I was at TechEx last week in beautiful San Francisco. Despite the smell of smoke from the forest fires in Napa and the surrounding area acting as a grim reminder of the not too distant natural disaster, San Francisco had it’s pretty on. It was vibrant, diverse and exciting. The same can be said of the TechEx 2017 event. A strong line-up of sessions coupled with engaged discussion afterward made it very worthwhile.
A couple things stood out for me. First, amid all of the tracks I attended in advanced networking, information security, and trust and identity, there is definitely an acknowledgment that network capacity, while always important, is no longer getting all of the attention. Rather, it’s network performance and analytics that has become very consuming. There was a second overarching theme and not surprisingly it was network security. Where endpoint security, information security, and cybersecurity, in general, get a lot of airtime, they are only as good as the security of the underlying network. Because network capacity is considered in decent shape, network architects and engineers are turning to making sure the infrastructure is properly protected. They are looking to be proactive in their approach to network security by taking all of the information gleaned from leading network performance and analytics solutions, matching it against policy and then automatically, and in real-time, updating traffic flow and network configuration (yes, I have to say leveraging AI and drop that buzz word!). Some people are calling this closed loop an ‘adaptive response’.
So where are we with ‘closing the loop’? Adaptive response only works when there is a simple way to connect the analytics (I know what I have) to the action (this is what I want to do with it). Currently, there is a gap in the middle. To put it in Gartner‘s terms, they define the 3 key stages of a threat intelligence strategy to be: acquire, aggregate and action. The challenge is that network security is missing the ‘aggregate’ portion where knowledge is centralized, considered within the scope of network policy and subsequently translated into a directive that ultimately triggers action. Sure, lots of micro-examples exist, there are POCs here and there, but to make this real we need to work towards a closed loop that is constructed in simple, functional blocks (think Lego) that can be used wherever it’s needed in the network and that operates at scale.
We have some ideas on this. Stay tuned…..