For Service Providers, Security Begins and Ends with Visibility
In this article
Knowledge is power. When it comes to securing Global Service Providers' networks, there is no such thing as too much power.
Service providers face and suffer from the same security challenges as any other business — patching, segmentation and endpoint architecture, among others — but do so on a much larger scale due to the sheer size of their networks.
Service providers can throw the proverbial kitchen sink at their security concerns and it won't make significant difference unless they know what it is they're trying to protect.
Security always starts with visibility. Think about it — you can't protect what you can't see or don't know is yours.
Global service providers should begin any security conversation with three basic questions:
- What is on my network?
- What is each and every application or device doing?
- Is that application or device doing what it should be doing?
Surprisingly, answers to these three questions aren't always top of mind. And that's a problem, especially for service providers. Consider this: One large service provider WWT has worked with in the past discovered nearly 4 million IP addresses under its thumb it previously didn't know existed — roughly 7 percent of its network.
One of the first questions I ask customers across any industry is, "Do you have an accurate inventory of your assets?"
There's no logic to discussing more sophisticated trends if the customer can't nail down the basics first. You can't maintain basic security hygiene on assets you don't know are yours. This is certainly true for service providers, which have massive networks.
An easy way to begin gaining better visibility into your network is a relatively new security provider called Expanse. But don't confuse young with inexperienced. Expanse can make an immediate difference for service providers looking to beef up their security capabilities. And better yet, Expanse is quick and easy to deploy.
Expanse provides a comprehensive, continuously updated inventory of all Internet-connected assets that belong to an organization. In doing so, Expanse surfaces problematic and non-compliant configurations and communications of those assets.
The Expanse solution requires zero installation or configuration of any kind and delivers its service via two product offerings:
- Edge Expander discovers, monitors and tracks a provider's global Internet attack surface to identify new, existing and unknown assets. That is to say, it finds what you didn't know was yours to begin with.
- Edge Behavior provides a complete, outside-in view of the behavior of your perimeters, its responsive assets and their communication outside your organization. In effect, it allows a service provider to take action on better securing its network.
This type of visibility is integral. But it's just one viewpoint — one of the enterprise from the outside. Service providers should not overlook the other half of the equation: visibility of the enterprise from the inside.
Tanium can help in this regard.
Tanium, an endpoint management platform, recognizes the lack of visibility across endpoints — laptops, servers, virtual machines, containers or cloud infrastructure — is preventing organizations from making confident decisions and operating efficiently.
Tanium allows a user to communicate with endpoints in a very fast and efficient manner by using a proprietary architecture known as linear chaining, which allows Tanium to bypass the traditional need for distributed infrastructure to see and do things much more rapidly and with much greater scale than common enterprise tools.
Tanium requires an agent to be deployed to all assets in an organization and is managed by a single server. With the agent and Tanium capabilities, a service provider can now perform discovery of assets, software, people and data, measure their complacence, identify their vulnerabilities and much more.
WWT has a large Tanium customer base and expertise helping customers identify hardware and applications operating inside an organization.
With WWT, Tanium and Expanse working together, the combined services can give a service provider a complete picture of its environment in both public and private IP spaces.
Take, for example, a rogue telnet service exposed to the internet detected by Expanse. Leveraging a company's data and mapping algorithms, Expanse can identify the telnet and tie it to an organization but can only report the public-facing IP address, possible login information and certificate information.
That information is helpful. But identifying the particular piece of equipment exposing the service, the business unit that owns it and the people using it can still be challenging.
This is where Tanium comes into play.
By using information provided by Expanse, WWT can generate focused questions in Tanium to help identify the equipment and expose the service. WWT can integrate Expanse data and Tanium data into a service provider's central management database (CMDB) to quickly identify problem and quickly remediate the issue.
Through rigor and next-level subject matter expertise, WWT works to drive success and achievable performance for service providers by employing a top down security strategy that weaves business objectives and use cases from leadership into consumer-level current use.
While Expanse remains a free to use tool that offers high upside, WWT can work across various organizational bodies to ensure adoption of the tool, thus creating growth and value recognition.
WWT engages with:
- End-users/consumers of data by bringing adoption of the tool or use of the data gathered to their everyday workstream.
- Team leads by bridging gaps where leaders are looking for streamlining or more effective ways at managing their lines of business.
- Executives and leadership by driving toward business objectives for purchase of tool to ensure ROI is recognized and costs are avoided.
- Partners by leveraging our relationships with technology leaders in industries across the globe to drive additional business growth and opportunity for operational effectiveness.
WWT can help customers evaluate solutions across the broad spectrum of the security industry — from leading brands to innovative startups — by leveraging our state-of-the-art Advanced Technology Center (ATC) to evaluate the right solution mix.
Regardless of type or location of your technology — whether it involves data center, 5G-powered devices, supply chain, mergers and acquisitions, cloud governance, East-West traffic or endpoint — everything starts with visibility.
The ATC's unique testing environment can mimic a service provider's large network and provide access to numerous OEM products to evaluate and implement solutions faster and easier than ever.