In a recent interview, Ariana Lynn, Principal Analyst at The Fast Mode spoke to Daniel Chu, Vice President of Systems Engineering for APJ at ExtraHop on the impact of traffic visibility on modern IP networks. Daniel joins us in a series of discussions with leading networking, analytics and cybersecurity companies, assessing the need for traffic filtering technologies that can deliver real-time, granular application awareness. The series explores how advanced analytics power various network functions amidst the rapid growth in traffic and applications.
Ariana: How do your solutions and products fulfill the demands of today's networks?
Daniel: Attacks today easily go undetected on the network. Indeed, ExtraHop’s survey in 2023 found that more than a third of respondents from three countries in Southeast Asia have unmanaged critical devices with no visibility.
It is therefore imperative to ensure comprehensive visibility over the network: from cloud to on-premises and endpoints. In fact, the network is actually a powerful source of truth that offers unparalleled insights. This is why ExtraHop strives to:
- Equip organisations to undertake smart investigation via real-time network insights aided by advanced machine learning perception, detection, and investigative capabilities.
- Speed up threat defense by removing blind spots allowing threats to be intercepted in the early stages before they escalate into operational disruption and financial losses. Common blindspots include lack of visibility in the east/west corridor as well as the ability to strategically decrypt all traffic, including TLS 1.3 and PFS so that organisations gain deep insight into potential encrypted attack vectors hitting mission-critical services.
- Keep pace with risks and implement necessary controls across the organisation. This includes everything from basic security hardening by removing insecure network protocols and communications, to gaining critical network visibility to enable successful Zero Trust Transformation.
These tenets are underpinned by a commitment to building relationships based on mutual trust and customer enablement, which is crucial to propelling organisations to build business resilience.
Ariana: What technologies are most effective in delivering real-time traffic visibility?
Daniel: Organisations need to leverage their network as a central source of truth by utilising a Network Detection and Response (NDR) analytics platform that allows them to harness visibility into network data.
The increasingly sophisticated threat landscape has made it even more imperative for security teams to have both a deeper and wider level of real-time traffic visibility:
- Visibility not just for inbound/outbound traffic, but scalable visibility analysing and profiling within the perimeter at IoT, workstation, and server interactions.
- Visibility not just with low-level TCP network anomalies but having deeper application-level protocol insights to feed Machine Learning analytics: such as login behaviours, usernames, database tables, filename extensions, reads vs writes, etc.
- Not just guessing what encrypted traffic doing, but being able to strategically decrypt mission-critical encrypted traffic to know exactly what it is and isn’t doing.
The provision of broad context and precise packet details are fundamental to real-time visibility. This empowers security teams to detect with less noise, investigate smarter, and ultimately reduce cybersecurity risks.
Daniel Chu is the APJ Systems Engineering Vice-President for ExtraHop. Spearheading the initial launch of ExtraHop APAC in 2015, he continues to be passionate about engaging in hands-on work and providing technical guidance to customers and partners. Prior to joining ExtraHop, Mr. Chu led a regional sales engineering team in Asia-Pacific & Japan at Riverbed Technology. Daniel holds a Masters of Science and undergraduate degree in Electrical Engineering from the Georgia Institute of Technology.
This interview is a part of The Fast Mode's Traffic Visibility segment, featuring leading networking, analytics and cybersecurity companies and their views on the importance of network intelligence and DPI for today's IP networks. A research report on this topic will be published in June 2024 - for more information, visit here.
