2020 brought with it a series of changes with very little notice, and left even less time for planning. The proliferation of remote access and accelerated cloud adoption will only continue in 2021, but this time with a bit more time to prepare. With 2021 fast approaching, it's time to think critically about what's working in your security strategy and what could stand to improve. ExtraHop's Mike Campfield joined Enterprise Security Weekly to discuss why network detection and response (NDR) is critical to the future of security.
The Data Lake Unicorn
There are a number of potential data sources for security. In an ideal world, you'd have a single, shimmering lake of information, with every tool looking at the same data. Unfortunately that's not the world we live in. Data isn't water; it's complex and abstract, existing in many different formats and languages.
Traditionally, security professionals have looked first at the data provided to them from endpoint and logging tools. For a long time, there was simply too much network data to process. Now machine learning, using the vast compute power of the cloud, can drink from the firehose for us and return actionable insights.
Campfield recommends looking at network data first and using that as the foundation of your security strategy, reversing the traditional approach.
Why Network Data First?
Network data is a foundational source of information. At the risk of being tautological, looking at the network can tell you what's on your network. In our interconnected world, everything—malicious or benign—must cross the network to achieve anything, making it the logical place to look first for visibility within your enterprise.
Further, there are many cases where network visibility can expose the blind spots that other tools have missed. Inevitably, devices will connect to your network that don't or can't have endpoint agents on them. NDR can not only instantly monitor those devices for sketchy behavior, but also can provide you with an up-to-date inventory to keep your endpoint and logging tools in the know.
Those traditional security tools also have gaps in their cloud coverage, and with cloud adoption rapidly accelerating, there's a strong case for NDR as a central tenet of security.
NDR in the Cloud
We're living in a hybrid and multicloud world. The complexity of these infrastructures makes seamless security coverage a real challenge.
By working with cloud providers to open up packets to security vendors, network detection and response has enabled the same comprehensive visibility in the cloud that it gives elsewhere. Higher-quality insights and fewer false positives can save time and prevent alert fatigue for chronically understaffed security professionals. Decisions can be made in real time and in context, based off of the most powerful, objective, complete source of data: the network.
Network detection and response is one of the top-growing segments in security today. To learn more about why it belongs in your 2021 strategy, check out the ESW podcast.