Insight and analysis on the data center space from industry thought leaders.
The Paradox of Network Blind Spots
What appears to be inexplicable complacency about unknown endpoints is more likely to be grim awareness that failure to see every port in real-time puts a greater burden on other security measures.
October 5, 2015
Frank Winter is the CEO of Auconet.
You could drive a truck full of hackers through the blind spots on nearly any IT infrastructure, despite multiple layers of security. Go to any Gartner or Forrester conference for CIOs and IT directors, and ask the attendees what percentage of devices, ports, and endpoints on their network are unknown and uncontrolled. We do this routinely. The typical guess is 10 percent to 15 percent, or “We just can’t track that.”
No enterprise IT pro has yet replied, “We detect everything in real-time.” Some companies, frustrated they can’t build an effective solution, turn to third-party consultancies for discovery of routers, switches, ports and endpoints. From what they tell us, the results are far from perfect. As it turns out, 100 percent discovery is not easy.
The IT Paradox: Despite Advances Across the Spectrum of IT Security, Huge Blind Spots Persist
The continued existence of significant infrastructure blind spots is difficult to rationalize. You cannot protect, control, or quarantine what you can’t see. Data governance, risk management, and compliance leaders live under the shadow of security and breach implications. Chief information security officers know the gap is always there. Access by unauthorized endpoints is clearly dangerous and means that advanced security measures can be for naught, if they regulate only the visible endpoints.
The persistence of blind spots – despite the major advances in “post-logon” security – is the paradox of corporate IT this year, last year, and for the past decade. What appears to be inexplicable complacency about unknown endpoints is more likely to be grim awareness that failure to see every port in real-time puts a greater burden on other security measures.
Paradox-Buster #1 – Bar the Door
The best way to stop a rogue endpoint intrusion is to never let it onto the network. Don’t rely on the layers of post-logon protection that you have in place. While they are good, they aren’t good enough… nor fast enough, every minute, 24 X 7. Instead of banking on remediation after bad behavior is detected, intercept every unauthorized endpoint using either Layer 2 MAC-based or 802.1X, and switch off the port being used, before any tainted traffic can touch the network.
This “Bar the Door” approach requires that you can also discover and persistently monitor all ports and links. Without the ability to see them all in real-time, there will be serious gaps.
Paradox-Buster #2 – Replace Discovery Tools That Aren’t Fully Vendor-Independent
Endpoint protection must start from awareness of every router, switch, and port on the network, plus real-time discovery of any endpoint attempting access. That requires discovery covering all brands, models, and versions. Realistically, your infrastructure is heterogeneous or will be soon. With the Internet of Things, and to give you negotiating leverage, you require fully vendor-independent discovery. It will help keep you out of costly traps.
Paradox-Buster #3 – Study Vendor Claims and Customer Testimony Carefully
Read vendor claims attentively. Do they state unequivocally "We find every port and endpoint and detect/block every new endpoint and device, in real-time, regardless of vendor, even on huge networks?" For compete discovery, your vendor should be willing to commit unequivocally to near-100 percent discovery effectiveness.
Earlier this year, a major technology publication conducted a test of several network access control (NAC) products, using a [very] small test network. Not one was successful in recognizing typical devices on even a tiny network. One can reasonably ask whether they could recognize everything on a network as large as yours.
Paradox-Buster #4 – Eliminate the Paradox and Bask in Higher Productivity
Establish 100 percent visibility of every IT asset, including ports and endpoints, to achieve efficiency, order, and higher operator productivity in security and other aspects of running a data center or network.
Insist on hearing customer testimony that a vendor solved their discovery issues “completely.” Discovery that is successful only 99 percent of the time is inadequate; if a breach occurs on the one percent it can cost tens of millions of dollars. There’s only microscopic wiggle room on the need for 100 percent discovery on big, heterogeneous networks.
Find Everything, Miss Nothing
This will give your other investments in security and ITOM applications the full and correct picture needed to work across the entire infrastructure. Wipe out the blind spots, and you can be confident that your other security solutions will become more effective. With absolute 100 percent discovery comes freedom from the pervasive, 100 percent unacceptable paradox of modern IT: network blind spots.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.
About the Author
You May Also Like