IT professionals need greater insight and understanding of their networks. The status quo is just not enough anymore as network security threats rise and customer demand for a better quality of experience escalates. Unfortunately, these two concepts typically work against each other. Heightened security usually results in less features and user-allowed controls. So how can an organization deliver a better experience while strengthening network security? Application intelligence is the key.
Application intelligence is gained by using application-related network monitoring information to secure better insight into what is, and is not, happening in a network. Once this information is in hand, it is much easier to boost network security protection, reduce troubleshooting costs, create efficiencies, and extend the life and utility of monitoring tools. For instance, early detection of breaches using application data, speeds detection of a breach which can then be stopped. This reduces the costs associated with the breach as the loss of personally identifiable information (PII) is stopped in its tracks.
There are five key areas in which application intelligence can deliver greater insight into network data while ensuring the network (and the applications running on it) are stronger, more secure, and more resilient:
• Application filtering to improve performance of security and monitoring tools • Exposing indicators of compromise (IOC) • Proactive troubleshooting activities • SSL decryption • Enhanced regulatory compliance
Using application data filtering to focus on an application, or applications, excludes non-relevant information to determine the overall performance of a specific application, as well as its impact on the network. Delivering the right information, at the right time, to the right tool, significantly improves the performance of that tool. For instance, by screening application data before it is sent to an intrusion detection system (IDS), information that does not need to be inspected (e.g. voice, Netflix video, etc.) can now bypass IDS inspection. Eliminating inspection of this uninteresting data can make an IDS solution up to 35 percent more efficient.
Exposing Indicators of Compromise (IOC)
The primary purpose of investigating indicators of compromise for security attacks is to discover and remediate breaches faster. Security breaches almost always leave behind some indication of the intrusion, whether it is malware, suspicious activity, or the IP addresses of the malware controller. Despite this, according to the 2016 Verizon Data Breach Investigation Report, most victimized companies do not discover security breaches themselves. Approximately 75 percent are informed by law enforcement and 3rd parties (customers, suppliers, business partners, etc.) of the breach. In other words, the company had no idea the breach occurred. Compounding this, the average time for a breach detection is 168 days, according to the 2016 Trustwave Global Security Report. A lot can happen in 168 days. According to FireEye, it found that organizations in the Asia-Pacific region were frequently unprepared to identify and respond to cyber threats in a timely manner. In its latest report, Mandiant M-Trends Asia Pacific, the company found that organizations across APAC allowed attackers to dwell in their environments for a median period of 520 days before discovering them – three times the global median of 146 days.
The best way to prevent these security attacks is to know what is happening in the network at all times. As a result, rogue applications running on the network along with the visible footprints that hackers leave can be easily identified and stopped. The key is to look at a macroscopic, or application view, of the network for IOC.
Performing Proactive Troubleshooting
A key component of problem resolution is identifying the location of the problem(s). A visibility architecture that uses context-aware data processing information can capture critical information needed for the entire troubleshooting process, including the location of the problem. For instance, a geolocation capability can quickly locate outages and potentially narrow troubleshooting efforts to specific vendors and location that may be causing network disruptions. This reduces troubleshooting costs and improves customer Quality of Experience. The data can also be combined with trending and bandwidth consumption to anticipate problems before they happen and impact network performance.
Cost-effective SSL decryption has become another important activity for IT. According to a Blue Coat infographic, half of all network security attacks in 2017 will use encrypted traffic to bypass security controls. Line rate SSL decryption delivers visibility into these hidden security threats and reduces security tool CPU overloading due to SSL decryption functionality.
While separate SSL decryption tools are available and useful, SSL decryption that is integrated into the visibility solution allows for an easy and cost effective way to examine data. For example, it can be used to decrypt email traffic and forward it to an antiviral tool for virus/ malware inspection. Other data could be decrypted and sent to a data loss prevention (DLP) device for deeper inspection.
Enhancing Regulatory Compliance
Regulatory compliance continues to be top of mind for. Application data can help ensure regulatory compliance by monitoring application usage, performing data masking, data searching, and even data validation. One solution is to use application data to monitor cloud application usage. For instance, application monitoring identifies employees using services like Dropbox to transfer company files and bypass security policies. If they are no longer employed by the company, they could still have access to those files since IT cannot restrict the privileges to off-network storage devices.
Application intelligence offers the visibility needed to make a network stronger against cyber threats and speed mitigation of device and application failures.
Phil Trainor, Head of Security Business, Asia Pacific, Ixia