The reality is gray, it does not block or allow
Vice President of Threat Research
For the security industry, the traditional approach to security controls is an all-or-nothing approach. If the reason for connecting to an application or entity is unclear, or if it does something suspicious, block it. Otherwise, allow it. But the reality is that there is neither one extreme nor the other. There is a large gray area in the middle. Legitimate apps can land on any website or service, including risky ones, and the flip side is also true; malicious apps can reach known good entities.
To give users greater guarantees about their data, where it goes and how it is used, a transparency model has emerged. Large app and service providers are letting the customer know what the app is doing so they have the information they need for informed consent. The General Data Protection Regulation (GDPR) and the California Consumer Privacy Act also focus on a transparency model, to allow consumers more control over their personal information and the privacy of their data. Even to applications and browsers from certain manufacturers that block third-party cookies, tracking cookies and other technologies that violate privacy.
In contrast, the security industry’s block-or-allow model is a first line of defense in addressing data security. But when you can’t definitively tell if a website or app is good or bad, threats and risks can hide in the gray. Social media is just one example where information is not available to make a general determination. You may not be aware of what’s going on in a social media app, so you can’t make informed decisions to block or allow individual services to connect to the network, and the challenge is growing.
Consider the reality of today’s hybrid work environment, where end users aren’t sitting on a corporate network with robust security controls. Detecting and defending against threats is becoming increasingly difficult when your applications and data are scattered across a complex and fluid environment consisting of legacy, on-premises, and multi-cloud infrastructure accessed by mobile and remote workers. We call this the Atomized Network, and with it the gray area is constantly expanding.
Armed with this information, what are you going to do to protect your users and your network?
Visibility in the gray
You can’t defend what you can’t see, so visibility is key. You also need to be able to act fast, even automatically, because threats evolve incredibly fast. Phishing attacks can come and go in a matter of minutes, changing IP addresses or other elements until someone unknowingly clicks on an attachment or link. TO new study shows that the ransomware can complete its mission in as little as four minutes, with most variants getting the job done in less than an hour. When you operate in a complex and dynamic environment, you need to be able to observe network traffic across your entire network in real time and easily distill what’s happening to defend against it.
One of the best things about the Netography Fusion platform is that it provides visibility and control across the entire atomized network, without the need for security teams to jump through hoops, so you can move quickly.
Our universal SaaS-based platform provides full visibility into today’s dynamic network to block or enable real-time and retrospective decisions across your entire footprint. A single portal provides a unified view of data from all devices across your multicloud, on-premises, and hybrid environments. There is no need to switch between various consoles and conventions to interpret a combination of data types. Data is normalized and aggregated in one place, making it easy to use. With visualizations, you can quickly manipulate and analyze data to make more informed decisions on the fly.
While the block list and allow list will likely continue to serve a role in the security team’s toolbox, you also need a way to see the shades of gray. With Netography, it can interpret and act decisively on a much wider range of data to protect its fragmented network and users connecting from anywhere.