why are more and more organizations looking at full ...€¦ · why are more and more organizations...

© Axim Global 2018. All rights reserved. of 15

Axim | How long can you afford to ignore full network packet capture?

Why are more and more organizations looking at full network packet capture?

A new breed of data management challenges are colliding

with a new breed of network management and cybersecurity

challenges. It’s creating a perfect storm that requires

more than network packet sniffers and protocol analyzers.

Organizations are turning to full network packet capture and

discovering a new breed of appliances and tools can provide

the answers.



Introduction

Full network packet capture has had more comebacks than Madonna or the San Francisco 49ers at the Super Bowl. Today we’re witnessing the latest resurgence of interest in full network packet capture. Why now? A new breed of data management challenges is colliding with a new breed of network management and cybersecurity challenges. It’s creating a perfect storm that requires more than network packet sniffers and protocol analyzers. Attention is once again turning to full network packet capture, and organizations are discovering a new breed of appliances and tools can provide the answers.

This article asks 3 questions:

1. How is the data management landscape changing?

2. What are the big network management challenges?

3. Why is full network packet capture the better solution?

But there is an elephant in the room, the reason that full network packet capture has ultimately failed to break through every time it has surfaced as the solution to the network and data challenges of the day: scalability and costs. The final part of this article interrogates the next generation full network packet capture tools and appliances and asks if anything has changed. Interestingly, it has.



Data management: a changing landscape

The old adage of taxes and death being the only certainties in life doesn’t stretch to data management: the two guarantees in data management are constant change and great complexity. What’s new is the speed of change and the scale of complexity. A recent survey by Experian highlighted that almost three-quarters of organizations around the world admit the difficulty of predicting where the next data challenge will come from. But the challenges don’t stop there.

The rise and rise of data

Here’s a privileged insight into the patently obvious: big data, AI and the IoT is getting out of control. It’s no surprise that almost 80% of organizations believe the processing and storage architectures in place today will not handle the amount of data in their industry in the next five years1.

Frictionless data meets data friction

The pressures of managing data to feed the seamless, connected customer experience are very real: improving the customer experience is the top business priority and frictionless data is key. But data is also creating friction: over half of respondents to a recent global data management research study feel data has greatly disrupted their organization in the last year - proof yet again that big data is bringing big headaches.

The data value and data cost conundrum

Data can bring real value to a business, but also huge cost. There’s an uneasy tension between data as a source of business advantage and data as a source of business risk. You only have to look at the two tables on the left hand side of this page to see the conflict between data possibility and data threat.

one:

Data security

Customer experience

The speed organizations need data

Volume of data

Available budget and resources

Increasing efficiency

Reducing risk/fraud

Enhancing customer satisfaction

Enable more informed decisions

Cost savings

58%

48%

43%

35%

35%

49%

38%

38%

37%

36%

What is shaping data strategy?

What is driving date quality?

Source Experian 2018

1. G2M



Data governance is here to stay

Here’s the real biggie: the emergence of data governance. It’s being fuelled by individual data ownership, (thanks GDPR); the impact of zero day and pernicious ransomware; and the digital transformation of industries (think Open Banking). The impact is becoming huge.

Exponential data is creating massive and growing risk surface.

The cost of a data breach is huge on share value and corporate reputation (ask Facebook) and can last years (don’t ask Home Depot).

The time to detect a breach is 60+ days: not great for business continuity.

The GDPR non-compliance penalties are a disaster for business, but a great revenue stream for governments.

The impact of a potential extinction event like Open Banking on financial institutions who cannot respond will be calamitous.

Ouch. But if you think the lives of the IT teams, CIOs and CEOs who own data are getting even harder, try walking in the shoes of network management.



two: The big network management challenges

Clearly there are a ton of them, but they can be grouped into the three-C’s:

We’ve all seen the stats: an organization attacked every fourteen seconds, billions of data records breached and billions of dollars lost. It’s no wonder network security is most often cited by network and IT professionals as the top networking challenge.

Network management has evolved from router and switch watching to harnessing very sophisticated IT. The next challenge is to manage a growing complexity driven by digital transformation, the new transformative technologies and the evolving network landscape.

Increased cyberthreat plus greater network complexity should mean bigger budgets. Network and IT teams need to spend 50% more, they’re getting more like 10%. It’s why doing more with less is the third big challenge.

