The Super Model of Network Visibility & Intelligence
Skybox Blog Team Jun 30, 2015
Move over Gisele. Network models are more than just something to look at—they’re smart too. Interactive models not only provide total network visibility, but create an environment for intelligence you can test and act on quickly.
The Big Break-Up
Point solutions can be a major obstacle to network security by creating a disconnected environment. Silos of data contain complex information, and segmentation makes it difficult to pull the entire network topology, security controls, and threat data together for on-demand situational awareness.
Other industries have essentially solved this problem, combining disparate information into one comprehensive and visual model. Take for example the California driver’s favorite passenger, Waze. Rather than looking at an atlas or even route information on something like Google Maps, Waze utilizes street maps, traffic information, and peer-to-peer data for everything from potholes to speed traps to give you the best recommendations to get to your destination faster.
Network security should do the same thing.
According to the 2015 Verizon Data Breach Investigation Report, “99.9 percent of the exploited vulnerabilities were compromised more than a year after the CVE was published.” This means a huge amount of the data organizations need to stay secure is available but, like so much of cyber security, not immediately actionable. Security teams are getting lost in the weeds of their network and threats against it, and it’s taking more than a year to get out.
The core power behind fast response, whether remediating emerging threats or containing cyber attacks, is a complete, visual network model. The network model considers all layer 3 devices and creates a workable space to assess current security as well as potential effects of planned changes, potential exploits, and attack scenarios.
Beauty & Brains
Models, rather than maps, enable a variety of intelligence sources to better understand the context of a network and secure it against potential threats and intrusions. These intelligence sources cut through network data so security teams can take focused action where it will have the biggest impact.
- Scanless vulnerability assessment: consolidates data from various threat feeds and correlates with network asset information in the model. Scanless assessment also covers network devices and other “un-scannables” in order to have total understanding of risk on a daily basis, even between vulnerability scan cycles.
- Context-aware vulnerability prioritization: creates risk scores based on asset values and not just the CVSS score. Prioritizing in the unique context of a network brings vast assessment data down to a manageable list for rapid, targeted remediation.
- “What-if” model: builds space to assess potential impact of planned changes or compare two instances in the network side by side. Similar to sandbox forensic analysis, these models are particularly useful to for data breach analysis and can easily show network differences pre- and post-breach.
- Compliance analysis: ensures continuous policy compliance and assesses risk of internal and external policy violations before a planned reconfiguration is implemented.
- Attack simulation: discovers attack scenarios as they may happen in your network from multiple threat origins. Simulating attacks helps determine potential impact to better secure critical assets, and can be performed on even the most complex networks where manual analysis would not be possible.
- Access path analysis: visualizes end-to-end paths from any source to any destination, and displays firewall or router access rules to compare to ACLs, NAT, proxies, VPNs, and more to help validate changes.
If you can’t see your network, you’ll never to be able to secure it. Modeling provides the visibility you need to understand the state of your network in real-time, and a space to predict how it may look after some meddling—whether as part of proposed changes or an attacker’s intrusion. You’ll be ready for anything.
Want to get your network to super-model status? See how the unique Skybox network model understands the complexity of today’s network architecture, access, and interaction.
Check out the solution that builds network models—Skybox Network Assurance, part of the Skybox platform for comprehensive cyber security.