SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Why deep observability is key to closing cloud migration security gaps
Tue, 31st Jan 2023
FYI, this story is more than a year old

Recently Shane Buckley, Gigamon’s president and CIO, sat down with Shira Rubinoff, president of Green Armor Solutions and one of the most informed cybersecurity experts in the information technology (IT) and security community.

With the alarming rise in online threats being top of mind for cyber professionals, we discussed some of the biggest obstacles facing today’s enterprises, specifically how and why deep observability is the answer. Key takeaways from our chat follow.

Deep observability broken down

‘Observability’ has been around for some time and is a non-intrusive way to keep an eye on how systems are working. Typically it uses metrics, events, logs and traces (MELT) to understand what’s happening within an application.

However, what many organisations don’t realise is that MELT is incomplete and easy to spoof. Sophisticated threat actors can overwrite logs and fool the security systems in place, sending false information to the security operations centre (SOC) teams.

My company augments log-based observability methods by going ‘deep’ and providing organisations with actionable network-level intelligence from immutable metadata that is used to validate the authenticity of the log-based observability insights.

Our technology takes it to the next level by going into all seven layers of security to extract reliable metadata from network traffic, reformulate the information, and provide it to a variety of observability tool vendors.

In doing so, we’re able to provide a pipeline of high-fidelity traffic to these tools in real-time, which validates the authenticity of the data, reduces false positives for the SOC, and advances the overall security posture of an organisation.

The cat-and-mouse game

The biggest challenge Gigamon’s customers face currently is that the industry is moving away from a self-contained, on-prem cloud structure.

The second the cloud goes off-prem, it reduces and sometimes eliminates the firm boundary that existed between trusted networks and the untrusted internet. CISOs have expressed that this is their number one security priority, and they are growing increasingly concerned that there is no true solution for this today.

Every security professional I’ve spoken to highlights the difficulty of prioritising noisy alerts. Because adversaries hide in traffic, such as encrypted web communications, it is extremely difficult for defenders to distinguish this activity from the noise of everyday operations.

To put it lightly, we’re in a cat-and-mouse game, and the mouse is winning. It’s time we change that.

Deep observability gives organisations the upper hand

We continue to see unprecedented growth in hybrid cloud adoption for organisations worldwide. Security of hybrid cloud remains the number one challenge for CISOs and their organisations.

My company’s deep observability pipeline provides a similar level of protection to hybrid cloud workloads as we have delivered for the past 15 years for on-premises workloads.

It provides full visibility into all traffic, both north/south and east/west movement, eliminating blind spots and making it much more difficult for threat actors to dwell within customer networks.

The technology provides the only source of immutable actionable network-level intelligence to security tools, which is critical for organisations to remain secure in hybrid and multi-cloud environments.

To accomplish this and help bolster enterprises’ security postures, we recently launched an expansive set of advanced capabilities for our deep observability pipeline. This allows our customers to:

  • Acquire container traffic over any container network interface (CNI) and any container orchestration, including auto-discovery of new nodes. Developers can now run fast, and security teams can ensure monitoring of all East-West communications, including ephemeral workloads.
  • Access new network-derived application metadata from any observability platform, including Dynatrace, New Relic, and Sumo Logic. Customers can now extend their current tools for new security functions, such as identifying rogue services or activities and illegal crypto mining.
  • Scale their on-premises network telemetry processing with the new GigaVUE-HC1-Plus visibility appliance, offering twice the performance in half the physical footprint and power requirements.

Overall, with a combination of the layered product architecture, advanced threat research, and direct guidance from our threat and incident response experts, SOC teams can feel better equipped to level the playing field with threat actors.