SAN FRANCISCO–By their very nature, enterprise networks are always evolving, adding bits here, removing pieces there, and that constant movement makes protecting them a difficult task. Major technological shifts such as the move to the cloud can complicate things further, and sometimes it can take a while for security protections to catch up to the changes.
“Enterprise networks have changed so much in the last ten years, but the products haven’t evolved to keep pace. The things that worked a few years ago aren’t going to work now,” Marty Roesch, the CEO of Netography, and a longtime security industry executive, said.
Netography is part of a newer cadre of security companies that are built on the cloud and designed to be quick, agile, and adaptable, changing as the threat environment and enterprise needs dictate.
Traditional enterprise networks mostly were built in pretty much the same way, with on-premises servers, laptops and desktops, and some mobile devices. The defenses were designed with this model in mind, from the network edge down to the endpoints. But as networks have become more distributed and much of the storage and other resources have moved to the cloud, defending them has become more complicated and difficult. Securing modern environments starts with figuring out exactly what is on the network, a task that stops many organizations in their tracks.
“Discovery and mapping are hard problems for a lot of companies,” Roesch said.
Finding all of the assets on even a modestly sized corporate network can be a tremendous undertaking, especially when many of those assets may not even be owned by the company, but are employees’ personal devices. Add in test devices and things that just sort of, ah, get plugged in somewhere, and it can make for a complex mix. And once that work is done, that’s just step one. By the time the process is finished, many things will already have changed.
“That’s just a point in time. We need to operate at a different tempo and see things as they’re happening. We can see configuration drift as it happens and we can model out changes before they happen,” Roesch said.
Change is a constant on enterprise networks, both on the defensive and offensive sides. Threats evolve at a terrific rate and attacks always get better, not worse. Attackers learn from their mistakes and from the successes of other attackers, and they pay close attention to what defenders are doing and how security products change to address new threats. But it’s somewhat easier for attackers to change their tactics and adapt to new conditions than it is for defenders, who have budgets and bosses and schedules to worry about. Major shifts come slowly in that world.
“It’s an organizational readiness question. Companies have to be ready to adapt and move quickly,” Roesch said.