CriminalityThe network is the focal point to any cybersecurity strategy. It doesn’t take a degree to work out why: where there once was a hard, fixed boundary now there’s a flexible, everywhere periphery. No longer can the hard edges of a firewall protect against external access: the traditional network confines have been splintered by personal devices, remote working, visitors and the Internet of Things. It begs the question: where is an organization’s perimeter?

The network: the epicenter for security.

Unsurprisingly the network is where network and IT professionals see their big security challenges. Phishing is still the big one for over half of organizations, then there’s ransomware and malware, almost half again see these as a critical threat2.

Criminality

Complexity

Cost

2. Mobile cyberattacks Impact Every Business: Check Point



The technology arms-race.

As networks become the backbone of digital strategies, technologies and transformations, they’re becoming the ground zero of digital risk. A technology-fuelled arms race is dawning as organizations and cybercriminals wrestle to control machine learning, deep learning, and artificial intelligence. We’re already seeing the warning signs. 40% of business leaders worry about the vulnerability of emerging technologies to cyberthreats3. 100% of organizations with over 500 mobile devices experienced a mobile attack in 20173. 77% of attacks on endpoint devices in 2017 involved the use of fileless malware, with over half of attacks compromising data and infrastructure4. Whilst 90% of remote code execution attacks in December of 2017 involved crypto-mining malware5.

The IoT and cloud.

It wouldn’t be a blog if we didn’t mention the IoT. Certainly the IoT is also generating a new set of security challenges. Recent data suggests just a third of organizations plan to assess the potential business security risks of connecting more devices to the Internet, yet over 60% have had to deal with an IoT-related security incident3.

Then there’s the cloud. As the cloud grows so does the cyberthreat. Increased cloud security will become a top priority. Adding telemetry to cloud workloads will better manage security failures, allowing organizations to see the danger signs and enabling a quick, and possibly preventative response. Security experts will have to decide who to trust and not, whilst companies will develop security guidelines for private and public cloud use - utilizing a cloud decision model to apply rigor to cloud risks.

Who will be the heroes?

The bottom line is that network security engineers and administrators will have their work cut out. Today they rank in the top five best-paying network jobs. They’re going to earn it as they wrestle with a heap of new challenges like re-thinking endpoint security, embedding security into the network and not on top of it, multi- cloud security, nation-state cyberwarfare, blockchain, legislation and compliance, smarter cybercriminals, more malicious insiders and dumber employees.

3. The Global State of Information Security Survey: PWC 4. The 2017 State of Endpoint Security Risk Report 5. Imperva

40% of business leaders worry about the vulnerability of emerging technologies to cyberthreats.

Over 60% of businesses have had to deal with an IoT-related security incident.



Complexity

Network management is heading down a one-way road of complexity. Where’s the news there? It’s this: there will be seismic shifts in enterprise IT that will force teams who are anaesthetized to the surge in disruptive technologies in the past few years to step out of today’s mindsets. Here’s a snapshot of what this environment looks like.

Tomorrow’s analytics today.

We’re starting to see more analytics that can drive a holistic view of network, user and application – driven by the emergence of SD-WAN and the growth in simulation, AI and machine learning. This will have additional benefits like maximizing the value of content and metadata.

Value-based automation.

Automation will go beyond function to a source of business advantage as Intent Based Networking (IBN) becomes a reality. How? Near real-time responsiveness of networks will create more productive user environments and help accelerate digitization journeys.

NPM on steroids.

Network Performance Management and Application Performance Management will become the norm for enterprises in 2018, with a focus on user experience, resolving application and network performance issues proactively and quickly, and improving productivity. A number of factors will help this. Real-time (seconds not minutes) network performance will become a reality and the cornerstone of network troubleshooting.

NPM will also benefit from AI and machine learning. It will help optimize application, device and user performance across the network – and enable it to continuously learn, spot and address abnormalities in traffic, and dynamically adjust policies.

Cloud-based network management. t

The efficiency and cost-efficiency of the cloud are being turned on networks. But there are challenges. For starters it can take network traffic outside the corporate perimeter, then there’s service level agreements. Cloud-based tools and software will provide many of the answers, enabling anytime, anywhere, anyone network management – and cutting out the need for costly network management service providers. Which links neatly to the third big challenge: cost.



Cost

The growing complexity in NetOps demands more investment by network and IT teams. Here’s the problem: it’s not guaranteed. The economy is part of the problem, but the big one is RoI. The fact is businesses are losing more than they’re spending on cybersecurity, by 2021 this could be $6 for every $1 spent. Network and IT teams need new strategies to manage more demands and less budget. A number are emerging.

