There are many questions that organizations ask themselves when looking at network visibility. These include questions like, what is a visibility strategy, and when should organizations start developing a visibility strategy?
In my opinion there are four key components in a visibility strategy and these are technical, financial, political and legal. Developing sound practices around these key dimensions is not only the purview of IT staff, it is a strategic imperative that requires attention and commitment throughout the organization.
So, what is network visibility?
Firstly, let’s look at what we mean when we talk about network visibility. Network visibility is enabling network administrators to capture and see network traffic and applications that are traveling across Wide Area and Local Area network links. Once captured, traffic can be mapped to various tools for analytics, performance enhancement and security. There are many specialized tools to perform these functions that all must be connected to network links to provide traffic data to tools.
The four key dimensions mentioned above work in tandem to deliver better network visibility as follows:
Network design, management, monitoring, performance and security are highly technical, and all sit squarely in the Information Technology group. Determining what visibility platform is utilized and what tools are needed requires deep technical expertise. However, what is often not solicited, is input from other departments in the organization. The scope, scale and functionality of this strategy will impact the entire organization - not just the various controlling IT functions - and broader input is required.
It is easy to rationalize a small budget for visibility. Many organizations feel comfortable putting minimal architecture in place; architecture that provides some intrusion protection and allows the network manager to analyse network traffic when needed. As long as no one complains, why complicate things? The simple answer is that being prepared and protected for advanced threats is less expensive than trying to repair the damage after an attack or breach. No one pays much attention to IT when everything works, but we all notice when things go wrong:
- Being hit by a malicious attack that cripples the infrastructure can shut down a business. When the Amazon website crashed, it cost the company $1,000,000 per minute of downtime.
- According to Bloomberg News, the 2017 Equifax breach affected as many as 147.9 million consumers. The New York Times reported that this breach cost the company over $87.9 million in expenses and the company lost $3.5 billion in market capitalization.
These are extreme examples, but it is easy to see that investing time, effort and money in a robust visibility strategy and strong defense can actually demonstrate a great return on investment. The problem is that spending on defense prior to an attack can be hard to justify. The news, however, is full of companies like Amazon and Equifax that help quantify the potential return from full visibility and strong defense strategy.
Organizational politics vary widely from company to company. Generally, smaller organizations have managers performing a broad scope of duties. Larger organizations, by contrast, have what are typically called ‘functional silos.’ In large networks, for example, switches might be managed by a different group than that responsible for security. Another group manages infrastructure, another for applications, another for operating systems and so on.
When developing a visibility strategy, there may be many stakeholders involved in just the IT portion of the plan but who pays for what and where does the responsibility lie when things go wrong?
This is not to say that multiple silos cannot work together as a team. Using an independent TAP as the foundation of the visibility strategy simplifies management across demarcation lines. The TAPs touch the switch and they also touch the connected tools. This allows each functional silo to manage its own purview without impinging on or impacting other groups. It becomes simple to pass budget and responsibility according to function.
Another political component of 4D visibility strategy is managing non-IT organizations. The entire organization is impacted by the success or failure of the network. As demonstrated in the examples above, managing and protecting the network goes well beyond the IT department. When things go wrong, the pain is felt throughout the organization. All users of the network have a responsibility to safely manage their access to corporate network resources. Network usage training for Non-IT personnel is helpful but not fool proof. The physical protection against malicious attacks on all fronts must be in place in addition to continual training throughout the organization.
IT managers are required to adhere to a wide variety of new laws and regulations that are related to network security, access to information and protection of personal privacy. Regulations such as GDPR and others require various protections for network users both inside and outside the organization. Stiff penalties and fines can be levied for non-compliance. The other component of protecting the legal dimension is liability. Beyond regulatory compliance, unauthorized distribution and malicious use of information that is entrusted to the organization by a user can create a very expensive liability. People entrust very personal information to organizations through websites every day - social security numbers, credit card and bank account numbers - and when this information finds its way into the wrong hands, it can be devastating to the individual both personally and financially.
Organizations that do not adequately protect that private data can be vulnerable to large financial penalties. Associated costs after an attack may be only a small part of a much greater cost. There can be fines from regulatory bodies, legal costs, and potentially, large punitive awards to third parties damaged by the unauthorized release of their personal information. Returning to normal operations after an attack can be very expensive, time consuming and painful.
Visibility is the foundational piece to a larger strategy of network and organizational protection against security threats. Good visibility strategy is critical to day-to-day analytics and management for efficient operation of the network. While there are many specialized tools required to understand and protect network traffic, they must be deployed efficiently with the proper foundation.
Network management touches all parts of the organization and beyond. Often, the reach is global. Liability, therefore, can also extend beyond international boundaries. Addressing technical, financial, political and legal dimensions in the early planning stages allows organizations to efficiently build and manage a robust network infrastructure with strong defenses.