Read a federal IT story these days and it almost certainly references the government’s IT modernization efforts, cloud adoption and strategies, and use of as-a-service solutions. While many government agencies were at various stages of their transformation journeys, it’s widely believed that the onset of the coronavirus pandemic and the shift to mass telework accelerated these efforts by as much as five years as IT teams pivoted to allow greater access and flexibility for staff no longer on-premises.
The rapid adoption of cloud-based services and solutions and the explosion of new endpoints accessing agency networks during the pandemic generated an even greater need for visibility into the who, what, when and where of network traffic. A recent survey commissioned by Riverbed Technology and conducted by Market Connections found that 81% of federal IT leaders noted that the increasing use of telework accelerated their agency’s use and deployment of network visibility solutions.
Though agencies have made great strides and feel confident in their network visibility, there is still work to be done. Agencies must prioritize network visibility to manage their increasingly complex and hybrid networks and ensure the best possible security, connectivity, performance and functionality for their agencies and employees.
How complex can it be?
The answer is very. In the same survey, 90% of respondents consider their networks to be moderately-to-highly complex, and 32% say that increasing network complexity is the greatest challenge an IT professional without visibility faces in their agency when managing their networks.
Driving this network complexity are Cloud First and Cloud Smart initiatives that make it an imperative for federal IT to modernize its infrastructure with cloud transformation and “as-a-service” adoption. Subsequently, cloud adoption went from being an initiative to an imperative to maintain citizen services and mission delivery as the pandemic bore down and the majority of federal staff went remote. Agencies that had already modernized their networks were far better off than those who hadn’t because they had on-demand access to mission-critical applications and capabilities whenever and wherever needed, which was a boon to productivity and collaboration.
Still, while nearly 45%of survey respondents are well on their way to modernized infrastructures — which is great progress — more than 50% are still in the planning stage or not yet considering these transitions. That’s a lot of transformation that needs to happen, and the overwhelming majority of respondents (87%) recognize that network visibility can enable their transitions to cloud infrastructure. Network visibility can help expedite the evaluation process to determine what goes onto an agency’s cloud and what data and apps stay on-premises; it also allows clearer, ongoing management across the networks to enable smooth transitions to cloud, multi-cloud and hybrid infrastructures.
If you can’t see it, then it’s not really there
Not really, and such a mindset won’t please federal employees or citizens who have their data breached inside a government network, and recent events have shown, would be an extremely detrimental mentality. The reality is that network visibility is possible and it is an option for modern networks, which means we no longer have the ability to plead ignorance, even if it may seem like bliss.
Attackers spend an average of 324 days inside a government network before being detected and can do significant damage during this time, from stealing credentials and PII to exfiltration of highly sensitive data. Lack of visibility into agency networks and the proliferation of apps and endpoints designed to improve productivity and collaboration expands the potential attack surface for cyberthreats. Attacks can come from anywhere, anytime and anyone.
The very first step to securing your network is to go through your entire infrastructure to identify what is on it, and what shouldn’t be there. Let’s look at a Riverbed Technology customer to illustrate the value of this approach:
The customer leveraged our visibility tools to assess their network — application rationalization, network traffic, user rationalization, etc. — and determined what needed to be there and what didn’t. When an unknown device suddenly appeared on their network, they were able to detect it immediately even though it was trying to hide in plain site by using 443 (SSL,TLS, HTTPS) traffic, which makes up between 50%-80% of all traffic on most networks these days. They were able to tell what other devices it was communicating with, and that it was pulling a lot of data.
Using Riverbed Technology’s unified visibility and investigative processes, we were able to assess the device, figure out exactly what its location was, and exactly the port it connected to, which corresponded to a patch panel that was beneath a desk. We discovered there were insider bad actors that were trying to exfiltrate data and three people were arrested.
What’s more important in this example, these bad actors had inside knowledge. They knew their attempts wouldn’t trigger traditional cyber tools, they knew what to avoid, and they attempted to be as “uninteresting” as possible and hide in plain sight. True enterprise visibility, behavioral analytics, and tightly monitoring known versus unknown elements in the environment, allowed this customer to identify and ultimately thwart this attack in hours rather than weeks or months.
This customer took the necessary first step and it made all the difference.
Federal IT leaders recognize that network visibility can significantly improve their security posture — in fact, 93% of the survey respondents believe that greater network visibility facilitates greater network security and they consider cybersecurity to be number one priority that can be improved through better network visibility. Federal IT teams also voiced the need for systems that reach out and alert them when something isn’t right, ranking automated threat detection, advanced reporting and automated alerting as the top three most important features of a visibility solution.
The federal government’s modernization efforts accelerated rapidly last year, advancing the adoption of cloud and as-a-service models to create hybrid environments that demand greater network visibility. Agencies need solutions that make it easier to protect, manage and accelerate their networks and apps to advance their modernization initiatives while improving employee productivity, saving costs, performance, and ensuring security every step of the way. Visibility has always played a critical role in addressing these needs and enabling remote capabilities, and recent events have only further highlighted its importance for government networks.
Marlin McFate is the public sector chief technology officer at Riverbed Technologies.