Partner POV | How Gigamon Can Help Mitigate Security Risk Through Visibility
In this article
Article written by Mark Jow, EMEA Technical and Sales Engineering Leader, Gigamon.
Digital transformation is changing the world. And it is the hybrid cloud that is propelling this transformation. It's behind everything from the human-like AI chatbots transforming and optimizing customer service to smart devices that are reimagining healthcare for the connected age. The challenge is that while technology can be used to change societies and economies for the better, it can also present an opportunity for those with nefarious intent.
For Gigamon, our mission is to provide modern enterprises with the ability to mitigate exposure to these risks. We firmly believe that you can't protect against an adversary you can't see. The Gigamon Deep Observability Pipeline enables our customers to harness network-derived intelligence to peer deeper and detect, block, and contain threats faster. Over 4,000 customers worldwide are already realizing the full transformational power of the cloud by doing exactly this.
We're grateful to our customers for their continued support. And we're delighted to hear that same message is backed by respected industry experts like Forrester Research. We were lucky enough to hear from Senior Analyst, Tope Olufon, at an event in London back in June this year, and again more recently at our Visualyze Bootcamp customer and partner forum.
Hybrid Cloud Is Here to Stay
All organizations use some form of cloud computing today. Increasingly it's a mix and match between public cloud and on-premises environments: One report claims 72 percent of organizations are running hybrid clouds. It's become so easy to spin up compute power, IT complexity is surging. Although the productivity gains are significant, so are the risks.
Gigamon perspective: This aligns with findings from the recent Gigamon 2023 Hybrid Cloud Security Survey of more than 1,000 IT and security leaders, which revealed a gap between the perception of security risk and reality. When initially questioned, 94 percent of global IT and security leaders said their tools and processes provided complete visibility and insight into hybrid cloud environments. Half were confident of being sufficiently secure. Yet on further probing, 90 percent also admitted to having suffered a data breach in the previous 18 months, with one in three breaches going undetected by traditional security monitoring tools.
Organizations Must Protect Work Wherever It Resides
Tope says the genie is well and truly out of the bottle with respect to remote and hybrid work, thanks to the experience of the pandemic. "But if we treat technology as something which will take care of itself, we will always play second best to the cyber criminals," he adds. The truth is that today's threat actors spend plenty of time on R&D. They have developed services to lower the barrier to entry for others in areas like phishing and ransomware. And the threat is amplified by the risk of nation-state attacks.
As more of Europe comes online, with digital transformation initiatives such as adding connectivity to operational technology (OT), more unwanted attention from threat actors will follow. They don't care where data is, because if it's sitting on a network, they will find it. Even sensitive information sitting behind a VPN can be accessed if just one employee can be compromised. This is where Zero Trust can help by replacing outdated and ineffective security models.
Gigamon perspective: Gigamon research backs this up. We found that IT and security teams are struggling to gain visibility into their most important assets with legacy security approaches. Half (50 percent) of those we polled say they aren't even confident that they know where their most sensitive data is and how it's secured.
Zero Trust Can Mitigate Risk
Zero Trust is not a new approach. But it is gaining significant momentum now that vendors have begun delivering solutions to support enterprise plans. A Forrester Security Survey conducted in 2022 found that 88 percent of European business leaders have committed their organization to adopting a Zero Trust strategy. It's a "practical way to solve the problems of a distributed workforce," says Tope.
"The core of it is continuous access mediation: All entities are untrusted by default, least privilege access is enforced, and comprehensive security monitoring is implemented."
Gigamon perspective: Some 80 percent of respondents to the Gigamon survey agreed that Zero Trust would be a major trend in 2022, rising to 96 percent who think the same about 2023 and beyond. Board-level discussion of the topic has surged from 58 percent of respondents last year to 87 percent this year. Reassuringly, the share who think Zero Trust is a journey rather than a tick-box exercise has grown to 96 percent.
Computers Are Chatty — Why Wouldn't We Listen?
Zero Trust is data-driven and focused around network visibility — whether it's data flowing into and between applications, workflows, VMs, containers, or other assets, says Tope. That data must be monitored, captured, analyzed, and orchestrated in order for teams to take actions in real time and counter the speed at which threat actors work.
"The details are in the packets," he adds.
However, organizational silos are a roadblock to Zero Trust that must be tackled. "Listen to the machines. They'll talk at some point, and you can use that information to consolidate your toolsets to break down silos and provide visibility into the network," says Tope.
Gigamon perspective: Gigamon research reveals just how challenging it is for organizations to get to this point of real-time risk mitigation without the right deep observability tools: Nearly a third of breaches are identified after the event — for example, through files becoming inaccessible, data appearing on the dark web, or slow application performance.
Encrypted Traffic Is a Major Blind Spot
Encryption used to be a nice-to-have but has become nearly ubiquitous for modern enterprises. That's good for security and confidentiality on the one hand, but also enables threat actors to conceal malicious activity such as malware delivery or data exfiltration, Tope explains. Deep packet inspection (DPI) tools are a good option to peer into these encrypted tunnels, taking you from opaque to transparent without sacrificing security, but often don't do what they promise. Many require other tools or workarounds to work properly, which adds complexity to the IT environment.
"If you select a DPI tool, figure out one that does what it says," he suggests. You also want to capture the data before it's encrypted so that you can reduce complexity and make faster decisions. Threat actors move fast; you need to move faster.
Gigamon perspective: Over 70 percent of IT and security chiefs told Gigamon they currently allow encrypted data to flow freely, reflecting either naiveté or complacency about the potential security blind spot it represents. Only 30 percent have plaintext visibility into encrypted data, dropping to 21 percent in Germany. Yet, more worryingly, research has identified that 93 percent of malware hides behind encryption.
East-West (and North-South) Visibility Is a Must
Most organizations monitor North-South network traffic. Fewer have the capability to inspect East-West data. Even fewer have holistic visibility that covers the entirety of their hybrid cloud infrastructure. That means threat actors, once in, have plenty of opportunity to move laterally and "look for pivot points" to exploit, says Tope.
"Organizations need to select tools to monitor traffic and act on it, or someone else will," he warns.
Gigamon Perspective: In fact, only half (48 percent) of organizations have visibility into data moving laterally across networks, according to Gigamon. In today's cloud-first world, insight into this East-West traffic is essential to prevent malicious activity. North-South visibility will highlight external-to-internal movement. But with network intrusion so easy today, it is internal, lateral traffic flows that can make all the difference between a serious breach and one that can be contained early on.
Thanks again to senior Forrester analyst Tope Olufon for his thought-provoking insights. After the Gigamon team has devoted themselves to solving these specific challenges for businesses, it is truly rewarding to see such respected experts validating some of the same trends and obstacles.
Security professionals deserve to operate with clarity and a deep understanding of the complex networks that they secure. With deep observability in their toolbox, security teams have a fantastic opportunity to turn their Zero Trust plans into reality and unleash the power of the hybrid cloud.