Where is the enterprise network?

By Carlos Ferro, SVP and General Manager International Region, for LiveAction.

  • Friday, 29th September 2023 Posted 1 year ago in by Phil Alsop

Where is the enterprise network? That used to be an easy question to answer. Back in the days of “castle and moat” architectures - all of our data, systems and users were in the same place. We could draw a ring around that network and watch traffic come in and out of it, stopping and inspecting it as needed. There are doubtlessly many veteran network administrators and NetOps teams who miss those days.

The network has transformed profoundly since then and it can no longer be pinpointed to one single location or a collection of managed endpoints and servers. Instead - the network is now fundamentally distributed across a wide range of non-contiguous environments such as cloud deployments. While the enterprise network’s reshaping has laid the ground for tremendous innovation, it’s also introduced a level of network blindness which is getting out of control.

The network is now distributed but porous too: Traffic now flows in and out of the enterprise network from seemingly all directions. Developments like Application Programming Interfaces (APIs), the IoT, remote work among others have meant that a modern network has to be open in order to keep up with the speed of technological change.

How the network falls out of sight

To make matters worse - many organisations have not yet understood that the castle-and-moat is no longer a feasible strategy. This ultimately results in large areas of the network into which NetOps and SecOps teams cannot see. A report from Dimensional Research showed that 81% of operations professionals deal with network blindspots.

In traditional architectures, operations and security teams could watch all the traffic come in and out of the network - blocking and permitting as necessary. The new porousness of the network makes that almost impossible to maintain.

Modern networks are replete with connections that run out, in and through from multiple different locations. Take APIs, for example. The last few years have seen their popularity skyrocket because of the array of new programming and development possibilities they offer. They’ve also exponentially exploded the points at which traffic can arrive and leave from. It has been estimated that APIs now account for 84% of network traffic. However, these are also discrete endpoints that are not immediately obvious to enterprises and can quickly spread throughout an environment, invisible to administrators. From there, they become easy breach points for attackers or invisible resource drains from other parts of the network.

The IoT is driving an ongoing revolution in enterprise IT, unlocking all manner of new possibilities. It has been predicted that by 2025, there will be nearly 31 billion installed IoT devices worldwide. However, these devices also commonly sit outside of the normal network boundary and often go unmanaged and functionally invisible to NetOps and SecOps.

The cloud has also fundamentally disrupted the shape of the enterprise network. Now, one network exists in multiple non-contiguous locations. While the activity on that network is functionally similar, gaining visibility into third-party cloud environments is often exceedingly

difficult, creating a fractured picture of network activity and putting both SecOps and NetOps on the back foot when it comes to working out network issues.

Similarly, remote work has become a fundamental part of modern working. Entire workforces are now remoting in from all kinds of locations and infrastructures: Their home offices, internet cafes, train station wi-fi and more. These are often opaque to enterprises and further frustrate their ability to enable visibility into network operations.

The network has transformed dramatically and monitoring it in the same way we did when it was closed will only cause problems. Perhaps most of all, its porousness requires a renewed focus on internal visibility, which many organisations cannot enable.

When visibility tools get in the way of visibility

Exactly in a time when organisations need network visibility most, the tools they use to get it often get in the way of clarity. Primarily, the problem here stems from the sheer number of visibility tools that any one organisation possesses. A 2021 report from the Ponemon Institute reveals that around 50% of companies have only one NetOps engineer handling as many as ten visibility tools at once. These require expertise, education and attention to use and the more that any one member of staff has to use, the thinner they’re likely to be spread and the more they’ll miss.

Furthermore, many visibility tools watch different parts of the network, use different metrics and do not integrate. This means that many engineers have to hop between tools to figure out what’s really going on. In hybrid architectures, for example, parts of the network will be distributed between the organisation’s data center and public or private clouds. Cloud providers will commonly offer their own visibility tools so that customers can look into cloud-bound traffic but these often down integrate with the organisations visibility tools - thus creating a fractured picture of network activity.

They also produce a considerable amount of alerts, which further confuses the picture. This is especially problematic when these are false positives, which commonly distracts NetOps and SecOps from real issues. One LiveAction survey found that nearly half of network professionals - 42% - take too much time troubleshooting across the network. In fact, 38% are so bogged down they can’t even spot network performance issues when they emerge.

Where to find the enterprise network…..

This inability to see the true scope or contents of the enterprise network redounds to a variety of bad outcomes for those enterprises. These are primarily suffered by SecOps and NetOps.

SecOps can’t see threats because so much of the services and assets that make up the modern network are outside of the traditional network perimeter and thus, the view of legacy visibility tools.

Meanwhile, NetOps have to maintain the performance of a network they can’t see into. New additions to the network can have huge effects on resources and NetOps need to be able to ration and allocate those resources efficiently, balancing one need against another in order to preserve the good functioning of the network. Failing to do so results in performance degradations and bottlenecks.

If good visibility is about closely monitoring what you possess, then enterprises often need to reappraise what they really possess. The enterprise network is now everywhere - in the data center, in third party cloud environments, across IoT deployments and even being used in coffee shops and internet cafes - and the scope of enterprise visibility needs to change to accommodate that new reality.