In a recent interview, Ariana Lynn, Principal Analyst at The Fast Mode spoke to Jess Parnell, CISO of Centripetal on the impact of traffic visibility on modern IP networks. Jess joins us in a series of discussions with leading networking, analytics and cybersecurity companies, assessing the need for traffic filtering technologies that can deliver real-time, granular application awareness. The series explores how advanced analytics power various network functions amidst the rapid growth in traffic and applications.
Ariana: How do your solutions and products fulfill the demands of today's networks?
Jess: In today's evolving threat landscape, traditional cybersecurity solutions are inadequate. We are in an era dominated by sophisticated threat actors that can outmaneuver these defenses and today’s headlines paint a clear picture - a world in a constant struggle against relentless cyber adversaries, outnumbered by the sheer volume and velocity of threats. Despite this, more than 95% of breaches could have been prevented had available intelligence been used. But how?
Intelligence powered cybersecurity. Instead of just responding to threats - it prevents them from ever reaching your network. By leveraging all available global intelligence in real-time using advanced technologies.
This approach actionably deploys billions of indicators of compromise to dynamically protect networks from all known threats - instantly shielding them from malicious sources, neutralizing active threats and protecting data from unauthorized access. Utilizing this totality of intelligence elevates a network's posture, ensuring robust protection at scale.
Centripetal has invested significantly over 14 years in developing ground breaking technologies that now place the company at the heart of a new intelligence powered cybersecurity strategy. Utilizing its CleanINTERNET® technology, Centripetal leverages the world’s largest collection of intelligence to preemptively protect organizations from emerging threats in real-time. This approach results in a secure network that is free of malicious traffic, bolstered in cyber resilience, and well-equipped for the demands of the modern world.
Ariana: How effective is deep packet inspection (DPI) technology in addressing today's traffic complexities?
Jess: Deep packet inspection (DPI) has long posed challenges for active defense strategies. To utilize DPI effectively, organizations must deploy DPI-capable devices strategically within their network, forming clusters to manage their output. However, positioning these devices correctly is crucial to prevent them from triggering alarms excessively.
Many installations that have purchased intrusion prevention systems (IPS) leveraging DPI often operate in a learning detection mode rather than IPS mode. In this setup, the IPS first analyzes network traffic to learn patterns, allowing administrators to craft policies based on this data. Once configured, the IPS can then actively protect the network. However, deploying an IPS in this manner too high in the security or network stack can lead to service disruptions.
Unfortunately, many organizations invest in DPI solutions but fail to activate them for active protection, preferring instead to rely on them for passive monitoring. This approach results in missed opportunities for enhancing network security. DPI can generate a high number of false positives, especially with the extensive number of signatures, such as the approximately 54,000 in Suricata.
Inspecting all traffic in real-time is unfeasible with current technology, necessitating the use of clusters to manage latency. DPI alone is not an effective solution and is best used in conjunction with a pre-screening process to filter traffic for further inspection. Without such a process, organizations risk facing latency, false positives, and an overwhelming number of event logs that often go unreviewed.
Currently the Chief Information Security Officer at Centripetal, Parnell has over 20 years of experience in network security, most of it directly supporting network infrastructure, excelling in the challenging environments of both the corporate world and government. Most recently he trained organizations on the effective use of an active defense based on real-time Cyber Threat Intelligence. Additionally he created a managed services capability based on Threat Intelligence for a technology start-up, and managed security operation services at the Department of Health and Human Services for HealthCare.gov’s launch, and in the Department of Defense in support of Counter-IED global operations. He is experienced in briefing C-Level executives as well as senior military officers, providing common sense insight into aggressive security related projects.
This interview is a part of The Fast Mode's Traffic Visibility segment, featuring leading networking, analytics and cybersecurity companies and their views on the importance of network intelligence and DPI for today's IP networks. A research report on this topic will be published in June 2024 - for more information, visit here.
