IT Brief Asia - Technology news for CIOs & IT decision-makers
Story image

Deep observability: Why you need It and how you get it

Today

What good are a company's cybersecurity defences if they can't detect a breach? This would be like owning a guard dog that isn't able to hear, see or smell. Yet when asked about this, one in three respondents to the Gigamon 2024 Hybrid Cloud Security Survey reported that their existing security tools failed to detect a recent breach. And for those who were alerted to an incursion or breach, one out of four of them could not determine the root cause.

In other words, cyber defences at a great many organisations are much less effective than they need to be — and the cybersecurity professionals responsible for maintaining those defences know it. To wit, only about half of the 1,000-plus CISOs and other security leaders who took part in the Gigamon survey (54%) claim to be strongly prepared to identify threats across their hybrid cloud infrastructure.

More Complex Networks and Mounting Cybercrime
During the past few years, IT environments have rapidly evolved. Gone are the days when an enterprise relied on a single data centre or cloud environment. Today, 90 percent of organisations operate in a hybrid and multicloud world,1 and securing increasingly complex hybrid cloud infrastructure has become far more challenging.

Bad actors have been quick to take advantage of the growing complexity, as the number and sophistication of cyberattacks have skyrocketed. As a result, cybercrime is expected to grow 15 percent per year over the next two years, from $8 trillion globally in 2023 to $10.5 trillion by 2025.2 This is up from $3 trillion in 2015.

The punishing nature of these attacks generates an urgent need for what CISOs and other experts refer to as "deep observability" into and across their hybrid cloud infrastructure. The idea is to maintain an on-premises level of security and compliance across every organisation's hybrid, multicloud networks. To achieve this goal, an organisation needs complete visibility into its lateral (i.e., all internal) traffic, as well as the North-South traffic that crosses its organisational perimeters, along with all container traffic as well. Such visibility is a must for security teams that wish to be more proactive about identifying anomalies and anticipating threats before they occur. Proactive security expedites troubleshooting, improves compliance, and mitigates risk.

Deep Observability Advantages
Deep observability compliments an organisation's existing log-based security and observability tools with actionable network-derived intelligence and insights. This provides the complete picture, enabling organisations to detect previously unseen threats, accelerate root-cause analysis of performance bottlenecks, and lower the operational overhead associated with securing and managing hybrid and multicloud IT infrastructures.

With deep observability, CISOs can better understand their environments. It helps them identify potential threats with network-derived intelligence and insights that eliminate blind spots and complement tool-generated metrics, events, logs, and traces (MELT). This is accomplished through deep packet inspection and the extensive use of automation. Among its benefits, a deep observability approach:

  • Greatly improves discovery of network assets and API communications.
  • Identifies any hosts using weak ciphers or expiring TLS certificates.
  • Detects unauthorised activities, such as crypto mining, which is the process that many cryptocurrencies use to generate coins and verify transactions, and makes use of network resources.
  • Integrates multiple, different security tools into a single, cohesive platform. This, in turn, allows CISOs to reduce tool sprawl and redundancy.
  • Reduces the number of false positive alerts for network analysts, eliminating distractions and allowing them to focus on real threats.

Continuous Threat Modelling and Zero Trust
Deep observability also provides a basis for continuous threat modelling. Using this technique, CISOs and their teams can stay on top of constantly shifting threats, identifying new avenues of attack and regularly reevaluating their organisation's risk profile.

All of these steps are needed to successfully implement a Zero Trust network architecture, which can help organisations secure data wherever it resides on the network — whether on-premises or in a cloud. By enabling organisations to eliminate blind spots and better secure their hybrid cloud infrastructures, deep observability is central to any Zero Trust initiative. In the Gigamon hybrid-cloud security survey, four out of five (82%) respondents agreed that real-time visibility and deep observability are prerequisites for successfully implementing Zero Trust.

As the Gigamon survey bears out, recognition that comprehensive network visibility is paramount to any proactive security strategy is no longer limited to CISOs and IT executives. Corporate boards are reaching this conclusion as well, and 80 percent of the survey's respondents report that their board considers deep observability a cybersecurity priority.

Achieving Robust Security Readiness
With the right guidance and network telemetry, any enterprise can attain a state of deep observability across its hybrid-cloud infrastructure.

To learn how your organisation can achieve a more robust state of security readiness, download the latest Gigamon eBook about identifying unseen threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X