Categories
IT Security Outsourced IT

Network Analysis and Visibility

What is Network Analysis and Visibility?

Zero Trust is a security framework requiring all users, both inside and outside of the network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.1 Zero Trust assumes that there is no traditional network edge; networks can be local, in the cloud, or a combination or hybrid with resources anywhere as well as workers in any location. In a Zero Trust Model, all network traffic, internally and externally, should be logged. In order to accomplish this, network analysis and visibility (NAV) tools can be deployed in conjunction with legacy security information management (SIM) systems.  

NAV tools provide intelligence on, correlation with, and visibility into all aspects of the network, from endpoints to the cloud.2 Organizations implement NAV solutions to gain insight into networks in the cloud, on-premises, or in hybrid environments. NAV solutions can also be used to monitor network traffic, detect threats, discover applications and assets, and to capture packets to gain insight into packet payloads. These solutions integrate with security analytics platforms; security orchestration, automation, and response (SOAR) solutions; and extended detection and response (XDR) tools to provide complete visibility and analytics to enable Zero Trust.

The Forrester Wave Report recommends that NAV customers look for providers with the following features2:

Decryption. Encrypting data at rest and in transit is a key Zero Trust tenet, so it is recommended that providers have onboard or tightly integrated decryption capabilities. Visibility is another key Zero Trust tenet, so it is recommended that tools examine actual payloads, and not just contextual data in the packet headers. Contextual information such as metadata, SNI, source/destination, and JA3/JA3S provides details about packet behavior, but not the payload itself. Deep packet inspection (DPI) requires decrypting packets for examination.

Analyst Experience. Invest in improving Analyst Experience (AX). Due to a talent shortage of well-qualified security analysts, vendors are creating contextual user interfaces to help security operations center analysts of all skill levels across the entirety of their workflows. Integrations like MITRE ATT&CK framework mapping and SOAR provide security analysts with the information necessary to make well-informed decisions without having to be an expert.

Zero Trust Network Access. Integrate with Zero Trust Network Access (ZTNA) solutions. ZTNA solutions provide controls for web browsing and access, but the data itself often receives a cursory examination rather than packet analysis. NAV vendors with ZTNA integration gain visibility into what the mobile workforce is doing without routing traffic back through a cloud or on-premises sensor. ZTNA also provides security controls, such as the ability to block traffic or stop a user session.

1 Raina, 2023, “Zero Trust Security Explained: Principles of the Zero Trust Model”

2 Mullins, 2023, “The Forrester Wave™: Network Analysis And Visibilty, Q2 2023”