UPDATED 15:00 EDT / JUNE 20 2019

SECURITY

Why is SecOps buried in tools? It’s called the ‘visibility border’

As information-technology environments disperse and hybridize, visibility is becoming a greater challenge. Monitoring different cloud environments across vast networks requires sophisticated data-analyzing tools. In the security space, the situation is even hairier; companies keep piling on point solutions to monitor diverse environments while gaining little or nothing in threat detection and prevention.

The problem is that visibility in security operations tends to be rather limited, according to Sanjay Munshi (pictured), vice president of product management at Netscout Systems Inc.

Mushi spoke with Peter Burris (@plburris), host of theCUBE, SiliconANGLE Media’s livestreaming studio, at theCUBE’s studio in Palo Alto, California. They discussed Netscout’s “visibility-without-borders” approach to improving security operations (see the full interview with transcript here). (* Disclosure below.)

Day-zero to day-minus detection

In the typical Fortune 500 enterprise, IT will rely on just one monitoring tool for network operations and cloud operations, according to Munshi. Meanwhile, in the same company, SecOps toils with a whole arm full of monitoring tools.

“Analysts are saying today that a typical Fortune 500 in the U.S. has 70 disparate security tools,” Munshi said. “Why is it that on the NetOps and CloudOps side they need one tool — Netscout for example — but on the SecOps side, there are 70 different products? The reason is not only smart data, but also smart architecture.” 

There is usually a border that prevents SecOps from seeing what NetOps and CloudOps can see. That border holds SecOps at the device level and keeps it from reaching wire and packet data, Munshi explained. This means they must wait longer, take more steps, and use more tools to figure out what’s happening beyond the border.

Netscout has built a two-tier architecture with distributed instrumentation. Its distributed sensor framework generates smart data from the wire and from packets. Then, its centralized analytics layer correlates data across hybrid cloud infrastructure and provides customers complete visibility across the portfolio of their data centers. Netscout provides consolidated visibility across NetOps, CloudOps and SecOps that is unparalleled in the market, according to Munshi.

Analyzing data directly from the wire and from packets expedites threat detection and forensics from “day zero” to “day minus,” according to Munshi. “You can detect these phases much earlier than if you rely on device data, NetFlow or Syslog,” he concluded.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations(* Disclosure: Netscout Systems Inc. sponsored this segment of theCUBE. Neither Netscout nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU