Article
•
•
3 minute read
This browser is no longer supported.
For the best WWT.com experience, please use one of our supported browsers.
On this episode of World Wide Technology's Public Sector Tech Talk, I discussed the value of observability in network security with Marlin McFate, Riverbed Technology's Public Sector Chief Technology Officer.
As we explain in the podcast, observability is the ability to go into network data and find the things that traditional network monitoring missed. That includes advanced persistent threats, zero-day vulnerabilities, or inherent risks created in the supply chain.
McFate explains the three levels of asset accountability. They include:
"Creating observability within an organization is more than technology, but a paradigm shift that looks to break down silos and better converge the security operations with IT," McFate said.
Addditionally, the push for remote work – first made necessary by the COVID-19 pandemic and now as a more accepted form of work – has changed the threat landscape. Since March 2020, when employees began working more from home, there has been a dramatic increase in phishing and spear phishing.
We've had devices out in the world for more than two years now that pose a significant threat when they come back into our environment. Bringing these devices back behind our walls presents a unique challenge where observability will be drastically needed.
To end the podcast, McFate shared a customer story. This organization adopted an observational mentality and worked diligently to understand the devices on their network better. Their research discovered about 20 percent more devices than they initially believed they had.
In particular, the analysts found a device operating in parts of the network it should not have access to and raised red flags. An investigation found that the device collected data from the middle tier of an application and encrypted its network traffic.
"The investigators could find out what switch port the device was using and quickly learned that it was an insider threat," McFate said. "Three individuals were circumventing the traditional layered cybersecurity and thought they could act with impunity. While this is just a small case, it shows how easily it can be for this type of action without the right safeguards."
To learn more about the value of observability in network security, listen to the full Public Sector Tech Talk.