1. Focus on ‘just enough’: identify and secure the most critical elements for network investment and maximize investment against these. That way budgets will not be spread too thinly across more and more network demands.

2. Look to prediction. Current approaches filter and manage every part of the traffic, making the process become complicated and overwhelming. The potency of prediction overcomes this. We’re starting to see the possibility of this with Threat Intelligence Gateways: security solutions that use prediction to better-manage network traffic and provide a dynamic security perimeter that scales with threats from outside sources.

3. A new formula. Building a new formula for identifying the viability of network management tools that puts a comparable value and enables a side-by-side comparison. It could look like this: X = (the scale of routine tasks + maintenance level + incremental flexibility + ability to upgrade + expand + degree of modularity).

4. Involve the boardroom in the security strategy and budget

setting. PWC says over 40% of enterprises are working this way already. It creates a new logic for decision-making: business outcomes, competitive advantage, customer experience and corporate reputation.

By 2021 businesses could be losing 6 times more than they spend on cybersecurity.



Criminality + complexity + cost = utility.

As network and IT teams look to solutions that span the criminality, complexity and cost spectrum, they are increasingly looking to utility: how effectively a network solution can bridge cybersecurity; incident response and network troubleshooting; application and network performance monitoring.

How can you ascribe a true utility value to a network solution in such a dynamic network environment? Start by boiling a tsunami of challenges down to a killer checklist. Here are ten evaluative criteria that network and IT teams could assess any network solution against to define its utility value.

Can it manage the growing security and risk surface created by the proliferation of data?

Will it effectively mitigate the business cost and reputational damage of data breaches?

Could it overcome the extended timelines of detecting a breach and securing the organization?

Would it increase speed and quality of decision making made slower by proliferating data volumes?

Can it improve data governance as organizational and governmental compliance demands intensify?

How will it reduce the cost of storing and securing massive amounts of data?

Could it secure networks from inside and outside threats and the everyday and zero day vulnerabilities?

Will it help win the technology arms race by out-securing the threats from mobility, cloud and IoT?

Can it drive automation, analytics, AI and machine learning to improve network security and performance?

Could it deliver lower cost/higher utility (security, response, application and network performance)?

10 questions to ask of any network security or monitoring solution.



three: The best solution is not a new one but an old one.

Out of this myriad of challenges emerges a natural solution. Interestingly it’s not a new technology but an aging one: full network packet capture. How can a relatively old technology solve a new generation of network security and management challenges? It’s time to confront the elephant in the room, let’s start with a hard reset of full network packet capture.

Full packet capture offers greater depth than other network solutions.

First it goes beyond data capture: full network packet capture can identify security flaws and breaches by determining the point of intrusion. Data leakage can be identified through content analysis and monitoring. It can troubleshoot the occurrence of undesired events over a network and help solve them remotely. When data is stolen, network administrators can retrieve a copy of the lost data from the captured and stored traffic. It also enables forensic analysis: whenever viruses, worms or other intrusions are detected in computers, the extent of the problem can be determined and network traffic blocked to save historical information and network data.

The traditional limitations to full network packet capture no longer exist.

Traditional offers failed to deliver the most important reason to employ network packet capture: greater network visibility at an unprecedented scale. Storage at scale was prohibitively expensive, capture rates and network searches too slow, and there was an inability to scale to meet the extended storage timelines businesses needed. But new technologies have reinvented the performance, scalability and expense barriers to network packet capture.

Full network packet capture is being driven by disruptive thinking.

Rewind to the beginning of this blog when we talked about great comebacks of our time. Network packet capture has quietly been reinvented by new players harnessing disruptive technologies. Their unique capture and storage architecture breaks the performance, scalability and expense barriers of existing frameworks. There is now the potential of 1Mbps to 100Gbps capture rates, real-time filtering, and, the ability to retain weeks, months and even years of network traffic - for as little as 20% of the cost of traditional systems. They will even accelerate incident response and network troubleshooting.

There is now the potential of 1Mbps to 100Gbps capture rates, real-time filtering, and, the ability to retain weeks, months and even years of network traffic - for as little as 20% of the cost of traditional systems.



But perhaps the best way to depict the new order of packet capture is to compare and contrast the old with the new.

Traditional packet capture solutions Next generation packet capture tools

Storage is too expensive. Reduce IP packet storage costs by up to 80%.

Capture rates too slow: <4Gbps. Support world's largest network speeds to 100 Gbps.

