Michael Dickman

April 2021 network security: Securing the data highway

Over the last year, digital transformation initiatives have evolved from a long-term goal to a necessity for maintaining business continuity. Michael Dickman Gigamon’s new Chief Product Officer (CPO) chats to PCR about the importance of being a trusted partner to help with the optimisation and security of emerging hybrid architectures

Michael Dickman Gigamon’s new Chief Product Officer (CPO) had this to say:

Could you tell me a bit more about Gigamon?
Gigamon delivers unified network visibility and analytics on all data-in-motion, across the hybrid cloud network to solve critical security, performance and budget requirements.

What products and services does it offer?
Gigamon offers a range of products and solutions that allow organisations to optimise and secure their network traffic. This includes physical and cloud virtual visibility processing nodes, TAPs and Traffic Aggregators that enable IT teams to reliably manage and control all their data-in-motion. Gigamon products also allow businesses to extract traffic intelligence including application meta-data and filtering, thus optimising data flow. We work with both enterprises and service providers who especially value our services for 5G, CUPS and GTP correlation.

Gigamon also specialises in cloud and network security, as well as incident response, promoting a Zero Trust architecture and supporting a number of industries in protecting their data.

What are the current threats driving need for greater security?
Security challenges have increased significantly over the last 12 months. Our recent survey into Zero Trust found that 84% of organisations had seen a rise in threats since the start of 2019 and the global pandemic has only accelerated cybercrime.

As one example, the mass shift to home learning for higher education institutions has meant that online student traffic has increased, while more unsecured endpoint devices have been accessing student intranets. Universities are common targets of cyberattacks and it is therefore essential their network traffic is visible, meaning threats can be quickly detected and data breaches prevented. Industries like finance and healthcare also clearly need visibility for security given their significant technological evolution over the last ten years, meaning they now leverage a large volume of critical data.

How has the focus on data and how we handle it changed over recent years?
Automation for data analysis has been a much bigger focus in recent years. As IT teams face the challenge of doing more with less, budgets continue to be cut, while digital transformation initiatives remain imperative.

A report by the Ponemon Institute found that 60% of IT leaders said automation helps to reduce the stress faced by their IT teams. Insights from aggregated data help IT understand the bottlenecks within the infrastructure and simplify them. For example, a security tool may not be as effective if irrelevant traffic is clogging up the network. Meta-data has become much more important as raw packet volume with ‘Big Data’ at Cloud-scale becomes overwhelming without intelligent pre-processing.

Why are data analytics an important consideration?
You cannot manage what you cannot see, and it is impossible to accurately analyse and secure all data-in-motion without full visibility into all – even encrypted – traffic. By integrating data analytics tools, NetOps teams can become more productive, networks can run more efficiently and cybersecurity improves significantly. Analytics tools categorise data-in-motion and intelligently identify threats for further inspection. For example, internal data between Microsoft Teams, Slack or Zoom is likely to be very low risk. Low-risk, duplicate, or irrelevant data will therefore no longer clog up the network or tool capacity. For IT and SecOps teams, there will be fewer, more reliable alerts that they can act on more efficiently and productively.

How should businesses be looking to secure their data?
All organisations produce, store, or interact with sensitive data of some sort. Financial Services firms, for example, protect hugely critical data and a second-rate cybersecurity system is out of the question. With dispersed and often remote teams, plus the growth of personal and unmanaged IoT devices, Gartner has confirmed that one of the most useful and important tools is Network Detection and Response (NDR). The best NDR tools should be measured not on how many detection alerts they produce, but on the quality of investigations and speed of responses they enable. Effective outcomes require expert curation of detections, powerful investigation capabilities like search, and the right set of ecosystem integrations for appropriate response. An additional consideration is the benefit of using a centralised decryption tool to enable full visibility of threats, which increasingly ride in encrypted network data.

Please could you explain a bit more about cloud visibility, and why it is important?
Cloud visibility is important not just within a single cloud but across all the clouds that an organisation may touch. Most organisations are operating with a hybrid infrastructure whether intentional or accidental, creating a gap in visibility. Network tools lack visibility into cloud traffic, and cloud tools lack visibility into network traffic. This gap results in “islands of visibility” that forces IT teams to re-do compliance processes and struggle to optimise user experience and security at the enterprise level, vs IT optimisation within each siloed cloud.

The solution to this gap is elastic visibility across the hybrid cloud. End-to-end visibility is needed to unify data and meta-data from different cloud with different methods of data ingestion and different versions of tools.

What are the current threats of data breaches and how can we safeguard against this?
The threat is higher than ever, sadly having worsened during the global pandemic, as evidenced by both reported breaches and unreported breaches implied by industry studies. One approach is to consider the Zero Trust framework, which is a set of principles to minimise implicit trust given to individuals or devices. There are many actions to take within this framework, but the essence is to recognise that breaches have become more of a “when” than an “if,” and that Information Security teams must complement threat prevention with threat detection and response.

Good hygiene with network segmentation is a key first step. Endpoint Detection and Response can increase the chances of detecting a threat via managed (but not unmanaged) endpoints. Visibility into the network itself becomes the critical backstop, since east-west threat movement, command and control beaconing, and much more may be visible only in the data-in-motion. Channel partners have a huge opportunity to act as trusted advisors, helping each customer build towards a Zero Trust Architecture in the manner that is right for them.

How is the increase in data volume impacting our networks?
Data volume continues to grow exponentially, which has implications far beyond upgrading the “speeds-and-feeds” on an enterprise local area network. Monitoring itself becomes more difficult with less margin for error as inline monitoring and security tools can become overwhelmed. One interesting trend is 5G, which will dramatically increase and improve data volumes for mobile users. Channel partners can help Enterprises form their own 5G strategies, taking advantage of opportunities from cost reduction to even greater agility and experience for mobile users. Visibility in the 5G network is absolutely critical, especially considering the control plane and user (data) plane will be separated, making it more challenging to assure experience.

Please could you explain a bit more about managed services and the importance of this?
Channel partners must become trusted advisors to customers to help them navigate the complexity of today’s IT world. The first step is consultative selling, but this can be followed by taking a much more active role in directly supporting customers with their challenges by managing specific services for them, even including security services. The channel always must ensure its customers are getting the best value from the technologies they are investing in, and can create a win-win by going beyond advice and implementation, into management, operation and administration. From here, a more lucrative partnership is being built between channel partners and customers.

Read the latest edition of PCR’s monthly magazine below:

Like this content? Sign up for the free PCR Daily Digest email service to get the latest tech news straight to your inbox. You can also follow PCR on Twitter and Facebook.

Check Also

The pandemic learning curve

Trevor Evans, MD at Consenna discusses the channel’s role in facilitating home learning and how …