Discovering Assets and Threats: Achieving a Holistic View with Deep Packet Visibility – The Fast Mode

4 minutes, 3 seconds Read

In a recent interview, Ariana Lynn, Principal Analyst at The Fast Mode spoke to Dick Bussiere, Technical Director for Tenable APJ on the impact of traffic visibility on modern IP networks. Dick joins us in a series of discussions with leading networking, analytics and cybersecurity companies, assessing the need for traffic filtering technologies that can deliver real-time, granular application awareness. The series explores how advanced analytics power various network functions amidst the rapid growth in traffic and applications. 

Ariana: How do your solutions and products fulfil the demands of today’s networks?

Dick: Today’s increasingly complex hybrid networks must deal with the convergence of Cloud, IT, operational technology (OT) and IoT systems. These network environments require solutions capable of managing a diverse range of security challenges.

Tenable’s solutions offer a holistic view across the entire digital domain, ensuring comprehensive visibility into every component of the network. This integration is crucial for spotting potential vulnerabilities and threats, no matter where they arise. Continuous monitoring is a cornerstone of our approach, with our tools monitoring network traffic at the packet level. This capability is essential for the early detection of new and transient assets, as well as monitoring behaviours to identify suspicious behaviours or indicators of compromise.

Through advanced threat detection using policy-based, behavioural, and signature-based detections, our solutions identify high-risk events and behaviours that could impact network operations. This is particularly critical in OT environments, where unusual network traffic can signal serious threats.

Tenable also prioritises vulnerabilities based on actual risk, to focus remediation efforts on the most pressing issues first. This method improves the speed and effectiveness of risk reduction activities by focusing on what matters now.

Additionally, our patented active querying technology not only tracks devices on the network but also delves deep into each device’s configuration and state. This is crucial for keeping asset inventories current, ensuring that configuration “drift” is not occurring, and ensuring that vulnerabilities and risks are positively identified.

Lastly, our solutions are built to integrate seamlessly with existing security and operational systems – such as SIEMs, log management solutions, next-generation firewalls, and ticketing systems – forming an effective security ecosystem that enhances overall protection.

Through these capabilities, Tenable equips organisations to address today’s security challenges and evolve with the changing threat landscape, ensuring long-term resilience and security.

Ariana: How important is traffic visibility for your suite of solutions and products?

Dick: A high level of visibility into network traffic plays a foundational role in the cybersecurity strategy of organisations for several key reasons.

Traffic visibility enables the continuous monitoring of all data flowing through the network which is essential for asset discovery, and for identifying and reacting to threats. By observing traffic at the packet level we can detect anomalies and security incidents in real-time, providing key insights needed to mitigate them before they can escalate.

This visibility also improves our capabilities around determining normal baseline network activity. Setting and maintaining a baseline is crucial for determining deviations from what “normal” may look like for the network. Once established, Tenable’s tools can spot abnormal patterns that indicate a compromise or potential security concern.

More advanced threat detection capabilities are also reliant on deep visibility into network traffic. For example, it enables signature and anomaly-based detection, where traffic patterns that have previously been seen to be malicious can be quickly picked up. It also supports behavioural detection algorithms that detect more subtle anomalies that may suggest more sophisticated threats such as insider activities or even advanced persistent threats.

Comprehensive traffic visibility also supports robust asset management. Monitoring the entirety of network traffic means we can detect, identify and classify all assets on the network – both new and existing. In today’s network environments, characterised by their constantly changing nature, this capability is invaluable. It allows comprehensive visibility and security coverage across all connected devices despite the dynamic or transient nature of assets IT teams may oversee.

Dick is a seasoned technical architect with over 20 years of experience in ICT security, computer networking and engineering. He frequently assists organizations including financial services organizations, governments and managed security service providers in adopting a regimen of pro-active vulnerability management to help them reduce their vulnerability footprint. He has a strong background in Research and Development, including both software and hardware engineering. Prior to coming to Tenable, Dick was Arbor Networks’ Solution Architect for Asia Pacific. Current Position: As Principal Architect, APAC, Dick is responsible for evangelizing the criticality of vulnerability assessment, vulnerability management and thorough security monitoring as part of Tenable’s enhanced security posture.

This interview is a part of The Fast Mode’s Traffic Visibility segment, featuring leading networking, analytics and cybersecurity companies and their views on the importance of network intelligence and DPI for today’s IP networks. A research report on this topic will be published in June 2024 – for more information, visit here.

This post was originally published on the 3rd party site mentioned in the title of this this site

Similar Posts