You can’t protect what you don’t know is there — or can’t see.
When it comes to cybersecurity, network operators must start with that premise, said Sarah Cleveland, senior strategic advisor for public sector at ExtraHop.
“Visibility is one of the foundational items of good cyber practice,” Cleveland said. “If you don’t know what your network looks like, it is impossible for you to do a lot of things you need to do in order to maintain a proper network.”
Visibility must extend to who is on the network or has access, their endpoints and their user characteristics, as well as the patch status of software across the enterprise, she said during Federal News Network’s Industry Exchange Cyber 2024.
That networks are constantly in flux makes maintaining visibility a continuous exercise in gathering and managing data, Cleveland added. Because log, application and traffic data come in so many types and formats, visibility must also address how to harmonize data so a complete picture of network activity is available for visualization and analytics tools.
For agencies pursuing zero trust, visibility becomes all the more important so that network operators don’t overlook the need for constant authentication of every human and nonhuman entity. For example, the security must know the behavior of each application and what resources, such as data, an application calls on.
“That application management process is key to visibility, to zero trust, to knowing how your data is being used and where it’s being used,” Cleveland said.
This insight, she added, also helps with modernization efforts by letting the IT staff know which applications are lightly used or unused. Such applications become candidates for removal and reinvesting the resources used to license and maintain them elsewhere.
“So network visibility is key to not just good cyber hygiene and performance, but it’s also good management of your cyber assets, your tech, your IT budget,” Cleveland said.
AI in the zero trust framework
For organizations open to the cultural and operational changes artificial intelligence brings, zero trust may arrive faster and more comprehensively, Cleveland said.
“AI is going to be one of the tools that is going to make zero trust successful,” she said. “It’s one of the tools that is going to make network visibility attainable, and so we have to embrace that.”
AI will shorten the so-called OODA loop – observe, orient, decide, act – for network operators, Cleveland said, as the algorithms continuously learn about your network and its normal behaviors.
“But we do need the workforce to be open to using artificial intelligence in order to augment what they already know,” she said. Plus, “your workforce is now freed up to do things that are more intellectually taxing than watching ones and zeros flow across the screen.”
Realizing the potential cybersecurity and zero trust benefits once an agency has implemented end-to-end visibility coupled with AI does not come down to that single operator watching a screen, Cleveland pointed out. A retired Air Force colonel, she said her military experience taught her the value of small teams to the effectiveness of mission execution.
“Small teams are critically important in cybersecurity,” Cleveland said. “You need to have a data scientist. You need to have somebody who knows how to break down the code. You need somebody who can do that packet inspection or pull that information from the past.”
By the same token, she said, no single vendor or product will enable zero trust.
“One of the things that attracts me to zero trust is you can’t do it with one vendor, you can’t do it with two vendors,” Cleveland said. “You have to have a bunch of folks with a bunch of different technology come together and agree to work on this problem.”
She noted ExtraHop’s integration partnerships with other companies such as Amazon Web Services, CrowdStrike and Splunk. ExtraHop’s products are “partner agnostic,” she said.
That way, ExtraHop’s dashboard — fed by data from many tools — can present a single, comprehensive picture to an organization’s cybersecurity team members.
“The dashboard helps with that upskilling of the workforce,” Cleveland said. “It gives you a visual, a picture of what your network looks like, of how your data is flowing, how much of your data is flowing and where it’s coming from externally and internally.”