Network security starts with network visibility
Large enterprise IT executives’ priority when it comes to security is loud and clear: IT networks are under siege. Unfortunately, the threat is only growing. Cyber attacks are increasing on all fronts and IT leaders need to find ways to ensure network security.
Where do the network security threats come from?
Criminals target network security vulnerabilities related to the evolution of working habits. The spike in remote and hybrid work, and the accelerated push of applications into public and hybrid clouds, widened enterprises’ security perimeters and created openings for hackers and other cybercriminals.
Cybercriminals look for any IT weaknesses to exploit, such as:
- Applications that have not been hardened.
- Weaknesses in industrial and IoT devices.
- Exposed data storage and sharing systems.
- Openings in the emerging edge cloud.
- Configuration oversights or errors by IT workers.
Two of the most common attack vectors are the enterprise network, and enterprise public and hybrid clouds. These two areas experience more attacks, so they get more enterprise attention.
Figure 1 shows about four in ten enterprises reported big jumps in attacks against their networks and public clouds in 2021 and in 2022. Only about 3% to 4% of large enterprises did not report any major increases in security incidents.
Figure 1: Network and public cloud were top enterprise targets for cybercriminals in 2020-2022. Source Omdia
How can you make your network more secure? Invest in network visibility
As attacks on networks and the public cloud escalate, it’s no wonder enterprise IT executives are interested in exploring Secure Access Service Edge (SASE).
SASE combines the flexible, dynamic networking of software defined wide area networking (SD-WAN) with a comprehensive suite of security features. SASE brings attention back to decades-old thinking, that security needs to be embedded in the network.
The reason to embed security in the network, is that this is a major source to collect, analyze, and act on that information. Good network security starts with good information, gathered by having visibility into the entire network estate. Strong visibility is based on being able to see the enterprise network and its related managed services from a single end-to-end view.
When administrators have access to information across the network (end-to-end, network underlay and managed services overlay) attackers trying to breach enterprise sites or cloud resources have few places to hide.
Between end-to-end network monitoring visibility and SD-WAN’s centralized information gathering and analytics, attack attempts become easier to detect, analyze, and stop.
So should you opt for SD-WAN or SASE for a secure network?
SASE has been rising in hype, but SD-WAN also features integrated security features. For years, Omdia has recorded that enterprise adopters turn to managed security services help for SD-WAN. Omdia’s IT executive enterprise survey shows that 60% of enterprise adopters source external managed security services for their SD-WAN deployment.
But SASE is an umbrella concept, not a platform.
Figure 2 shows many network functions are often tied to SD-WAN, and many security functions are attached to SASE. Enterprises see SASE in practical terms, what security embedded with the network means for them. They are less interested in an abstract definition, and more interested in what works.
Figure 2: Network elements associated with SD-WAN and security elements associated with SASE. Source: Company reports, Omdia
Enterprises have subscribed to the network and security pieces listed in Figure 2 separately – and together – for many years. Firewall and gateway functions have been part of routers for decades, and firewalls have been part of SD-WAN platforms from the start. DDoS mitigation, DNS protection, and data loss prevention are standard practices for enterprise security teams.
SASE promises full integration of the network and security suite. Full integration is not so compelling when enterprises just need vital pieces. An enterprise may pull together VMware SD-WAN and Zscaler cloud security; they may call that combination secure SD-WAN or SASE. Either way, the enterprise meets its goal of embedding security within the network.
Security investment remains a top priority
According to Omdia’s IT executive enterprise surveys, security stays a top priority for increased enterprise ICT spending in the next 12-24 months. Survey results show that 49% of global enterprises plan increased investment in cybersecurity. That compares to cloud, the next-highest investment priority, where 37% of enterprises plan to grow budgets.
Under the cybersecurity umbrella, managed network security services are a top area where enterprises expect to increase spending: 31% of companies plan new or increased strategic investment. Another 31% of enterprises plan to increase security operations investments: security information and event management (SIEM), security orchestration, automation, and response (SOAR), vulnerability management, and incident response. Other service areas targeted for increased investment include:
- Cloud protections such as cloud access security broker (CASB) (30%).
- Firewalls and next-generation firewalls (27%).
- DDoS mitigation (25%).
To sum up, SASE is a positive vision, but Omdia’s enterprise surveys show near-future security investments are tactical. Bigger businesses have built up security investments and expertise over many years. Existing network security practices and models will need to evolve. Throwing out institutional intelligence to start fresh on a new, integrated security model is not an option.
Where does that leave enterprise network security?
As concepts, SD-WAN and SASE help enterprises think about how network functions and security fit together. SD-WAN grew quickly because enterprises had not already deployed these features elsewhere. It helped that existing router and firewall vendors embraced SD-WAN and rolled out upgrade options.
In security, enterprises have an installed base of partners that handle tasks predating SASE. Adopting a SASE model would mean ripping and replacing some of the enterprises’ existing security ecosystem of partners. It means the enterprise road to an integrated SASE, where it happens, will be slower and more customized.
Enterprises interested in embedding security into their network should first make sure the network is built on a solid foundation, with strong end-to-end visibility and flexibility to change. When network/IT administrators have a comprehensive base of network data to work from, they can better understand what is happening in the network, detect issues, and remediate them. A strong network foundation supports a strong network security strategy.
Managing your own SD-WAN deployment can be stressful, but not with Expereo
Expereo Managed SD-WAN connects all your people, workloads and things seamlessly with a unified cloud delivered network and security solution.
Our expertise and vendor-agnostic approach mean you can cut through the noise and simplify your operations with a single partner, operating under a single engagement, offering best-of-breed technology designed to your exact needs.
Get in touch today to discuss your needs.