By: Roark Pollock

Enterprises are investing more than ever in security technology as a result of increased awareness of vulnerabilities, media coverage of attacks with financial impact, hacktivism, and the consumerization of IT. Most companies have made significant investments in network security technologies and tools over the past decade. It’s an executive-level topic.

According to the Identity Theft Resource Center, breaches have grown almost 28% from 2013 to 2014, with further increases expected in 2015.

So, what is the confidence level in your current network security? Whether you know it or not, your network is probably exposed. For instance, the data in the Verizon 2014 DBIR suggested that over 25% of incidences may have been caused by one-off errors—such as accidentally publishing sensitive information on the company or government website.

The estimated cost per breach is $12.7 million₁. In the last five years, the number of successful attacks per company has increased 144 percent (according to their 2014 Global Report on the Cost of Cyber Crime) and the average time to find a breach was 170 days.

Intrusion prevention systems (IPS) using inline security are a great solution to security problems, but your networks need more. The key to limiting breaches and the damage they inflict is visibility.

Most security professionals focus on policy, training, tools, and technologies to address network security. However, security tools and technologies are only as good as the network data they receive for analysis. Mounting Governance, Risk Management and Compliance (GRC) requirements are intensifying the need for network visibility.

What they really need is a visibility architecture that routes the right data to each security tool to enable adaptive and dynamic monitoring.

Data sent to tools indiscriminately without network visibility, forces the tools to perform the filtering operation and consume significant tool capacity in the process. For example, if you have tap feeding a VoIP analyzer; they may be dumping a huge amount of data on the tool, when the VoIP analyzer only needs VoIP flows.

Network visibility resolves these issues and gets the right data to the right tool for analysis. Improved network visibility offers the ability do the following:

• Monitor inclusive of virtualized environments,
• Provide automated responses for adaptive monitoring,
• Improve incident remediation,
• Improve handling of sensitive data, and
• Provide granular access control so the entire monitoring process is tightly controlled.

Security Monitoring for Virtualized Environments

Security in virtual environments is as important as security is to IT. Data in the virtual environment has been difficult to acquire for analysis. Rather than forming two separate network monitoring camps, security professionals should be included in the virtualization process, particularly if an external Cloud provider is involved.

Traffic between virtual machines residing on the same physical host (Inter-VM or “east-west” traffic) traverses through virtual switching internal to the host. This traffic is switched locally and never gets to physical monitoring tools, creating a “blind spot” or a “black hole".

This blind spot renders monitoring tools incapable of providing a comprehensive, raw view of traffic because they cannot see the internal communications within the virtualized environment. The blind spot is a pitfall, leaving your network vulnerable.

Regulatory requirements do not go away in the case of virtualized environments. According to the Information Supplement to the PCI DSS Virtualization Guidelines published June 2011: