the network

(Source – Shutterstock)

Cybersecurity best practices has to involve everyone using the network

The network is most important component in an organization. Yet, one of the biggest problems when it comes to cybersecurity best practices is ensuring everyone in the organization is aware of the importance of securing the network in the first place. This includes understanding the importance of having visibility over everything in the company’s network, from employees to solutions using it.

While these continue to be advocated, the reality is, that organizations are still lacking in the most important area of network cyber security. Many companies have solutions that can detect and prevent cyber attacks but given the amount of tech being used and access to the network, deep observability is becoming crucial.

In fact, according to Gigamon’s Ransomware Defence research commissioned and conducted by Gartner Peer Insights, 96% of InfoSec professionals across North America, APAC and EMEA consider endpoint detection and response (EDR) to be the most important tool in their arsenal against ransomware. Yet only 4% of global respondents are very confident they are prepared for an attack, and many anticipate major business disruption as a result.

The research also revealed that network visibility is considered foundational to a holistic ransomware defense strategy. 83% of global cybersecurity professionals agreed that visibility into lateral threat movement is critical to rapid ransomware detection and response. However, only 60% of respondents say they know where most or all of their network blind spots are.

As such, organizations continue to conduct numerous programs and training sessions to ensure their employees have well understood the threats that are targeting them in their workplace. While the training has led to some improvement, cybercriminals continue to find different ways to target employees and launch cyber attacks.

Interestingly, while most of these pieces of training are normally targeted to all employees, the IT department, in particular, needs to understand that the role of cybersecurity no longer just relies on the cybersecurity team, especially since they are using the network the most.

For example, when it comes to implementing zero trust in cybersecurity, the IT, network, and cybersecurity teams need to be able to understand how the technology works. Gone are the days whereby only the cybersecurity team is responsible for monitoring the security aspect of an organization.

Bassam Khan, Vice President of Product and Technical Marketing, Gigamon

In the first part of our conversation with Bassam Khan, Vice President of Product and Technical Marketing at Gigamon, he shared his views on how deep observability can help businesses with this. In this second part of Tech Wire Asia’s interview with Khan, he explains the roles of the IT team as well as how the network should be prioritized when it comes to deep observability.

As Khan puts it, most businesses are using deep observability to advance cloud operations. For example, the network operations person is providing the capability to the cloud operations person, bringing the capability and visibility into metadata about traffic.

“We’re finding that network engineers and network operators are using the possibility to almost do a little bit of a career jump. If you look at the early 1990s, we didn’t have a networking organization. We had a telecoms group which started as phone systems. And then they started wiring networking. This saw a split in careers for some people who decided to learn networking. And we’re starting to do the same work. And I haven’t seen this kind of the same transition happen before to this level, where the network engineer today, can use their networking skills and networking visibility, to advance themselves, and their careers over into the cloud,” commented Khan.

From evolving skills to adoption in the network 

While Khan admits that most of Gigamon’s customers are larger enterprises such as multinationals, banks, government institutions, and such, there is still a need for smaller businesses to look into deep observability tools as well.

“Small companies that do their business in a single AWS environment, there’s less need for cross-platform visibility because all the data in motion is much easier to access. However, as these companies grow, like having a second cloud or acquiring something, the complication has doubled. The threats will be coming. It is more of the complicated systems and multi-platforms versus the mid-sized company per se,” explained Khan.

Looking at Southeast Asia specifically, Khan pointed out that surprisingly the concerns businesses have here are similar almost everywhere. Businesses are all set when they move to the cloud and then they realize it is not secure and needs a shared responsibility model. They realize that the traffic needs to be inspected and it’s part of their responsibility.

“Cloud providers are not going to provide guaranteed secure end-to-end security, just like they’re not going to guarantee end-to-end user experience. I can write a lousy application where the user, the performance of the servers, and the network are fabulous. But my user experience is really bad because I find the same thing applies to security. So that aha moment like I need to do more is prevalent across the board,” said Khan.

With that said, Khan also pointed out that deep observability tools like what Gigamon provides can be applied to almost any industry today. Simply put, Gigamon is able to serve any industry that relies upon and uses a large amount of IoT in its operations. Gigamon already works with large transportation industries that have a huge amount of IoT types of traffic.

“Everyone focuses on the infrastructure and the applications. And it’s the network that is almost a forgotten layer. We’re bringing this to life. The reason it is forgotten is that cloud providers worry about uptime and as a business, you soon realize you can get value application-related information or security-related information. And this is why networking needs to be key,” explained Khan.

As such, by pairing security and observability tools that provide detailed metrics, events, logs, and traces with actionable, network-level intelligence derived from packet flows and application metadata, organizations can detect unseen threats and mitigate risk. And this involves getting everyone in the IT and security team to make it a possibility.