Network visibility is taking on an increasingly important role when it comes to IT security. Because the network transports all data -- both good and bad -- it is the ideal location for identifying malicious behavior and monitoring conversations with potentially compromised infrastructure components and end devices.
Additionally, advanced data analysis and automated incident identification tools are merging with security visibility technologies to increase the speed at which the tools identify and remediate data security threats. Let's look at four specific technologies that make great use of network visibility to better secure enterprise environments.
Artificial intelligence for IT operations
While artificial intelligence for IT operations (AIOps) platforms may only seem useful for network performance monitoring, they can also provide unique security visibility capabilities. For example, an AIOps tool can monitor and alert on baseline traffic flow anomalies. Changes in flows can indicate malware or attack propagations, and monitoring these flows can ultimately help isolate these types of security intrusions.
The intelligence of an AIOps platform is also useful for identifying configuration mistakes on infrastructure hardware and end devices that make the overall network more vulnerable to threats. Because analysis can be automated and provide insight on how to remediate the discovered vulnerability, the time to vulnerability resolution can be greatly reduced.
Advanced threat intelligence services
When monitoring networks for threats, some security tools -- such as threat intelligence services -- seek to gain visibility of security threats on the public internet. Many of the top security vendors commonly offer these services, which they use to collect large chunks of data as it traverses the internet. This data is then analyzed on a massive scale to identify emerging internet-based threats.
Once a threat is discovered, the advanced threat intelligence provider can push software protection updates and patches to customer-managed security tools, including endpoint malware prevention software, network firewalls and intrusion prevention systems. Thus, not only can enterprises gain security visibility into LANs and WANs, but into the internet, as well.
Hybrid and multi-cloud management platforms
Now that network architectures are expanding far beyond the corporate LAN into third-party managed cloud provider networks, visibility from an application and end-user performance perspective -- as well as from a security point of view -- has become a challenge.
Hybrid and multi-cloud management platforms can help regain end-to-end visibility needed in many data security tools by creating a virtual overlay network across private and public cloud provider networks. The overlay essentially stitches multiple network infrastructures together so they look and act like a single corporate network that can be centrally monitored and managed.
Advanced security information and event management
Traditional SIEM platforms pull log and system and application event data from multiple disparate infrastructure systems. The collected data is then combined and used to identify attacks or breaches on the corporate network.
Some SIEM vendors, however, are also beginning to collect and analyze network flow and packet capture data in addition to the log and event data they already procured. This added network visibility paints a more detailed and understandable security event picture. Details include security events correlated from the relatively sparse details contained within log and event messages, as well as granular threat insights extracted from captured packet data.