TLDR: Relying Solely on Network Monitoring for Cybersecurity

The Pitfalls of Relying Solely on Network Monitoring for Cybersecurity

Imagine you are the CEO of a company sitting in an office when the CISO runs in and says, “All of our code has been stolen and released to the public!”. The CEO asks, “Who did it, and how did it happen?” The CISCO replies, “I’ll be able to tell you that in a few hours.”

Outdated Security Measures: The Illusion of Protection

As strange as it may sound, this is the reality of many networks. Instead of employing cutting-edge security solutions, they rely on chain-link fences and doors with outdated locks to safeguard their assets. However, they do install video cameras that record incidents on their hard drive. This way, at least after the theft, there's a chance to review the footage and identify the culprits. Unless, of course, they were clever enough to wear disguises, avoid the cameras' view, or disable them-tactics that have been used in thefts for years.

Spending Fatigue in Cybersecurity: The Growing Challenge

Recently, Palo Alto reported:

"Despite the many demand drivers we're seeing, we're beginning to notice customers are facing spending fatigue in cybersecurity," Palo Alto Networks CEO Nikesh Arora told analysts in February. "This is new, as adding incremental point products is not necessarily driving a better security outcome for them.

The Core Issue: Achieving Better Security Outcomes

The last sentence in this quote is the most important one because it cuts to the heart of the cybersecurity challenge: Better Security Outcomes.

There has been so much spending on cybersecurity monitoring tools lately and very little on new or better defense tools. Network monitoring companies have stepped up their game as monitoring vast amounts of data in real time has become possible with increasingly powerful CPUs and low storage costs for processing historical data. These solutions are much more intelligent in combing through network activity and determining what is happening, even with traffic being more encrypted than ever before. But there is a problem.

Network Monitoring: Telling You What Happened, Not Preventing It

The outcome that these monitoring solutions promote is to tell you WHAT HAPPENED and not to STOP IT FROM HAPPENING, which is the desired security outcome.

Although many cybersecurity solutions have wrapped themselves in a Zero Trust blanket, they are often just traditional firewalls and VPNs with new marketing (i.e. the chain link fence protection mentioned at the blog's beginning). One common Zero Trust solution promoted is PAM solutions, which are simply a relaunch of SSL VPN solutions (If you are interested in SSL VPN risks, see this Cisco article to understand how serious some of the issues with PAM Remote Access solutions that claim to be clientless). These solutions often rely on usernames and passwords (exactly like those doors with keys I referred to at the start) and have more vulnerabilities than I can list (MFA Bombing, MITM, session hijacking, etc.).