Stability versus flexibility
Every organisation is currently undergoing or will soon undergo a digital transformation. Processes where paper documents are currently being produced or used will ultimately be fully digitized and automated as much as possible. As part of this, companies will also connect production machines and other business assets with the 'Internet of Things' (IoT). When leading or following all ICT developments, CIOs must continuously balance the business needs for stability and flexibility. A possible solution for this is the bimodal concept developed by Gartner. In other words, systematically modernize the often rigid but also proven stable back-office systems and respond flexibly to innovative business needs with quickly customizable apps and micro-services In short, try to unite the 'best of both worlds' and to strengthen each other.
Packet- or flow analysis, or both?
A similar development is taking place in the security field. For decades, CISOs have been using 'packet capture' tools to monitor all network traffic and user behaviour. However, this proven effective security technology requires increasingly more costly resources to keep up with the higher speeds and is unusable for the increasing encrypted traffic. With as result, a risky unjustified sense of security. Studies from various suppliers show that over 40% of all cyber attacks are hided in encrypted traffic to circumvent traditional security solutions. That is why it is time for a more flexible scalable defence method, namely flow analysis. This technique is not new, but has become so much more effective in recent years that about 95% of all cyber attacks can now be detected.
Making real-time digital communication comprehensible
With flow analysis all digital communication can be monitored almost in real-time, even in encrypted traffic. This technique looks at all sorts of metadata to detect deviating or unauthorized communication. Originally only on level 3 and 4 of the OSI model, but in recent years also on the application layer (in accordance with the international IPFIX standard). Thanks to the flexibly scalable capacity of flow analyses, network speeds of up to over 100 Gbps can be monitored virtually in real-time. It is also possible to quickly decrypt encrypted traffic using a complementary solution and following inspection return it as encrypted. A new development in the field of flow analysis is the addition of artificial intelligence in the form of self-learning algorithms.
Increasing regulation around information security
The need to making real-time digital communication comprehensible is not only fueled by new technical possibilities, but also by increasing regulations. According to the General Data Protection Regulation (GDPR) that came into force, it's mandatory for organisations to report a data breach within 72 hours. This short response time, however, is in stark contrast to the average detection time of a cyber attack. On a global level this is 100 days and in EMEA even 175 days With real-time flow analyses, every cyber attack can be detected much faster, based on deviations in the usual network traffic and user behaviour. That is why this technique not only helps organisations to better defend against cyber attacks, but also comply with the increasing regulations for information security.
When in the coming years cars, production machines and robots communicate and function autonomously with each other, companies will no longer be able to manage without real-time monitoring. The amount of data to be analysed and network speed continue to increase because IoT communication is constantly increasing and offering new opportunities for cyber criminals and hackers. Because no security solution can detect and stop all cyber threats, a 'best-of-breed' strategy is recommended, based on 'best of both worlds' tools. In other words, combining the most effective analysis and monitoring tools for legacy ICT systems and the rapidly changing Internet applications. Finally, nobody knows which attacks will come from where and how advanced they are, so it is also important that every security solution is self-learning.
We in Flowmon Networks strongly believe that merging flow and packet level technology into one versatile solution is the way to scale to future performance and capacity needs. Combining continuous flow monitoring, enriched flows with L7 visibility and packet capture when needed bring ultimate flexibility and efficiency.