The atomized network is a modern network architecture that is characterized by its dispersed, ephemeral, encrypted, and distributed nature. This means that traditional network perimeter models, where all traffic is funneled through a central location, are bypassed. As a result, the atomized network introduces new security challenges that need to be addressed.
One of the challenges in the atomized network is the lack of visibility into network activity. Relying solely on IP addresses makes it difficult to determine which specific user or device is connecting to which specific application or service. Additionally, the frequent encryption of network services further complicates gaining visibility into the context of the traffic. To overcome these challenges, organizations need a new approach to network visibility that provides contextual information about the five Ws: who, what, when, where, and why.
To uncover the five Ws, organizations can leverage flow data. Flow data is metadata generated by on-prem devices and cloud services that provide insight similar to what can be obtained from firewall logs. When properly analyzed and combined with organizational context, flow data can provide a foundation for successful investigation into network activity. It enables organizations to see which person is connecting to which service, helping to differentiate between legitimate and malicious connections.
Contextual information from Active Directory (AD), identity and access management (IAM) solutions, endpoint detection and response (EDR) solutions, configuration management databases (CMDB), and network infrastructure repositories can help answer the five Ws. AD and IAM solutions provide information about the user, their department, management structure, and location. EDR solutions and CMDB provide information about the endpoint, including logged-in users, policy updates, patch levels, and BIOS information. Network infrastructure repositories provide information about the location of network activity.
However, gathering and analyzing information from multiple sources can be time-consuming and challenging. To streamline the process, network visibility solutions are essential. These solutions need to evolve to consume flow data from both traditional on-prem and cloud services and integrate the metadata with context from various sources. By looking beyond IP addresses and gaining more granular insights into network activity, organizations can enforce more granular controls and gain comprehensive control over their network architecture.
In conclusion, the
– The atomized network bypasses traditional network perimeter models and introduces new security challenges.
– Relying solely on IP addresses makes it difficult to gain visibility into network activity.
– Flow data provides insight into network activity and can be combined with organizational context to uncover the five Ws.
– Contextual information from various sources helps answer the five Ws and streamline the investigation process.
– Network visibility solutions need to evolve to consume flow data and integrate metadata with context from multiple sources.