For the most part, the traditional network perimeter is gone. In its place are a growing number of new network edges – branches, private and public cloud infrastructures and services, and billions of connected IoT and mobile endpoint devices – that complicate an organization’s ability to maintain a consistent and manageable security infrastructure.
As a result, security teams can quickly become overwhelmed with the variety of devices, number of consoles and unique configuration and management concerns of different cloud or other networking ecosystems, so that even basic security functions like patching and updating might become a challenge.
Securing the Digitally Transforming Network
In order to function, today’s organizations require unprecedented levels of performance for their online applications and services on the front end, and the ability to organize and analyses data and millions of IoT devices on the back end.
As data, applications and services begin moving from their traditional central location out to the network edges, the challenge of performance is compounded by the demands of interconnectivity. Applications, workflows, transactions and services today all need to move seamlessly across and between multiple environments and devices. Also, security is expected to accompany them along those paths, impacting every aspect of the digitally transforming network.
This can be particularly difficult to achieve in cloud environments where nearly all legacy security tools operate in silos, as do new solutions being offered by a growing number of vendors. While individual devices and platforms interoperate with their sister devices, even these can experience severe interoperability issues when they are deployed in different network environments. In order for tools to interoperate consistently across cloud environments, they often have to be deployed as an overlay solution that can’t take advantage of cloud native functionality and performance advantages.
Similar challenges arise when deploying SD-WAN solutions, most of which provide basic connectivity, but fall short when needing to create a meshed network of branch offices. As most of them require organizations to deploy security as an overlay, most solutions available simply can’t scale to meet the performance or interconnectivity demands of a highly meshed VPN network and still apply advanced security protection or the inspection of encrypted data.
Additionally, the advent of 5G is about to complicate things even further. To meet the demands of new edge computing models – especially the delivery of on-demand rich media – data and applications are being redistributed to the remote edges of the network. These 5G-enabled devices are also going to create their own meshed edge networks using devices that have combined their business and personal profiles into a single platform.
A New Approach: The Open Security Strategy
Within this context, traditional approaches to security don’t stand a chance against determined and well-armed cybercriminals looking to target the expanding attack surface. Securing these complex, distributed, and continuously evolving networks requires developing and deploying security devices that can provide business-level digital performance, consistent functionality, and seamless interoperability.
Organizations looking for a consistent security strategy generally have two options:
- Take an open standard approach: Security solutions that support open standards need to include the ability to collect data from security sensors, as well as directly from the network environment. Security devices, regardless of vendors, also need to be able to share and correlate threat intelligence between third-party solutions and distribute it across all enforcements to effect a coordinated response based on policy. At the same time, cloud and other network providers need to implement open standards to make integration requirements more consistent across their environments to enable security tools to function more consistently between those platforms.
- Implement connectors: While direct interoperability through open standards would be ideal, not every vendor has the capacity or desire to integrate open standards into their solution. In this case, organizations need to implement solutions that can support a connector strategy to negotiate and translate functions between security devices – even those deployed in different networks. Options can range from an expansive SIEM solution designed to collect information and distribute and orchestrate policy, to specific, custom-built connectors designed to connect two elements together to enable a single, integrated security architecture.
A security architecture built around a framework of open standards not only ensures interoperability, but also increases performance. Automation that can span a variety of third-party solutions enables a proactive posture that accelerates detection, quarantine, and detonation. At the same time, real-time, centralized intelligence enables better decision-making; the centralized management and orchestration of more tools across more platforms enables visibility to be extended and control to be more granular, even in dynamically evolving networks; and total cost of ownership goes down while security effectiveness increases.
When combined with real time cyber intelligence reporting and advanced behavioral analytics, integrated systems can find and defuse an attack before it can impact live operations. That is the Holy Grail of security that today’s siloed security solutions are simply unable to deliver.