Modern Threat Detection: It All Comes Down to Visibility
-
By
Matt Wilson
, Vice President of Product Management at Netography - Featured, Network Monitoring Best Practices,
Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Matt Wilson of Netography examines how increased visibility should be the focal point in improving NDR solutions and threat detection.
As threat actors continue to target networks at their weakest points, the cost of resulting data breaches can be crippling, but it doesn’t have to be that way. We can do better, saving money and time, by understanding where legacy solutions could use additional support, and where they often leave organizations vulnerable. This article looks at what shifts need to be made to provide today’s necessary network visibility level to ensure organizations receive proper threat detection.
A Look into Today’s Networks (and Their Threats)
Unsurprisingly, attackers have learned how to bypass traditional and legacy solutions that have been on the market for years, making every organization that much more vulnerable to an attack. Organizations must have full understanding and visibility into their networks, as threat actors are becoming more advanced and sophisticated with their attack methods; therefore, organizations need to adapt their security practices to reflect the same. In fact, in 2022, the average total cost of a data breach reached a record high of $4.35 million, and it took nearly nine months to identify and contain the breach. And while monitoring threat actors, external actors were responsible for 83 percent of breaches.
Over the years, many organizations reaped the benefits of traditional and legacy solutions, but today’s networks need more as they continue to expand and diversify. Traditional tools cannot keep up with the new networks that have more encrypted traffic, an increase in cloud investments, and require organizations to have control over their own detections.
For example, when Network Detection and Response (NDR) first emerged, there was no doubt that it supported core security requirements, such as detection of unknown attacks, threat hunting, and the necessary response (detection and response are in the name, after all). The fact of the matter is that if NDRs were foolproof, organizations wouldn’t really require much else, but unfortunately, that’s not the case. With threat actors becoming more creative, knowing how to bypass legacy solutions, zero-day codes, and common end-user errors, NDR tools cannot guard everything. Now security teams need reliable solutions that work to protect today’s unique networks.
In the End, It All Comes Down to Visibility
In order to offer stronger threat detection, beyond a traditional NDR solution, security leaders should be armed in the following, often overlooked, areas that help provide the necessary visibility:
- Insight into the importance of real-time visibility and metadata: Find a solution that leverages metadata in the form of flow data to provide real-time visibility, making it possible to see what’s happening in the shadows of your network– the areas that aren’t covered by your Endpoint Detection and Response (EDR), NDR, and the disparate tools from different cloud providers. A strong solution can provide your organization with one source of truth when looking at your network to eliminate all blind spots.
- Context into what your network traffic means: Tags and labels enable visibility, automation, and operational governance for the applications and infrastructure that an organization relies on. Providing a granular look at all applications enables organizations to keep up with an ever-changing environment. A modern tagging and labeling strategy will provide meta-level detail for applications and infrastructure, and provide the context for security and compliance requirements, application or device location, owner, capabilities and constraints, costs, and any other data that will be helpful for teams across the organization.
- Focus on the right of boom: When we detect signs that someone is trying to probe our defenses in search of vulnerabilities they can actively exploit, or perhaps are in the process of actively exploiting, the objective is to block them. In order to properly defend, it all comes down to the capabilities we have to address the right of boom– the period during and after an initial breach has happened. With not enough leaders focusing on this aspect, threats are becoming harder to detect.
Overall, the initial threat leading up to a network compromise is becoming increasingly difficult to detect, which is why it’s inevitable that every organization will get hit. Compromise detection is about minimizing the damage and the best way to do this is by retiring solutions that no longer provide the necessary visibility. To get to recovery faster, it’s essential to take the steps outlined above to block threat activity as soon as you can. When you have that necessary visibility and context to block and investigate, you get from post-boom to recovery as quickly as possible.
- Modern Threat Detection: It All Comes Down to Visibility - August 2, 2023
Matt Wilson
Matt Wilson is the Vice President of Product Management at Netography. Over his 25+ year career, Matt has held senior technology leadership positions across numerous industries, including Neustar, Verisign, and Prolexic Technologies. With a rich background in innovation and go-to-market strategies, Matt has been a critical leader in helping many companies conceptualize solutions from the customer lens and drive them to market with significant impact.
