Networks today are blind. As analyst firms such as Gartner have pointed out, IT doesn't really know which users are on the network. Similarly, IT knows very little about the application traffic on the LAN.
IT relies on cryptic tools to stand in for user and application data, but these tools can rarely be used to tie the information back to real-time traffic.
But if networks have been blind to users and applications for a long time, why is this black hole a problem now? Changes in business practices have changed the risk dramatically. Organizations now host far more people, many of them "outsiders" just visiting, and users are increasingly bringing in more and more applications all the time.
Realistically, businesses need these changes for the productivity gains they enable. Companies need to work with partners and contractors to complete projects efficiently, and often new applications drive new levels of collaboration amongst employees. So the key is for IT to allow these fruitful practices without compromising the security of the organization's digital assets or the productivity of the employees.
What kinds of risks can IT avoid by adding identity and application visibility and control to the network?
Here are just a few examples:
Applications (or people) behaving badly: A bank was under the impression that teller transactions were happening over encrypted tunnels using SSH. After gaining application intelligence in the network and watching their application flows, they noticed huge amounts of Telnet sessions and tracked them back to the tellers. They learned that those sensitive transactions, involving customer financial and personal data, were running in the clear over Telnet rather than being encrypted over SSH.
Who's visiting which sites: Any business that bills clients based on employee time needs to make sure the employees are billing appropriately. A call center company bills by time needed to service incoming calls, and the billing cycle initiates the second the call enters the call center's queue, even if the client's customers have to wait on hold. A study of top applications at one call center revealed extensive access to web-based gaming sites. Turns out playing these games was delaying some employees from answering calls quickly, inappropriately increasing the fees charged to clients. By tying web site access to username, the company eliminated this time-waster and returned to accurate billing for its customers.
The Port 80 problem: People typically use this term to describe the plethora of applications that run on Port 80. While those flows used to correspond to web surfing traffic, today far more applications use that L4 port. Think of the Oracle application serviced via a web browser, or CRM applications using cloud computing such as SalesForce.com. Knowing something is Port 80 actually tells you very little now. And in fact, assuming what application is running based on the use of L4 port can actually leave an organization at risk. Consider the software vendor who thought they'd successfully shut down eDonkey by closing its well-known port on the perimeter firewall. Once they were able to perform detailed application inspection on the LAN, they saw eDonkey was still widely in use, putting their source code at risk.