Original source: GigamonTV
This video from GigamonTV covered a lot of ground. 7 segments stood out as worth your time. Everything below links directly to the timestamp in the original video.
Understanding how AI analyzes network traffic for security is crucial as more devices connect to the internet. This insight reveals why your organization's security might be compromised by devices you can't even see.
AI-Driven Security Analytics Require Full Plaintext Data for Threat Detection
Effective AI-driven security analytics fundamentally rely on access to complete plaintext data to accurately identify trends and patterns, according to Michael Dickman. Without a comprehensive view of all network traffic, including data from unmanaged devices like IoT, AI models are inherently limited in their ability to detect threats and anomalies. Historically, IoT devices have lacked visibility due to the inability to install agents or generate traditional network flow data, leaving enterprises blind to potential risks emanating from them.
This need for full visibility underscores a critical challenge in modern cybersecurity, particularly as the number of diverse devices connected to networks continues to grow. Fragmented data insights from incomplete sources or isolated data silos can lead to security gaps, preventing AI tools from building a robust understanding of an organization's threat landscape. Ensuring a complete data foundation is essential for advanced threat hunting, policy enforcement, and regulatory compliance, particularly as new AI-driven security solutions emerge.
"If you're not getting at the ground level a complete view, by definition you're not going to catch the trends."
Encrypted Traffic a Double-Edged Sword in Cybersecurity, Fuels 92% of Lateral Attacks
Encrypted network traffic, while vital for data confidentiality, presents a significant challenge for cybersecurity teams because malicious actors increasingly exploit it to conceal their activities. A striking statistic reveals that 92% of all lateral movement attacks—where attackers spread within a network after an initial breach—are themselves encrypted. This creates a dilemma: organizations need encryption to protect sensitive data, but this same encryption can inadvertently provide cover for sophisticated threats.
The dual nature of encryption means that trusting a connection solely because it is encrypted is a critical security flaw. Attackers leverage this perceived security to move undetected, making it imperative for organizations to implement solutions that can inspect encrypted traffic without compromising privacy. The ongoing battle between securing data and detecting hidden threats highlights the need for advanced tools that empower security teams to effectively counter adversaries who use encryption to their advantage.
"You absolutely cannot trust that just because something is encrypted it is safe, even while you absolutely should use encryption to protect the confidentiality of the data."
Gigamon Introduces 'Deep Observability' for Enhanced Network Security
Michael Dickman from Gigamon distinguishes between traditional observability, which largely relies on device-generated logs, and the company's proprietary 'deep observability' approach. Deep observability provides granular network intelligence by focusing on what devices, applications, and services are actively communicating, rather than just what they report. This method offers a more profound understanding of network behavior, enabling security teams to analyze interactions, data shared, and communication durations, including the ability to inspect packet payloads.
Traditional log-based observability, while valuable for application performance monitoring, lacks the depth required for advanced security threat detection. By offering visibility into the actual network traffic, deep observability addresses critical security gaps, especially concerning unmanaged devices like IoT that do not generate logs or traditional network data. This enhanced visibility allows for more precise threat hunting, policy enforcement, and asset inventory management, reinforcing the foundation for AI-driven security tools.
"What we mean by deep observability is to bring the depth of what the devices and applications and services and assets are actually doing, what are they actually communicating."
Encrypted Lateral Threats Enable Undetected Cyberattack Spread
Encrypted lateral threats pose a significant challenge for organizations, allowing attackers to spread slowly and covertly across internal networks after an initial breach. Unlike immediate, noticeable attacks, these threats use encrypted communication to avoid detection, making it difficult for companies to identify malicious activity until it has proliferated throughout their systems. Attackers can fragment files and exfiltrate data in small, encrypted pieces, further masking their presence and the extent of the compromise.
This stealthy movement, often referred to as "low and slow" traffic, bypasses typical network performance monitoring, as the encrypted communications appear innocuous. The ability of attackers to "move and hop around the environment," with each step remaining encrypted, underscores the critical need for organizations to gain visibility into internal, East-West network traffic, not just perimeter-based (North-South) traffic. Without the capacity to inspect plaintext data within the organization for security purposes, breaches can remain undiscovered for extended periods, leading to significant damage.
"All of those moves and hops are themselves encrypted, and so definitely you got to look East-West at the lateral movement as well as North-South."
Hybrid Cloud Environments Introduce New Data Silos and Visibility Challenges
The growing adoption of hybrid cloud environments is creating new visibility challenges for organizations, leading to fragmented infrastructure data. As more companies repatriate data and leverage cloud provider edge solutions, the hybrid multicloud vision is becoming a reality. However, the tendency to rely on native monitoring tools within each platform—such as AWS, Azure, VMware, and physical data centers—results in distinct data silos.
This fragmented approach prevents a consistent, unified view of an organization's entire IT infrastructure. Instead of comprehensive insights, security and operations teams contend with disparate data sets, complicating threat detection, compliance, and overall management. Achieving complete and efficient visibility across these varied environments is crucial for maintaining security posture and ensuring regulatory adherence in an increasingly complex digital landscape.
"You could have silos of infrastructure, so you can be like I get this data from AWS and some different data from Azure and some other data from VMware and some different data from physical versus having that consistent view that you can see all together."
Gigamon Offers Solutions for Compliance and Selective Plaintext Data Viewing
Gigamon’s visibility solutions are designed to assist companies in meeting stringent compliance mandates by offering verifiable proof of required logging. This capability is particularly relevant for adhering to U.S. federal regulations that increasingly demand enhanced logging and visibility into network activities. Beyond mere logging, the solutions provide flexible control over data viewing, allowing organizations to selectively decrypt and inspect plaintext data based on specific risk, compliance, and privacy considerations, such as those stipulated by GDPR and data residency requirements.
This granular control ensures that companies can maintain confidentiality while still performing necessary security analyses. The ability to choose what data to decrypt and analyze—whether specific workloads or types of traffic—empowers customers to balance their security needs with privacy obligations. This approach transforms what would otherwise be complex technical challenges into manageable decisions, putting the power of data visibility directly in the hands of the organization.
"You can choose based on risk, compliance, privacy, all your considerations, what you want to see, but really now the power is up to the customer."
Increased Cybersecurity Spending Fails to Halt Record Breach Rates
Despite unprecedented investments in advanced cybersecurity tools like XDR, SIEM, and SASE, companies are experiencing data breaches at record rates. This paradox has left Chief Information Security Officers (CISOs) questioning why increased spending on sophisticated security measures is not translating into improved protection. The current landscape suggests a fundamental disconnect between the deployment of new technologies and the effective safeguarding of enterprise networks.
This persistent vulnerability, even with enhanced security budgets, highlights a critical challenge in the cybersecurity industry. It implies that simply acquiring more tools may not be sufficient to outpace malicious actors. The issue may stem from fragmentation, lack of unified visibility, or an inability to effectively utilize these complex systems, leading to a situation where adversaries continue to gain ground despite defensive efforts.
"Despite record levels of security spend, companies are still being breached at record rates."
Also mentioned in this video
- The issue stems from deploying numerous best-of-breed point solutions that… (1:12)
- Encrypted traffic visibility challenges by using an eBPF-based solution called… (5:00)
- Gigamon's approach avoids the need for numerous appliances and helps overcome… (6:41)
- Gigamon's solution helps normalize traffic, de-duplicate data, curate… (7:45)
Summarised from GigamonTV · 16:27. All credit belongs to the original creators. Streamed.News summarises publicly available video content.
