Keeping attackers out of the 'atomized network' [Q&A]
As the network as we know it has changed and adversaries are finding success with new attack routes that exploit gaps in defenses.
As enterprise security undergoes a major shift we need to change the way we think about this complex 'atomized network'. We spoke to Martin Roesch, CEO of Netography, to find out about the challenges this presents and how to address them.
BN: What does the 'atomized network' mean and why should organizations care about defending it?
MR: As enterprise networking continues to evolve, applications and data become scattered across a complex environment consisting of multi-cloud, on-premise, and legacy infrastructure -- resulting in a transition that we call the atomized network. The atomized network not only defines multi-faceted environments, but includes the modern workforce that relies on them -- operating on-premises, remote, or hybrid, utilizing many different endpoints. As enterprise networking undergoes a shift, we are required to create new abstractions to properly consider the best ways to defend it.
BN: In September, Netography announced significant updates to its platform. What prompted this product shift, and where do you see the future of network security?
MR: Organizations' transition to highly dispersed networks increased the need for better visibility across all platforms -- something that many have been slow to recognize, but a problem that is increasingly contributing to significant threats/breaches. Netography's updated platform empowers and enables organizations to obtain context from their atomized network infrastructure. This information can include attributes of devices and workloads, location, business logic, application names and information, or any other context kept within an enterprise. Once the context is collected it can be used for detection, monitoring, threat hunting, troubleshooting, or any number of other applications for real-time contextualized network information.
BN: Where do organizations see the most security problems within the Atomized Network? What are some ways attackers bypass traditional security practices to compromise organizational data?
MR: When teams lack an understanding of their entire organization's infrastructure, security leaders can no longer make informed decisions. The greatest challenge is that siloed approaches to hybrid cloud environments ignore the need for consistent visibility and control, putting business operations at risk. When organizations are forced to utilize multiple security solutions and tools to deliver equivalent capabilities across atomized networks, and lack the real-time insight into their networks, attackers can break into the infrastructure and gain access to information that can potentially have detrimental implications.
For example, in an atomized network, an attacker can land an attack unnoticed due to atomization blinding traditional intrusion detection and prevention technologies, and then leverage their access to move laterally. This lateral motion can be to other systems within an enterprise's physical infrastructure and even move to their cloud systems. Once this has transpired, an organization will have to coordinate multiple security technologies, frequently across multiple teams, to determine that they've been compromised and then to scope, contain, and remediate the attack.
BN: Why do you think it took this long to prioritize securing atomized networks and what advice would you give to organizations who haven't adopted this security approach yet?
MR: We are at a point where organizations need to understand that massive changes in the structure and composition of enterprise network architectures have massive implications for how those networks are secured. The first step to being able to make the required changes in enterprise security posture requires knowing what you have, what it's doing, and how it's changing. Never before has there been a solution that offers comprehensive visibility and control for atomized networks in one place.
The change has its roots in the pre-pandemic world, but the shift in work that's catalyzed the atomized networks we're working with today have only emerged in the last three years -- and organizations need to adapt to this new world. We need to rethink our approach to security: instead of defending each area of a network as separate entities with unique needs, we need to think of them as a composite of the components that form them. This way of looking at tech infrastructure will only grow, even if few companies currently use this model. The dated functional silos within security systems are a recipe for disaster that can especially threaten massive companies that don't have a solid understanding of their security infrastructure.
BN: When attackers live in the gaps, security teams work overtime to gain visibility to be able to defend their organizations. How can organizations best support security teams, and approach network security to protect its users, applications, data and devices?
MR: Attackers are finding new routes to success because the nature of networking has changed and defensive architectures haven’t evolved to take on the challenge. As hackers take advantage of disjointed teams and technologies, company leaders should act as a bridge, breaking down silos across technology teams to establish security visibility that’s centralized across an entire organization. Company leaders can help implement shared visibility and control within the organization, acting as the missing piece to ensure an organization's ability to comprehend their atomized network -- answering the fundamental questions of what is on the network, what it is doing, and what is happening to it.
Image credit: fotogestoeber/Shutterstock