Published on June 21st, 2017 | by Tony Thompson
Don’t Roll Your Eyes — Network Traffic Analysis Could be Key
Coming off the heels of the Gartner Security and Risk Management Summit that was held in National Harbor, MD last week, a couple of things were abundantly clear: First, the noise-factor of security is off the charts with more than 200 sponsoring companies at the show (I’m sure this makes the Gartner sales folks happy). Second, the confusion-factor persists among many security pros who are struggling to deal with and understand the unknown of advanced attacks.
But after all, that’s why folks attend shows like this…to clear up confusion, right?
I certainly don’t envy the job of today’s security pro who is getting inundated with messages like “our approach is better than X,” and “our machine learning does this better than Y.”
Speaking of machine learning, it seemed impossible to walk by a vendor booth and not hear some overzealous sales person touting the merits of their machine learning. I think it’s safe to say the B.S. meter on machine learning has reached all-time high. (In some of my conversations, I could noticeably see folks rolling their eyes when the term was brought up.)
Despite the noise around machine learning and all of the various technological approaches to security, be it network, endpoint, UEBA, SIEM, sandboxing, deception, etc., I think most security pros and CISOs now understand that the prevention model for security, while highly desirable, is not something that can be relied upon alone in today’s world of advanced attacks. The need for detection is clear, and everyone wants is to be fast and accurate.
Gartner did help clear the air on a number of topics during the show and identified the top technologies for security in 2017. In a press release issued by Gartner, Network Traffic Analysis (NTA) was listed among 11 key security technologies.
Network Traffic Analysis for Enterprise Cyber Security
According to the press release, “Network traffic analysis (NTA) solutions monitor network traffic, flows, connections and objects for behaviors indicative of malicious intent. Enterprises looking for a network-based approach to identify advanced attacks that have bypassed perimeter security should consider NTA as a way to help identify, manage and triage these events.”
We at SS8 agree, and it appears the audience at the Gartner event is also beginning to realize the importance of network visibility. I covered this during my standing-room only session at the conference, which was titled “5 Indicators your Network May be Breached.” The network is the source of truth, and it’s the fastest and most-efficient means of detecting advanced threats. The attacks are coming in over the network, and they’re exfiltrating data out over the network.
Stay tuned for an upcoming webinar that will repeat my 5 Indicators session from Gartner SRM Summit.
Tony Thompson is vice president and general manager of threat detection solutions for SS8 Networks.