Search is limited and slow. Real-time indexing and immediate access: in seconds.

Can't share data between/among other vendors tools, Industry standard PCAP data access service along with and, limited filtering. BPF and customizable filtering.

Not available in multiple form factors. Same technology: laptops to enterprise environments.

Not scalable to 10/1000s of PBs … or weeks, months Scale from TBs to 100s of PBs with storage, search and years of packets. & analytics that can store and access years of packets.

Limited integration capability. Integrate with existing security tools, existing analytics software, and, it's open architecture.

Requires IT security skills. Usable by multiple job roles.

$1m/ petabyte. $100k/ petabyte.



four: Why is full network packet capture now the answer?

It isn’t rocket science: the radical evolution in full network packet capture make it a perfect answer to the big questions network and IT teams are asking of their network security and monitoring solutions, and a way better fit than network sniffing or protocol analyzers.

The secret sauce is the ability to fully packet capture months and years of network data at seriously fast speeds and at incredibly low cost, to be able to search it immediately, and to locate breaches in minutes. This combination provides immense utility value.

Better chase yesterday’s attacks.

Network and IT security teams are better armed for the new reality of network security: they’re always chasing yesterday’s attack and breach. The statistics make sobering reading: the average detection time of a breach or attack is 146 to 191 days, and containment can take another 60 or so days.

The capability to store years of network data and search it in minutes means attacks and breaches are detected faster. The impacts on disaster recovery, business uptime, customer experience and corporate reputation are huge.

Expand to meet the growing security and risk surface.

The logging and real-time indexing functionality of advanced network packet capture solutions, coupled with a ton of incident response capabilities helps networks and IT cope with the expanding security and risk landscape.

They can identify and isolate multiple types of external and internal breaches and detect unlogged activity, data exfiltration, phishing preparation and malware infiltration. Put simply whether it’s cybercriminals, nation states, malicious insiders or negligent employees you are better protected whether the threat comes from on-premise, mobile working or the cloud.

The secret sauce is the ability to fully packet capture months and years of network data at seriously fast speeds and at incredibly low cost, to be able to search it immediately, and to locate breaches in minutes.



Harness automation, analytics, AI and machine learning.

Next generation full network packet capture solutions are future-ready. They offer the automation and analytics capacities that obviate the need for managed services outsourcing or security specialism.

Then there’s the scale and speed of data capture and analysis which means that network packet capture solutions can deliver on the promise of AI and machine learning and better defend networks from the threats of IoT, the cloud and the coming machine wars.

Span network security and network monitoring.

By going beyond metadata to high fidelity traffic records and capturing and storing all network IP packets, network and IT teams can go beyond network security to application performance and network performance monitoring.

Reduce the cost of storing and securing massive data.

The staggering reduction in the cost of full network packet capture is good news at a time when network and IT teams are struggling to manage infinite demands on network security and finite budgets.



Parting thoughts

The definition of a good idea is an idea whose time has come. Clearly full network packet capture’s time has come, so is it a good idea? Yes.

A new breed of network packet capture tools can solve the emerging criminality, cost and complexity dilemma. The core is a powerful value proposition: substantially reduced risk from a range of external and internal threats - from organized crime to state-affiliated groups to careless, negligent or malicious insiders. Added to this is great resilience thanks to incredibly high capture and search speeds. The usability is unparalleled and spans incident response, malware detection and real depth in network troubleshooting as well as application performance and network performance monitoring. Then there’s the price, all of this is available for around 20% of the cost of the established and aging solutions.

It’s clear that this next generation of full network packet capture can help network and IT teams meet their big network challenges and demonstrate a greater return on investment. This has to be good news at a time when the biggest threat to the networks is not people or performance or process but budgets.

Author

Dan Davies is CMO of Axim. Axim helps organizations better manage the big risks their data, infrastructures, technologies and service delivery bring to their users, their customers, their business performance and their corporate reputation. Axim is a distributor of SentryWire, the newest and most advanced network packet capture tool.

Discover more visit www.aximglobal.com/sentrywire

Or email [email protected]



About Axim

Axim is a global partner for SentryWire, a next generation full network packet capture tool. It’s just one of the solutions we bring to help organizations better manage CX risk, and protect their customer loyalty, corporate reputation and commercial bottom line. Learn more about our data and technology risk-management solutions, and our range of CX governance offers and platforms.

www.aximglobal.com

why are more and more organizations looking at full ...€¦ · why are more and more organizations...

Documents