Industry Insights with Ravid Circus

Audit , CISO Trainings , Cloud Security

Security Through Visibility: Seeing Into Virtual and Cloud Networks

Comprehensive Network Modeling Helps Security Engineers Extend Traditional Security Processes into Hybrid Enterprise Networks; by Skybox VP Products Ravid Circus
Security Through Visibility: Seeing Into Virtual and Cloud Networks

Imagine an IT security team as a navy crew at sea. A torpedo blasts the ship's side below the water line. As the water floods in, they can't even see the hole, let alone fix it. Instead, everyone turns to the pumps to keep the ship afloat.

This is the state of many security programs today. Despite a plethora of point solutions, security teams lack visibility into what they're trying to protect, their most pressing risks and the security tools at their disposal. Thus security teams operate in constant reactionary mode, while a strategic, proactive security program remains elusive.

The growing popularity of virtual networks further complicates visibility issues. Virtual machines are spun up at a moment's notice, and security groups and tags are assigned - but not necessarily in line with broader security policies. Network security teams may have no access to management consoles and limited insight as to how changing network architectures affect their attack surface.

But with comprehensive network modeling extending into virtual networks, network security engineers can gain the needed visibility to unify security and compliance processes across their hybrid hardware and virtual environments.

Verifying Access

A major challenge to policy and access verification in hybrid environments is complexity. The mixture of physical, virtual and cloud networks with their various security groups and tags, as well as traditional ACLs, makes manual comparison and analysis almost impossible. But by normalizing this data and combining hybrid network policies, network access can be analyzed end to end and visualized within the model.

Microsegmentation Challenges

Historically, data centers have been protected by perimeter security technologies analyzing north-south traffic -traffic into and out of the data center. Traditional data center designs assume that all east-west traffic - traveling within the data center - occurs in trusted, well-protected zones. Recent data breaches, however, have shown that this assumption is no longer valid. Microsegmentation is capable of dividing east-west traffic within the data center into smaller, more protected zones; but without security visibility into how microsegmentation is implemented, it's difficult to verify policy is adhered to across the network.

By combining and modeling north-south and east-west policies network security teams can gain end-to-end access visibility throughout their hybrid network. Model-driven visibility also provides a more realistic view of applied policy at the host level rather than verifying access only at "chokepoints" or gateways to the virtual network.

Vulnerability Detection in Virtual Networks

One added benefit of modeling virtual and cloud environments is scanless vulnerability detection. Security analytics applied to the model can deduce vulnerabilities using product configuration and version information. This can significantly decrease reliance on active or third-party scans which are harder to operate on virtual and cloud networks. Incorporating vulnerability intelligence gives a fuller picture of how these networks impact overall risk.


By unifying hybrid IT environments in one model and normalizing their data, organizations can break down the barriers that traditionally existed between physical, virtual and cloud networks for comprehensive, streamlined security management.

This information can be further distilled into a simple picture of the organization's unique attack surface. Using attack surface visualizations, CISOs to "in-the-trenches" security practitioners to board members can quickly see the interconnectedness of their IT infrastructure and where their most critical security exposures lurk. Attack surface visibility gives an intuitive and deeply analytical tool to make fast, informed decisions regarding incident response, operations and security investments. It provides a common language and reference to stop reacting to symptoms and start treating root causes of security issues, creating a proactive, holistic security program.

About the Author

Ravid Circus

Ravid Circus

Vice President of Products, Skybox Security

Circus holds several patents and is responsible for driving thought leadership around Skybox Security's technology roadmap, platforms and products for the next era of security analytics. He is setting the foundation for the company's long-term investments and helping to align product direction with overall strategy and corporate development priorities. A security practitioner at heart, he understands the customer's technology and visibility challenges. His years of deploying customer care initiatives at Credit Suisse, Citi and Chase earned him a reputation as a seasoned security technologist. Circus stays in tune with the major security trends today, from managing network and endpoint data in silos, to how data collaboration will usher in the future of security. He has helped develop and deploy automated change management processes, including the integration of firewall analytics into change management for global enterprises such as Lloyds, JPMC, Citi and Barclays.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.