Industry Insights with Martyn Crew

Deep Observability: Why You Need It. How You Get It.

Deep Observability: Why You Need It. How You Get It.

What good are a company’s cybersecurity defenses if they can’t detect a breach? This would be like owning a guard dog that isn’t able to hear, see or smell. Yet when asked about this, one in three respondents to the Gigamon 2024 Hybrid Cloud Security Survey reported that their existing security tools failed to detect a recent breach. And for those who were alerted to an incursion or breach, one out of four of them could not determine the root cause.

In other words, cyber defenses at a great many organizations are much less effective than they need to be — and the cybersecurity professionals responsible for maintaining those defenses know it. To wit, only about half of the 1,000-plus CISOs and other security leaders who took part in the Gigamon survey (54%) claim to be strongly prepared to identify threats across their hybrid cloud infrastructure.

More Complex Networks and Mounting Cybercrime

During the past few years, IT environments have rapidly evolved. Gone are the days when an enterprise relied on a single data center or cloud environment. Today, 90 percent of organizations operate in a hybrid and multicloud world,1 and securing increasingly complex hybrid cloud infrastructure has become far more challenging.

Bad actors have been quick to take advantage of the growing complexity, as the number and sophistication of cyberattacks have skyrocketed. As a result, cybercrime is expected to grow 15 percent per year over the next two years, from $8 trillion globally in 2023 to $10.5 trillion by 2025.2 This is up from $3 trillion in 2015.3

The punishing nature of these attacks generates an urgent need for what CISOs and other experts refer to as “deep observability” into and across their hybrid cloud infrastructure. The idea is to maintain an on-premises level of security and compliance across every organization’s hybrid, multicloud networks. To achieve this goal, an organization needs complete visibility into its lateral (i.e., all internal) traffic, as well as the North-South traffic that crosses its organizational perimeters, along with all container traffic as well. Such visibility is a must for security teams that wish to be more proactive about identifying anomalies and anticipating threats before they occur. Proactive security expedites troubleshooting, improves compliance, and mitigates risk.

Deep Observability Advantages

Deep observability compliments an organization’s existing log-based security and observability tools with actionable network-derived intelligence and insights. This provides the complete picture, enabling organizations to detect previously unseen threats, accelerate root-cause analysis of performance bottlenecks, and lower the operational overhead associated with securing and managing hybrid and multicloud IT infrastructures.

With deep observability, CISOs can better understand their environments. It helps them identify potential threats with network-derived intelligence and insights that eliminate blind spots and complement tool-generated metrics, events, logs, and traces (MELT). This is accomplished through deep packet inspection and the extensive use of automation. Among its benefits, a deep observability approach:

  • Greatly improves discovery of network assets and API communications.
  • Identifies any hosts using weak ciphers or expiring TLS certificates.
  • Detects unauthorized activities, such as crypto mining, which is the process that many cryptocurrencies use to generate coins and verify transactions, and makes use of network resources.
  • Integrates multiple, different security tools into a single, cohesive platform. This, in turn, allows CISOs to reduce tool sprawl and redundancy.
  • Reduces the number of false positive alerts for network analysts, eliminating distractions and allowing them to focus on real threats.

Continuous Threat Modeling and Zero Trust

Deep observability also provides a basis for continuous threat modeling. Using this technique, CISOs and their teams can stay on top of constantly shifting threats, identifying new avenues of attack and regularly reevaluating their organization’s risk profile.

All of these steps are needed to successfully implement a Zero Trust network architecture, which can help organizations secure data wherever it resides on the network — whether on-premises or in a cloud. By enabling organizations to eliminate blind spots and better secure their hybrid cloud infrastructures, deep observability is central to any Zero Trust initiative. In the Gigamon hybrid-cloud security survey, four out of five (82%) respondents agreed that real-time visibility and deep observability are prerequisites for successfully implementing Zero Trust.

As the Gigamon survey bears out, recognition that comprehensive network visibility is paramount to any proactive security strategy is no longer limited to CISOs and IT executives. Corporate boards are reaching this conclusion as well, and 80 percent of the survey’s respondents report that their board considers deep observability a cybersecurity priority.

Achieving Robust Security Readiness

With the right guidance and network telemetry, any enterprise can attain a state of deep observability across its hybrid-cloud infrastructure. To learn how your organization can achieve a more robust state of security readiness, download the latest Gigamon eBook about identifying unseen threats.

1 "Assure Security and Compliance Across Your Hybrid Cloud,” Gigamon

22023 Cybersecurity Almanac,” Cybercrime Magazine

3Cybercrime to Cost the World $10.5 Trillion Annually by 2025,” Cybercrime Magazine



About the Author

Martyn Crew

Martyn Crew

Senior Director of Solutions Marketing and Partner Technologies, Gigamon

Martyn has over 30 years of industry experience in security, networking, cloud, IoT, and data infrastructure and is an experienced presenter, panelist, and writer. He has been with Gigamon for four years and, in his role as Senior Director of Solutions Marketing and Partner Technologies, Martyn leads a team that is focused on understanding customer needs and industry trends and developing solutions based on Gigamon and partner products to address these trends, customer needs, and business opportunities.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.