The advice ‘don’t shut the stable door…’ is one of the most long-standing English proverbs. A form of it is found in John Gower’s enormously long Middle English poem Confessio Aman-tis. Here is the passage: “For whan the grete Stiede Is stole, thanne he taketh hiede, And makth the stable dore fast.”
I’m sure you know what it means: To try to prevent or rectify a problem after the damage has already been done.
How does this apply to my network?
The saying for network operators should be: “There’s no point in improving your network visibility after a breach has occurred” Sadly, most network operators rely on after-the-fact analysis to identify a breach or failure then spend hours and even days finding the root cause and eliminating it. The 2020 North America Cost of Average Breach: $8.64 M and the Time to Identify and Contain 237 days.
A proactive intelligence-driven threat hunting approach is needed rather than waiting for the next attack then responding to it. Such a proactive approach is built upon strategic threat intelligence analytics and customized threat hunting software. This threat hunting software operates by matching your network data in real time to what you have established as your normal network function as explained below:
Threat Hunting
Establishing a network DNA that sets the normal standard for any network is key to threat hunting. In other words, your day-to-day network data, facilities and elements operate in this fashion. Not to be mistaken for a security application, this capability does not rely on external data-base dips to identify attacks but captures network changes that are caused by attacks, facilities or element degradation and failures.
Add to that workflows that eliminate the manual intensive work associated with identifying the root cause of an issue that are triggered by user-defined alarms. The workflow finds the most probable root cause and provides the best solution.
Now you know in real time when a change in behavior signifies an attack and you can do some-thing about it before your customers are affected. Or for Network Performance Management, how would you like to know when a router is about to fail or when any router exceeds 80% capacity? How about knowing when a traffic path becomes congested, or when jitter or packet loss is about to affect your customers? Managing your network has just become much easier.
Workflows automates the Alarm->Investigate->Analyze-> portion of the solution using Alert Rules that kickstarts a workflow to determine the cause of the alarm and what steps need to be taken to solve the issue. Moreover, alert rules and workflows are user definable so that the solution is easily adapted to any network by the network operator themselves using drag and drop of pre-defined functions.
You enable complete visibility across all types of network infrastructure: physical, virtualized, software-defined and cloud. This allows you to proactively identify network performance and security anomalies, thus reducing your MTTR from hours or days to minutes.
