State of Network Security: Intent-Based Network Security

You’ve probably heard the term “VUCA” in a meeting or from a trade show stage in the last few years. If you’re still uninitiated, it stands for:

  • Volatile
  • Uncertain
  • Complex
  • Ambiguous

In other words: the modern business environment as a whole, and most definitely the modern network security teams environment.

When our team at FireMon travels to events or speaks to current/potential customers about their biggest security issues, some of the same themes consistently emerge:

Doing more with less: The attack surface continues to expand in all directions, but staffing is increasing by 1-3% at most in the majority of verticals.

Visibility: There’s so much to keep track of — how do I even know what’s in my cloud, for example? Is full visibility possible?

Business needs vs. security needs: This is a huge topic that is only recently beginning to get the type of attention it deserves. A gap often exists between the business and IT Security.  IT security is siloed by vendor, technology and teams. Problem is: silos slow things down, and that doesn’t work in 2018 (it didn’t work three years ago either). Today’s businesses have new devices, tools, cloud assets, and other resources constantly moving into and within their networks, making it tough to identify all the different parts and how they communicate.

Add it all up and it creates a very “VUCA” posture for most network security teams.

Is the answer intent?

We’ve been all-in on intent-based network security for over a year now, including putting together primers for network security teams on implementing and executing the concept. (We also did a webinar together with Ultimate Windows Security in early April on this topic.)

As we see it: Intent-based security enables the business to determine the security and compliance requirements, then simplify and automate the execution through heterogeneous security tools by translating business language to the language spoken by the variety of enforcement devices.

The result will be more effective and compliant security, while allowing DevOps teams to focus on growing the business.

The Lumeta acquisition

We recently acquired Lumeta.

This acquisition was driven by a focus on intent: Lumeta’s technology discovers, maps and analyzes all enterprise connectivity, both on-premise and in the cloud. This continuous identification of new devices, routers, cloud connectivity and more will enable FireMon customers to extend the capabilities of our platform to previously unknown network elements and cloud resources.

Our current and future customers can now extend intent-based security to on-premise and cloud assets that were previously unknown — and ensure the right security measures are in place, in an automated way and by utilizing an organization’s existing security infrastructure.  This will result in significantly improved security without adding an operational burden on security teams.

As our VP of Channel Sales and Operations Kurt Mills told Channel Partners Online:

“Customers are struggling to manage their security programs across disparate vendors and tools, and ensure their compliance to internal technical guidelines and industry regulations,” he said. “Our partners will be able to provide a more complete solution that will help customers get a better grasp of their entire attack surface and the tools to implement better, compliant security programs in a more controlled, automated way.”

Execution-wise, we plan to leverage REST application programming interfaces (APIs) starting next month to embed Lumeta network-mapping software into our software.

The future and the bottom line

The rise of microservices will continue to exponentially increase the number of virtual endpoints that need to be secured. But once the intent behind a policy is determined, applying those policies at scale is feasible — to the point where most cybersecurity professionals should be able to focus most of their efforts on managing the exceptions to those policies.

A critical element of being able to manage those exceptions is the ability to visualize how and where existing policies are being applied. That’s where some of our pre-existing tools, like Attack Simulation and Traffic Flow Analysis, come into play.

This is an extremely VUCA time for network security teams, and it’s getting more chaotic by the minute with the deployment of IT at unprecedented levels of scale.

FireMon’s mission is both (a) simplifying and (b) improving security. That drives all our decision-making.