Evaluating and Measuring Network Risk

By BlackRidge

A day seldom passes without headlines reminding us of the imposing need to remain concerned and vigilant about security threats. This need is magnified many times over as new technology innovations and advancements become more prominent such as with Cloud-based resources and applications, BYOD and Mobile deployments, Software Defined Networks and Virtualization initiatives.

Despite best efforts to secure and maintain trust on increasingly perimeter-less networks, trust is difficult to maintain across network borders, especially in cloud and virtualization environments, nor can it be sufficiently established with all the various devices accessing these services. These conditions and factors all contribute to the increased complexity and expense of being able to quantify and assure an acceptable level of business risk.  This lack of trust enables a growing list of vulnerabilities that are becoming increasingly measureable in terms of dollars (and sense). 

For example, the elimination of the infrastructure resources (a combination of hardware, maintenance and management expense) spent on securing traffic that is later determined to be unwanted, results in lower operational and capital expenditures.  The resulting savings could be much better utilized elsewhere in the organization. A recently published report from NSS labs called “2013 Next Generation Firewall Comparative Analysis” published February 26, 2013, states that the overall total cost of ownership, expressed as “price per protected megabit per second”, is fairly stable at $44 per protected-Mbps for 2013.  This cost figure can be utilized to arrive at a rough estimate of what the potential savings to data centers might be, by filtering this unwanted traffic from entering the network.

In test cases for which we have applied this formula, looking at both external and internal ports each separately and combined, and using conservative estimates of only 10% of the traffic being attributed as unwanted in most cases, we can demonstrate estimated annual savings that quickly climb to very significant amounts, in the millions of dollars in the majority of cases, for both enterprises as well as SMBs. (Contact us for more details or to access our model to try for yourself.)

It is clear that approaches such as Identity Aware Networking are required to move from the implicit trust of networks and clients, to explicit trust of the user, device, and application through establishing, communicating and applying policy based on strong identity within the Network.  No one else delivers explicit identity and first packet authentication on every transport flow.

Identity Aware Networking enables dramatically new and simpler network security paradigms, increases operational efficiency by eliminating unwanted network traffic, and improves agility and reduces business risk.  It also:

  • Establishes explicit trust by communicating and interpreting identity across networks at the Transport Layer.
  • Disrupts ability to find and identify assets on a network before identity is established (conceals network assets from port scans and network reconnaissance).
  • Reduces CAPEX by eliminating unauthorized traffic from your network.
  • Prevents unauthorized connections to IT infrastructure. Attacks on networks have become sophisticated enough to bypass conventional security measures like IPS, firewalls and antivirus. These attacks are stealing critical data, deploying malware, or simply shutting down services - bringing down entire network infrastructures.
  • Stops the Information Leaks that enable attacks against network and applications. Attackers are testing the perimeter of networks every second, looking for responses to probes, pings and specially crafted packets, using any response to better design an attack to penetrate the network, and even modify or steal your data.