too siloed. The key to keeping enterprise data safe, experts say, is to get your IT teams communicating and working closely together. The most efficient way to do this is to have them working off of the same set of data.
To identify and resolve problems faster across IT teams, organisations must take three steps to eliminate the internal blame game.
1. Remove Silos for Better IT Team Efficiency
Teams cannot make quick decisions to determine the root cause of an event when they are not sharing data. If network, security, and cloud teams are using different tools and not correlating facts based on the same data, response times increase and contribute to unsatisfactory outcomes.
To increase communication, and provide a common language and experience, network data is a perfect source of truth for all teams. When security operations work closely with network and DevOps teams the result is better communication and faster time to resolve events.
2. Tackle Tool Sprawl
The adoption of new security solutions often leads to tool sprawl to cover a rapidly expanding environment. When every team is operating with disparate tools, there is increased complexity when trying to resolve incidents.
The SANS 2020 Network Visibility and Threat Detection Survey, commissioned by ExtraHop, reported that the majority (68 per cent) of respondents expressed a desire to reduce the complexity of their systems by reducing the overall number of tools involved in their operations.
3. Improve Visibility Across the Hybrid Network
The network of today is complex and is no longer an easily defined and monitored segment. Cloud and edge computing have created permeability and dynamism that traditional monitoring tools were not designed to manage.
According to a recent SANS report, "Incident responders want more insights into network traffic in the cloud environment for IR, and encrypted traffic is high on the list, but according to our respondents, it is also the hardest to acquire."
IT teams need to understand which devices are accessing which network and cloud resources, where the resources are located, and how employees are using those resources, to maintain uptime and availability. Security teams must manage a wide array of risks from both known and unmanaged devices on a corporate network.
Visibility is key, and it is important to rethink how teams communicate. Gartner recommends that infrastructure and operations leaders future-proof network monitoring, better align business objectives with their requirements for network visibility and agility, and increase connections between network and security operations.
Businesses should go one step further, rethinking how their teams collaborate and share data. Network traffic can provide a foundational source for insights. As a ground source of truth that can’t be altered or tampered with, network data provides the best opportunity for faster resolution of network events. Teams have the opportunity to the root of an event in minutes instead of hours to stop a threat before it causes harm, or fix a performance issue before it causes an outage.
Cloud-native network detection and response (NDR) enables security, cloud, and IT teams to gain unified visibility, regardless of the deployment model. When every IT team uses the network as a data source, organisations improve anomaly detection and can respond to threats in real time. The result is a stronger security posture and vast improvements in operational efficiency and uptime.
To stay competitive in today’s fast moving world, businesses need to prioritise communication between security, network and IT teams to ensure events are resolved quickly to ensure positive outcomes.