How Enterprises Can Minimize Disruption by Consolidating Network Visibility and Security

Essential organizations – such as network carriers, government agencies, and corporations – save lives, keep vital goods and services flowing, and enable hybrid work for millions. Yet the more indispensable they are, the more complex, unmanageable, and vulnerable their digital ecosystems have become.

This complexity is understandable. Progress can’t stop for the enterprises that keep the world moving forward. Today, that means digital transformation must be unstoppable, too. 

Related: Who Should Own Cyber Resilience in an Organization?

On a day-to-day level, the question becomes how to mitigate the risk of massive disruptions in digital services while pursuing cloud migration, customer experience, supply chain, and intelligent automation strategies. Further, the attack surface increases as an organization puts more data and compute resources at the edge of its operations. For many large, global organizations, everything is connected, and the internet effectively has become the corporate network. Point security and performance tools that may have worked five years ago could very well develop “blind spots” and create new vulnerabilities.

Exacerbating the challenge that these borderless organizations face is that performance, security, and availability/DDoS challenges are multiplying and are often interconnected and overlapping. Add the IT expertise shortage (especially chronic in cybersecurity), and the need becomes clear for large enterprises to adopt a modern, automated, and visibility-driven platform approach to detect, investigate, and resolve these kinds of problems.

Michael Szabados

What is a visibility platform? It’s a common data foundation that uses real-time network intelligence to break down the borders and remove the blind spots that slow and delay modern IT initiatives, from digital transformation and system consolidation to talent management and cross-team collaboration. To be effective, it must operate across seven key attributes:

1. Any Application. Whether the application is standard, custom, expertise-required, web-services, or customer-facing, the visibility platform must support it. This allows the application support team to confidently pinpoint and resolve network and/or security issues, which slashes mean time to resolution (MTTR). This is key since network performance issues have revealed many major security breaches over the past several years.
2. Any scale. It must provide the same type of data regardless of domain size – small enterprise, large enterprise, or carrier service provider – running at any speed from 100G upward. To perform in this way, a true visibility platform generates a reliable, scalable, high-resolution, real-time and historical data set representing all activities on the network, wherever a digital ecosystem operates. This data set must be derived from data packets, which are the common atomic units of any digital ecosystem and define the nexus of performance and security.
3. Anywhere. A visibility platform should operate flawlessly end-to-end at any scale, regardless of where or how an organization runs: on-premises, hybrid/co-location, or fully in the cloud. The ability to use the same data type and schema means your visibility is contiguous and unbroken. It scales everywhere with the business.
4. Anytime. Visibility is essential in the here and now, but a visibility platform must be able to perform deep-dive, protocol-level analysis and forensic evidence collection using either real-time data captures or historical data mining. This is essential for holistic, comprehensive visibility.
5. Any operational team. A visibility platform that extracts contextual metadata from data packets creates a shared source of objective information that encourages collaboration across network and application teams, whether NetOps, SecOps, or AIOps. The ability to draw from the same data source enables a faster path to root cause as well as the ability to discriminate between cause and effect, prioritize investigations of network anomalies based on potential outcomes, and choose the appropriate response playbook for that business risk. Further, this data provides evidence for stakeholders and service providers, which eliminates wasted time triaging and finger-pointing.
6. Any ecosystem. A visibility platform must be sharable with existing analytic platforms, from Splunk to ServiceNow. In order for packet-level visibility data to become a connective tissue and a source of agility and reduced risk for the entire IT team, it must be sharable with security and analytics platforms. Feeding rich, root-cause data to these applications maximizes their ability to do effective software asset management, cloud cost management, and security analytics, and streamline operations.
7. Any vendor. A visibility platform must support any combination of cloud or network equipment monitoring vendors the organization has deployed in its ecosystem.

To stay unstoppable while supplying essential products and services, global businesses and organizations must provide performance, security, and availability for their complex digital ecosystems no matter where their employees, workloads, and customers are. That's why a visibility platform is the only sensible path forward – for an essential organization’s continued growth and success; for improved customer experience, performance, and operational efficiency; and for the millions who depend on its products and services every day.

About the Author

Michael Szabados is the Chief Operating Officer at NETSCOUT.