Any discussion about improving the security of the federal IT enterprise sooner or later comes around to the topic of network visibility.
The concept of network visibility – the idea that an agency should have a clear picture of all data-in-transit moving across the enterprise – is not new. But it has taken on new importance as agencies have extended applications and data from the traditional IT infrastructure to virtual and cloud infrastructures. If an agency lacks visibility across all three environments, they leave themselves vulnerable.
Both the Trusted Internet Connection (TIC) and Continuous Diagnostics and Mitigation (CDM) initiatives have evolved to help agencies strengthen their cyber posture as they adopt cloud, mobility and other technologies as part of their IT modernization efforts. But the importance of securing this extended enterprise has been driven home more recently by the COVID-19 pandemic. As the virus spread, many employees ended up working from home.
To learn more about how agencies can improve network visibility in this environment, GovLoop spoke with Dennis Reilly, Vice President for Federal at Gigamon, which provides network visibility and analytics for data-in-transit.
One of the primary challenges in a remote work environment is the volume of traffic that needs to be inspected. Many agencies provide employees with connectivity through a virtual private network (VPN) which routes all traffic through the on-premises network. That doubles the workload for the security infrastructure, since it will end up inspecting network packets as they come onto the network and again as they go out.
Rather than just increasing that infrastructure, agencies should look for a solution that can strip out those duplicate packets, cutting the workload in half, Reilly said. They can further reduce the workload by inspecting only relevant traffic, such as email for a phishing threat, as opposed to video or voice-over-IP, which don’t pose a significant risk. One of Gigamon’s Defense Department (DoD) customers did just that recently.
The goal is not just to inspect individual network packets but to monitor traffic patterns for anomalies. For example, is data being moved around the network, possibly in preparation for exfiltration? Is an end user or system communicating with a server that they don’t normally access?
By providing agencies with such intelligence, companies like Gigamon serve as a “force multiplier,” Reilly said.
Beyond the current crisis, network visibility is essential to achieving the aims of the CDM program. While much of the initial work on CDM was focused on identifying the devices and users on the network, the more advanced capabilities involve seeing all traffic that’s traversing the network.
This is especially important in the TIC 3.0 environment, which no longer requires all network traffic to be routed back to the enterprise network. The challenge is ensuring that agencies don’t lose visibility into that traffic.
“If you can’t see the traffic that’s traversing the network – whether that’s a physical network, a virtual environment, or even out to the cloud – you can’t secure it,” Reilly said.
In short, when it comes to network visibility, a blind spot is vulnerability. Through CDM, Gigamon helps agencies to eliminate those blind spots, he said.