Gartner just posted their worldwide spending forecast report for the first quarter of 2021 and it looks positive. Clearly, the experts will continue to argue about the economic pressure that has been choking parts of the global economy and whether it’s losing its strength, but from Gartner’s perspective, it looks like we’ll see growth in all IT spending.
Specifically, the major growth areas will be in devices (14%) and enterprise software (10.8%). What I find interesting is that this growth is the result of companies adopting to the evolving workforce by making their environment a bit more comfortable.
“IT no longer just supports corporate operations as it traditionally has, but is fully participating in business value delivery,” said John-David Lovelock, distinguished research vice-president at Gartner.
So what does this mean to the network team? We all know the answer; I’ve even posted about it multiple times. We are looking at a new world—a world where the lines that divide the corporate and public networks are blurred, where you have to be observant of all the things happening on your network, and where the demand on your resources will grow significantly. I see two challenges with this.
As offices start to open back up, companies are exploring ways to balance work-at-home and in-house environments. This, of course, is a challenge to most organizations. The good news is that the past year has been a trial by fire, so we got a head start. But as the idea of a hybrid workforce evolves into a permanent policy, tech teams are faced with the issue of enhancing their security posture both inside and outside of the protective company walls.
It reminds me of the whack-a-mole game. An employee can be at home one day, at the office another, and over at a local coffeeshop at lunch. Monitoring their activity and protecting assets belonging to both them and the company can be overwhelming.
With the size and scale of today’s networks growing overnight, their demands on the network team also grew exponentially. To alleviate this pressure, many of these teams have been aggressively implementing automation like Robotic Process Automation (RPA), artificial intelligence, machine learning, and process mining. The same should be considered for your traffic monitoring tools, but where do you start?
So what’s the solution?
In general, you need to employ an NDR (Network Detection and Response) approach to your security posture. You need visibility into all of your network’s traffic, you need a way to detect incidents, and you need a way to respond to those incidents.
One option is to provide an inline monitor via a probe combined with some sort of intelligence to detect abnormal activity. By doing this, you have line-level visibility, which can be highly effective. One major drawback is that you have to deploy probes at various points on the network and that makes scalability in this new world quite difficult.
Another option, and one we have had success with, is using metadata like NetFlow and IPFIX to monitor all the conversations on your network, and using machine learning to offset the monitoring demand that it puts on you and your team. This method tends to scale better because it’s using a protocol that already exists on your network devices. In the past, there was a disadvantage to using flow data because it had limited visibility. For example, you would only see host A talking to host B, what port they were communicating on, and how much data they were using. This isn’t really an issue anymore since many of today’s vendors export extended elements like L7 details, performance metrics, etc.
We all know it: the world as we know it has changed and will continue to do so. How is your company going to deal with these changes? As I mentioned before, employing enhanced metadata will immediately help you expand your visibility and collect that data in a realistic and scalable way. Don’t believe me? If you’re looking for an NDR solution that provides rich conversation visibility along with the flexibility to integrate that data into your current environment, why not evaluate Scrutinizer?