Identifying anomalies before a breach: A networking approach to security
Identifying anomalies before a breach: A networking approach to security

Security is at the top off the business-buying shopping list. This is not wholly surprising given the plethora of high-profile, costly breaches punctuating the business calendar over the last year. Whether it was WannaCry ransomware or the Equifax website breach, the fire has been lit and businesses want a more comprehensive approach to enterprise security, and this should begin and end with the network. 

With brand reputation, customer data and company bottom lines hanging in the balance, CISOs are finally gaining a stronger voice at the boardroom table. A comprehensive networking solution with integrated security that connects and protects all endpoints, workloads and applications is no longer a pipedream, it's a necessity. 

Network vs. security

The traditional IT stand-off between network and security advocates is no longer forgivable nor feasible. The push and pull between the network priority of ensuring the uninhibited flow of data and the security team's prerogative of ‘shutting the pipe' when a threat looks imminent hasn't always resulted in a fruitful business relationship. This is set to change. The fast transfer of data and the protection of information mustn't be mutually exclusive. These siloes are blurring, with conversations expanding beyond the confines of the data centre.

Now, the IT team is embracing a ‘one team, one dream' mantra. Every piece of technology integrated into the network must have security embedded. A recent PwC study revealed that 64 percent of CIOs, VPs and IT managers surveyed put security and automation at the top of their buying criteria in their path to the cloud. Seeing security rise to the top of networking purchase requirements is a remarkable shift in priorities, and will enable a greater level of insight, protection and broader business support.

The scale of the security challenges inherent in enterprise and cloud data centres are starting to resonate. This is an environment where workloads are constantly being created, deleted and moved, not only within a cluster or an individual data centre, but across multiple centres and clouds. As almost all major workloads shift from on-premise to public cloud in the next one to three years, this dynamic context and the high volume of communications traffic will likely skyrocket. 

Together with this, the complexity of security implications will increase. It has never been more important for both security and operational practices to converge. How solutions are architected, and products evaluated will change. Unless the boundaries between teams' fade, the implications for the enterprise will be profound. 

Security must stem from the network itself

Technology devices, whether they are switches, firewalls or routers, can operate as key components of a network and contribute to the rigour of an organisation's security. These devices speak the same language, react to changes in conditions around them, such as surges in activity or anomalies on the network, and align to management tools reporting back to IT and the broader business. 

Visibility and automation tools span across the entire technology portfolio. This means that humans no longer have to spot needles in haystacks. Technologies can now work in tandem to isolate and extract data, down to the most granular of details. Needle in haystack tasks are now child's play. Automation enables a view across an entire business. It correlates vast amounts of data in real-time, spots anomalies and automates tasks that would take hours for a human to identify, let alone act upon. With visibility and automation shaping a more proactive approach to security, IT teams are better able to pre-empt attacks and redirect resources away from labour-intensive monitoring to more valuable and strategic activities, while retaining full control on remediation execution as required. 

The ‘all seeing' network

As end-point devices multiply with the Internet of Things and business networks face tens of thousands of devices in any one environment, it is clear that end-point security is increasingly becoming unrealistic. The ‘all-seeing' network that encompasses all devices and traffic provides a clearer view from which to monitor more effectively. The network should be seen as an invaluable mine of information, critical in identifying and ultimately containing attacks within enterprises. 

Micro segmentation is emerging as a preferred method to achieve network security in a hybrid IT and multi-cloud environment. Instead of relying solely on hardware-based firewalls, security can be integrated directly into a virtualised workload. The network can play an active role in strengthening a business' security defences. It no longer needs to be the choice of either a free flow of traffic or the protection of information. The interchange between the network and security can be symbiotic and if achieved, the business and IT teams will reap the benefits. 

The severity of recent breaches has launched security concerns in data centres to the top of the business shopping list. IT is expected to deliver a secure and automated network that aligns to an overall business strategy. This is no mean feat and the only way IT will achieve it is by security and network architects working together. 

A holistic strategy that features a networking approach with integrated security that connects and protects from one end to the other is the result. This way, a proactive approach to security and threat prevention can increasingly become a reality. Spotting anomalies instead of full-blown attacks will help businesses regain control in the battle for automated, adaptive and simplified enterprise data security. 

Contributed by Laurence Pitt, global security strategy director at Juniper Networks

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.