Fixing the Cyber Security Defenses Built on Sand: Network Security Foundations for Digital Transformation
One of the most common and fundamental challenges that most organizations face is how to take their collection of security tools and platforms that they have accumulated over the years and to stitch them together into a cohesive security defense. For so many years Enterprise defenders have been reactive, acquiring point solutions to address whatever the threat du jour is. The result for most organizations is an incoherent aggregation of tools that don’t integrate, creating these islands of security. The only way to bridge that gap operationally is to send all the events and alerts from these platforms to a centralized repository. It then falls to the security operations team to somehow bridge those gaps manually. That would be fine if we had armies of security operations staff, but the reality is we don’t. Gartner estimates there is a cyber security operations shortfall of 2.9 million resources.
It strikes me that organizations have built their cyber defenses like a house built on sand. Like a house that has been built over time without a blueprint and without a foundation. In most deployments there is no solid underlying foundation that can integrate these disparate tools that could allow more automated and effective defense. The situation is bad now and it’s going to get a whole lot worse. As organizations shift more workloads to the cloud and SaaS services the attack surface is going to get exponentially larger, the scale requirements will become even more daunting so the need for a solid architectural foundation will become even more critical.
So what can we do about this? How can we arrest the subsidence of our Jenga like security deployments? Well we’ll need a foundation that can provide ubiquitous visibility to identify and protect all the assets, users and applications. We’ll need a system that is fully integrated and automated which enables the sharing of network and security context across any network deployment. We’ll need something that can scale to Internet sized proportions. We’ll need an architecture that is flexible to adapt to the changes driven by digital transformation such as SD-WAN and IoT. And of course we’ll need to show an ROI to the CFO who is suffering from an acute case of security buyer’s fatigue.
Well the good news is that you probably already have that foundation, running in your network today. You’re probably just not using it. Your DNS, DHCP & IP Address Management (DDI) platforms already have great visibility into all the users, devices and applications that run across the network. They know when a new device comes on the network because they assign the IP address, they know every resource you access because you use DNS to locate that resource. Since the vast majority of malware leverages DNS, they also have a front row seat to what your adversary is doing. It can distribute threat information and apply quarantining and blocking policies across your whole network, fully automatically, in 2 minutes, based on a 9-year-old industry standard. The best thing about all of this is that its ubiquitous, regardless of your network deployment, it scales to the size of the Internet and of course you already have it deployed.
Infoblox has just announced BloxOne Threat Defense. The first holistic, hybrid DNS architecture that can become that foundational platform on which to bind together those disparate tools and platforms. With over 30 cyber security ecosystem integrations with vulnerability scanners, NAC systems, Next Gen firewalls and others, the network and security context this global infrastructure provides can grease the wheels of those existing tools. The question is, since you already have a DDI platform, why aren’t you using it?