If this worldwide lockdown has taught us anything, it’s that we’re not nearly agile enough and that we actually need to organize for future scenarios. Whether subsequent lockdown comes with a second wave of COVID-19 or as a reaction to a completely separate catastrophic event, we’d like to be prepared.
SecOps teams are learning a valuable lesson: once you can’t physically get onsite to form changes and upgrades to security infrastructure, your ability to affect security threats slows significantly, and cyber defense agility is greatly reduced.
In the current COVID-19 environment, organizations not only face increased exposure to immediate cybersecurity risks but also challenges in their ability to deploy new or upgraded tools and applications to stay pace with new security threats. Staff working remotely from their homes, on unsecured networks, surrounded by foreign IoT, BYOD, and new working patterns has exponentially increased the attack surface in ways unforeseen by many IT teams.
With a day that passes during the present pandemic, the shortage of cyber defense agility and lack of visibility into what goes on across a network is one of the most important cybersecurity issues.
What’s needed may be a thorough understanding of the infrastructural shortcomings that this crisis is exposure, and an idea on how we will overcome these challenges within the future, if (when) we experience similar situations that necessitate secure, long-term, remote access to enterprise networks and resources.
Network architecture is on lockdown
Even before the self-isolation requirements, the overwhelming majority of enterprises already found the method of choosing and deploying new security and performance monitoring solutions cumbersome and slow. New security and monitoring solutions are often deployed as hardware-based solutions, taking months to gauge, select, purchase, and deploy.
Add an epidemic that virtually eliminates physical access to the equation and another issue becomes apparent very quickly: solutions supported proprietary hardware appliances require physically present citizenry to deploy, maintain, and upgrade.
In this sense, those solutions are behind the curve – certainly in comparison with data centers where server virtualization has delivered highly efficient resource utilization, agile deployment, and significant cost savings, and made remote management commonplace.
The same is now available for network security and network monitoring, where a standard platform can host a variety of economic and open source network analytics solutions virtualized in a similar way. However, so far we see that a lot of organizations haven’t yet embraced this common platform approach, and still struggle with the slow, cumbersome deployment of the latest capabilities.
In the current environment, where teams are challenged to remotely defend an ever-increasing attack surface, ensuring they will deploy remotely new tools and capabilities on-demand with no physical access to the datacenter is extremely challenging. the worst critical threats may slip through the internet exposing the organization to malicious cyber actors. At best, it makes agile response difficult and further exacerbates the alert fatigue that SecOps, NetOps, and IT teams are already battling against.
Ensuring that these teams – also as external service providers – are well prepared and equipped to quickly deploy and make use of best-in-class network security and network monitoring tools need to rank at the highest of each CISO’s priority list when business-as-usual (or whatever that becomes) resumes. And right underneath that’s understanding the way to make the infrastructure flexible enough in order that changes are often made without having to possess people onsite.
What can organizations do to enhance cyber defense agility for the subsequent lockdown?
Throughout this COVID-19 crisis, companies are learning many “life lessons,” a number of which can transform operational models for the higher. With the present, hardware-based approach to security being such a roadblock to enterprise cybersecurity agility, companies are during a perfect position to deal with gaps within the current approach to realize better network visibility, security, and agility within the future.
In a nutshell, organizations got to shift to implementing a specification that lets them deploy detection and analytics tools remotely. the sole thanks to maintaining both the visibility of the network and therefore the agility to detect and affect issues is to virtualize security tools.
This means encouraging security teams to deploy solutions that aren’t hooked into proprietary hardware appliances, but rather software solutions which will be deployed on open platforms.
Adopting a standard, virtualized hardware platform removes the hardware dependence that currently forces organizations to be physically present so as to deploy security solutions from various vendors. These security and analytics solutions are often deployed as and when needed remotely, as virtualized software applications. It’s not only remote, agile deployment, but it also gives organizations the liberty to settle on the safety, application performance and network performance solutions that best suit their needs, independent of the underlying hardware.
The same virtualized hardware platform can host not just network security solutions, but also network and application performance tools. When all tools share access to a standard source of knowledge, correlating events, and integrating solutions to streamline investigation and determination workflows becomes easy. SecOps, NetOps, IT and DevOps teams all reap equivalent visibility, agility, and cost-efficiency benefits and therefore the teams can collaborate with one another.