Executive interviewsCloud SecurityCyber SafetyDevice & IoTThreat Detection & Defense

Network Visibility Is Critical: Gigamon Exec Reveals Secret to Cloud Security, Wants Organisations to See Adversaries in Action

Would you send your best soldiers to battle blindfolded?

We assume you won’t.

So, you wouldn’t blindfold your security team either and expect them to do their jobs well, right?

The problem is that you might be putting the blindfolds on your security experts without you knowing it. That’s the case when you don’t give them complete network visibility.

Network visibility in the cloud is so critical. It's the difference between a high-maturity threat actor being able to move and being able to kick them out because that's what you want.

Network visibility is that important. Ian Farquhar, Security Chief Technology Officer at Gigamon, describes it as critical, particularly when it comes to cloud security.

“Network visibility in the cloud is so critical. It’s the difference between a high-maturity threat actor being able to move and being able to kick them out because that’s what you want,” Farquhar told Cybersecurity Asia (CSA) in an exclusive virtual interview just recently. “You want to eject them [threat actors] before they do any damage and that’s what network visibility will give you and will make you able to do.”

Indeed, securing the cloud hinges a lot on network visibility.

Security in the Cloud Is a Shared Responsibility

But wait. Why is there even a need to secure the cloud in the first place? Aren’t cloud providers doing it already?

Well, they are—and Farquhar contends cloud providers are doing “a very, very good job” at it. However, this security is only up to a certain point. That point, apparently, doesn’t go that far either, and it appears many organisations are overestimating it.

“The idea that the cloud security vendor is going to take control of the majority of your security issues is unrealistic,” Farquhar emphasised to CSA. “They [cloud providers] very, very tightly define their security responsibilities, and for most organisations, it is a lot less than they are assuming. The cloud service providers do a very, very good job, don’t get me wrong. But it’s a well-defined and bounded job.”

Beyond that point, the onus of security falls on the organisation using the cloud. It is the heart of what’s known as the shared security model, which Farquhar says is a concept everyone has heard about. Even so, the misconceptions around it “are still absolutely endemic in the market,” resulting in many customers leaving a gap in the middle that threat actors invariably exploit.

Catching the Bad Guys Right in the Network

Unfortunately for organisations in the cloud, there appears to be a lot to exploit, especially now that many businesses are moving huge amounts of workloads into the cloud. Cybercriminals, according to Farquhar, have taken note and are just following that massive attack surface. Complicating matters is the trade-off when organisations attempt to optimise their cloud spending to minimise outlays and get the best returns. What generally happens in this case, Farquhar noted, is that companies just end up with a “very complex hybrid multi-cloud environment that has a huge attack surface.”

“It’s a truism, but simple things are easier to secure. Complex things are harder to secure,” the Gigamon executive pointed out. “As we chase monetary savings, spin-ups, and all the rest of it, we often end up making choices that optimise our [cloud] spend but make complexity so high that it’s incredibly difficult to secure.”

A closer look at the network can help in this case. In fact, network visibility, according to Farquhar, actually collapses complexity, providing organisations with a consistent, unchanging lens by which to assess their cloud activity because cloud sessions, regardless of provider, take place on that one constant: The network.

They [cloud providers] very, very tightly define their security responsibilities, and for most organisations, it is a lot less than they are assuming.

Farquhar further claims that the best place to catch cyber adversaries is in the network.

“Networks are an incredibly powerful source of security telemetry, and what I mean by that is if you want to catch a threat actor, looking at their activity on the network is incredibly powerful,” explained Farquhar, who also quoted cybersecurity expert Rob Joyce advising organisations to “look at the network, get a tap, look at the traffic, feed it into an analytics tool, and look at what is moving around your network.”

Unfortunately, modern networks aren’t designed for visibility. Neither are they designed to show you the lateral movement that is so important for you to see. What networks do, Farquhar explained to CSA, is simply deliver packets from A to B—but without enabling security tools X, Y, and Z to see these same packets. What organisations need, however, is a network that delivers these packets from point to point while letting security tools see what is happening.

Cloud networks, on-prem networks, and virtual networks don’t do that. But Gigamon does, enabling an organisation’s network to attach tooling so that it can use security tools wherever they are needed in the network. Then, when you do see suspicious movement in your network, chances are it’s a threat actor trying to laterally move through your environment.

Just like that, the bad actor gets caught. Disaster averted.

The Double-Edged Sword That Is AI: Hurtful Yet Helpful

Then again, it’s one thing to be able to take a close look at the network. It’s another thing altogether to be able to do something against bad actors attempting to breach that network. This is where technologies like Artificial Intelligence (AI) come into the picture.

Of course, AI is a double-edged sword, and Farquhar acknowledges it as much, noting how it can hurt and help at the same time. Generative AI, for instance, is enabling cybercriminals to create more believable phishing emails and legitimate-looking deepfakes with very little effort and in just a few minutes. The security expert, however, is far more bullish on how AI can enhance defences versus cyber threats. And one way AI is doing that is by upgrading anomaly detection.

“GenAI and other AI algorithms are very, very good at detecting anomalies, things that don’t look right—say, the behaviour of a user who comes in and does something totally atypical. You know, it’s not something you can easily scale, but AI will detect that,” explained Farquhar. “It’s these anomalies that will allow us to detect the things we don’t know about, the weird things, the things that aren’t typical. It may require a human to look at them, but that doesn’t matter. As long as we can scale the ability to look at these anomalies, detect them, triage them, and if they turn out to be bad, generate the threat feeds from them.”

AI, according to the Gigamon Security CTO, is also helping cybersecurity experts create honeypots—decoy systems or networks set up specifically to attract, detect, and analyse unauthorised access and malicious activities. They act as bait to lure cyber attackers away from legitimate targets, providing valuable insights into attack methods and tactics without putting real systems at risk.

Honeypots, according to Farquhar, are a “fairly powerful technique” security experts have been using for years. There is just one problem: Creating honeypots is resource-intensive and time-consuming. Generative AI solves that problem, allowing organisations to create these honeypots for intruders to supposedly breach—only to set off intrusion detection, get caught, and be scrutinised right after.

A Final Word: Governance and People Matter Just as Much

Farquhar’s overriding message to CSA is to stop overlooking the network and start looking at east-to-west traffic (and not just north-to-south) within the cloud because “laterally moving attackers is when you will catch them and kick them out.”

But he also pointed out the importance of establishing a good governance framework where organisations define their rules, the risks they are trying to manage, and the methods they will implement. He also advises companies to invest in their people and make sure they have the necessary skills in cloud security, in particular, and in cybersecurity in general.

Finally, Farquhar wants organisations to invest in the future but be more invested in the present to secure the moment—the here and now.

Just make sure to take the blindfolds off by giving your team complete network visibility.

You wouldn’t send your best soldiers to battle blindfolded, would you?

Martin Dale Bolima

Martin has been a Technology Journalist at Asia Online Publishing Group (AOPG) since July 2021, tasked primarily to handle the company’s Disruptive Tech Asia and Disruptive Tech News online portals. He also contributes to Cybersecurity ASEAN and Data&Storage ASEAN, with his main areas of interest being artificial intelligence and machine learning, cloud computing and cybersecurity. A seasoned writer and editor, Martin holds a degree in Journalism from the University of Santo Tomas in the Philippines. He began his professional career back in 2006 as a writer-editor for the University Press of First Asia, one of the premier academic publishers in the Philippines. He next dabbled in digital marketing as an SEO writer while also freelancing as a sports and features writer.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *