The President of Keysight Network Applications and Security discusses how to improve security and performance by preventing blind spots

The rapid growth of network data, the maintenance of massive applications, and the rapid development of technology; these are all contributing to the steadily increasing complexity of the network. At the same time, cybercriminals are constantly upgrading their technology to seize network vulnerabilities and act recklessly. Knowing the full situation of network traffic is the best way to ensure high security and high performance. With only partial visibility, it is far from sufficient. Encrypted, lost, or corrupted data can cause blind spots, so that performance issues and security risks can be exploited. We invited Mark Pierpoint, President of Network Applications and Security of Keysight Technologies, to introduce to us why the implementation of a network visibility architecture is of vital importance for detecting and preventing possible dangerous blind spots; even for very mature companies, blind spots are also Will cause serious damage to them.

1. What impact will blind spots and network vulnerabilities have on businesses outside the network?

Digital transformation is difficult to separate the network from the business itself, because everyone uses data in some form to improve processes, improve performance and customer satisfaction. A study published by McKinsey four years ago pointed out that only 40% of companies have accepted digital transformation. However, due to the impact of the epidemic, this ratio is now obviously much higher.

In more technology-based companies, they have a variety of networks, including mobile networks that create major services for providers such as Verizon, and more operational technology (OT) networks beyond traditional IT. These may be critical for controlling HVAC in factories or office buildings, or for water and gas supply. In the past year, tremendous changes have taken place in all industries. More and more employees are starting to work from home, and there are more and more digital connections between partners, suppliers and customers. Therefore, in my opinion, the network is very closely connected with every enterprise, and the operation status of the network will directly affect the enterprise.

If blind spots and vulnerabilities lead to data leakage, customers, employees, and many other aspects will be widely affected. Just last week, a meat processing plant was invaded; a few weeks before that, Colonial Pipeline was attacked; SolarWinds was attacked even earlier. We still don’t know the impact of the attack on SolarWinds. Cognizant released a report in May 2020 about the attack the company experienced in the previous month, and it is expected that the attack will have an impact of US$50 to 70 million in its business in this quarter alone.

However, the monetary impact is clearly only part of it. On average, it takes you 200 days to discover your own vulnerabilities and find out the specific reasons. It then takes another approximately 80 days to remediate the impact of the vulnerability. In addition, companies must also consider the loss of brand reputation and customers. Loss of customer data may have greater consequences, and it will take longer to remedy. Therefore, it is very important to have a clear understanding of the network and the risks and vulnerabilities you face. Because of this, this is a very serious problem for most company boards today.

2. What is the point of sending the right data to the right tool at the right time? What impact will this have on the company’s final profit and loss and operational efficiency?

It’s like going to the hospital to see a doctor. You received a blood test, but the report was sent to a radiologist, or you had an X-ray or CT, but the result was sent to a dermatologist. This is obviously not a good phenomenon. It is obviously unwise to send wrong information to the wrong place. This may sound like no big deal, but under normal circumstances, network monitoring and security tools will receive too much data, too little data, or inappropriate data. If this problem is not solved, companies will pay a high price.

If used properly, we now have many effective tools available, but they can be very costly. The point here is not only to send the right data, but also to send the data at the right rate so that the tools don’t get overwhelmed. Suppose you have an IP voice tool. This tool knows nothing about video, if you want to get video analysis data from it, it will be useless. For an effective visibility architecture, the core is to optimize the number of tools you already have, especially the more costly tools. Cases prove that an appropriate visibility solution can save more than three times the deployment cost. However, we need to further develop the effectiveness of these tools, and sending the right data to the right place at the right time can help achieve this goal.

3. Outside of IT, if IT has the insight to solve problems faster and proactively, what benefits will it bring to the organization?

We usually talk about IT, but I also mentioned OT, which includes areas such as smart buildings and manufacturing, utilities, or transportation. We used to think that IT and business are separate. But I don’t think that today’s IT is just a supportive activity; on the contrary, in most cases, it is essentially inseparable from business development.

If we only consider our own business without understanding our sales target, sales location and sales time, it will have a huge impact on how to combine products and enter the market in different ways or solve problems. If a company can diagnose faults faster because they have a visibility architecture that can provide insights into all network traffic, they can find these problems faster. Therefore, we will talk about how to reduce the mean time to repair (MTTR) from the usual hours to a few minutes. Ultimately, this will bring better results to our customers and their customers (end users).

It is also important to realize that more than 30% of traffic in modern IT networks may be related to “management work.” In other words, these include handling backups, handling configuration changes, and handling copies of traffic used for visibility. Implementing these systems in the best way also helps improve the overall performance of the network.

4. Looking further, if an enterprise has a network visibility strategy, what benefits will it bring to end users?

End users are always interested in continuing to use the types of services or functions they are accustomed to, whether they walk into a store and use a credit card to pay, or stream videos without stuttering. Fundamentally, a well-structured visibility solution can play the value of extending the uptime of these services and functions.

It is true that we can reduce loopholes. But in the final analysis, it is like an anti-theft alarm. Although it cannot prevent the inevitable thief from entering, it will give you an early warning. It allows you to deploy the right resources at the right time, allowing you to respond quickly and minimize losses. I think it is like a thermal imager, allowing you to see hot and cold spots clearly. It makes sense to spend a little money to solve hotspot issues and identify damaged areas, because we know that we will never be able to completely prevent heat loss. It enables companies to make proactive decisions, deploy capital more effectively, and take all these actions based on real data.

5. In your opinion, what is the biggest continuous cybersecurity threat, and how can companies take advantage of threats by adopting a visibility architecture?

First of all, I want to say that network security threats cannot be avoided. Perhaps this is not surprising to everyone, but in every system we have, the weakest link is always people. Regardless of how vulnerabilities occur, most vulnerabilities require some information and an entry point to be effective. Phishing and other online scams that try to gather important information through social engineering prove this to us. I think this will eventually continue to be one of the biggest challenges facing the cyber security world. Education and training and continuous safety awareness are critical to solving this problem and making progress.

In addition, I think we will continue to see hackers targeting non-traditional areas. The SolarWinds case shows us the first major hacking attack in the supply chain. In a forward-looking security threat report released in 2019, we predicted this type of vulnerability. I don’t know if this is a good thing or a bad thing. It is not a good thing to make correct judgments about bad things. According to my estimation, this situation will continue to affect some non-traditional areas, because the ultimate goal of ransomware and other attacks is to bring down the enterprise by extracting funds. As I said earlier, just last week, a meat processing plant became the target of attackers. The amount of cybercrime today exceeds 6 trillion U.S. dollars per year, and it continues to grow at a very fast rate. The percentage of hackers brought to justice is still very low. As far as crime is concerned, cybercrime may be one of the lowest-risk causes because no one has to come out in person, and may not even need local support, so they can get away with the law. If the company is not prepared, there will be a lot of remedial measures to be taken, and the costs of all aspects of these remedial measures will be very high.

The Cyber ​​Catalyst by Marsh that Keysight joined last year is an interesting project, and I think it points the way for the future. The program is aimed at insurance companies that provide insurance services against ransomware and other security vulnerabilities, helping them evaluate network products and security products that help reduce customer risks. This program provides training materials and access to best practices. If companies follow best practices or use specific certified products, their premiums will be reduced. This encourages every company to have a deep understanding of the best practices that can reduce the risk of vulnerabilities and how to quickly take remedial measures when vulnerabilities occur.

About Keysight

Keysight Technologies (NYSE: KEYS) is a leading technology company dedicated to helping enterprises, service providers and government customers accelerate innovation and create a secure and interconnected world. From design simulation, prototype verification, production testing to network and cloud environment optimization, Keysight provides a full range of testing and analysis solutions to help customers optimize the network in depth, and then make their electronic products cheaper and faster To market. Our customers span the global communications ecosystem, aerospace and defense, automotive, energy,semiconductorAnd the general electronic terminal market. In fiscal year 2020, Keysight’s revenue reached 4.2 billion U.S. dollars.