Comprehensive network visibility is part of the foundation of a strong security posture. Yet, a number of organizations with otherwise great security have not considered the need for comprehensive visibility.
How can you secure what you cannot see? How do you remediate a problem when you can only guess at an approximate location?
For organizations that have not planned ahead for visibility, this issue frequently comes to a breaking point when they have an incursion. We hear from many organizations that have spent hours manually tracking down a suspect device, using only the IP address and perhaps the location where it last accessed the network.
When there is a suspected breach, the last thing an organization needs to do is waste hours trying to find the device in question. Decreasing the amount of time an attacker dwells on the network reduces the amount of damage from the attack. Organizations need complete visibility to see the device location, interaction with other devices, what the device is doing, as well as the entire topology of the network to build a comprehensive network security practice (or process).
The need for comprehensive visibility is further compounded by the growth in IoT devices. Companies are looking for a secure IoT strategy, but IoT devices lack a common security standard or standard device configuration. With myriad devices, operating systems and varying levels of security, the first step in an IoT strategy is to be able to see each of these devices. From medical devices to industrial turbine or office security cameras, IoT devices are everywhere. Knowing which devices are on the network, where these devices are located and what other connections these devices are making is the foundation of a good IoT strategy.
The benefits of complete network visibility
Complete network visibility gives organizations the ability to see all devices on the network, from PCs and servers to BYOD and IoT devices. It also provides organizations with critical data, such as:
Operating system and security software, as well as version and patch information
Identity of the user
Whether the device is registered with the network
Location and time of the connection request
Comprehensive log of all device actions and connections
Once organizations have complete visibility, devices can be quickly identified, a network topology can be generated and organizations can apply network access control policies.
Using a good security automation and orchestration solution that incorporates network access control not only gives you complete device visibility, it also offers granular control and automated threat response. Bradford Networks’ Network Sentry can provide complete visibility, as well as control access. It offers pre-connection authentication to ensure each device meets minimum security software and patch requirements. It can also confirm that devices are connecting at the appropriate place, and at an appropriate time.
The Network Sentry security automation and orchestration solution then continues to monitor and log all device activity, and how devices interact with other equipment. This visibility and control is an important part of an IoT strategy. Organizations can also use Network Sentry to confine devices to specific LANs and microsegments on the network. This can isolate critical data from less secure IoT devices, and prevent lateral (east/west) movement in case of a breach.
Another benefit of complete device visibility is the ability to track all actions and deliver contextual information, along with the security alerts. Organizations are buried under a flood of alerts and need help to triage and simplify investigation. Network Sentry works seamlessly with best-of-breed technology solutions to gather information on an alert and then triage and rank threats. It then delivers the most important alerts, along with full contextual information, to security analysts for review. Comprehensive visibility provides security analysts with complete forensic information when investigating a potential incursion.
Visibility is key for compliance
Visibility is also crucial for compliant organizations. Since Network Sentry provides a detailed log of every action taken by every device, it provides a comprehensive audit trail. For organizations that must prove compliance with HIPAA, GDPR, SEC/SOX, PCI and other industry regulations, this data is crucial for audits and inquiries. Furthermore, Network Sentry includes flexible reports, so the activity log also provides valuable analytics. Organizations can analyze large volumes of data over time to assist with forecasting as well as capacity planning.
Network device visibility is a the foundation of a strong security posture
Visibility is the foundation of a strong security posture; it is the base that supports the delivery of alerts and associated contextual information, the compilation of detailed logs, the control of access, and more. With Network Sentry, organizations gain complete visibility into every device connected to the network, control of granular policies and device actions, as well as automated threat response that can automatically quarantine any suspicious devices.
Visit the Bradford Networks booth – #1174 – at Black Hat USA 2017 to learn more about how comprehensive visibility is key to a strong security posture and enter to win a daily drawing for Merge Virtual Reality Googles.
For more information about network visibility, read our white paper on what network visibility really means in today’s BYOD era, why you need it and how to make it work.