Knowing how resources are managed and data is passed through on an agency’s network is key to preventing end-user issues. In this time of command and control (C&C) attacks, network visibility is not only essential for optimum functioning, but critical to network security.
Take the 2013 C&C attack on a dam in Rye Brook, New York, where the Justice Department accused Iranian actors of commandeering U.S. infrastructure using a cellular modem. This attack wasn’t an isolated incident: Network-based attacks on Industrial Control Systems (ICS) rose dramatically by 110 percent in 2016. Lack of situational awareness by employees and management alike, compounded by the increase in automation and internet connectivity, is blamed for the upward trend.
Network Security Approaches: Then…
Traditionally, each major facet of network monitoring – fault management, configuration management, security management and performance management – was accomplished with different tools on the network devices themselves.
Unfortunately, the sheer demand on tools overwhelms their capacity to filter through the packet data and traffic. For example, SSL encryption is considered a cornerstone of network security. However, this same process can allow outside actors to mask malware and other unwanted programs in the system, thus requiring SSL decryption tools to check data as it moves through the network. Typically, observation is accomplished through increased demand on security tools, hindering resources for other protection tasks.
… versus Now
What’s needed today to overcome the challenges of processing, managing and responding to increasing data volume and sophistication of cyberattacks is pervasive visibility. Integrated with networks, tools and applications, a visibility platform, such as the Gigamon Visibility Platform, can provide pervasive and consistent visibility into the data in motion across an entire network – whether physical, virtual or in the cloud – so that agencies can effectively manage, secure and understand that traffic. These platforms leverage advanced packet monitoring to identify and address problems before they become complaints from end users or, worse, system compromises and failures.
Not only do these platforms record traffic, but they filter packet data and send information to the appropriate tools and devices, freeing up processing power.
Don’t Go It Alone
Without network visibility platforms, monitoring the computing environment requires access to the core network layer and, writes Gigamon Fellow Security Architect Simon Gibson, a “very disciplined” administrator.
Endpoints will only increase with the proliferation of smart phones and other network devices, heightening the challenge to maintain awareness of the entire network. Otherwise, unknown data may pass between unknown users without administrator observation, an issue termed the “unknown unknown.” Centralized visibility suites offer a way to not only ensure authenticated data is moving between authorized users, but to understand traffic and communications across the network.
Gigamon was recently named the market leader in network visibility according to an IHS/Infonetics report from May 2017, with 59 percent market share in the government vertical. To learn more, read about the Gigamon Visibility Platform.