Build a resilient network: What I learned from 5 thought leaders
At the 2024 'Strategies for a Resilient Network' summit, five thought leaders shared best practices to help you achieve optimal network resiliency. Learn more.
While you might have mastered enabling a remote-first workplace thanks to the COVID-19 pandemic, keeping the systems, data and applications within your network safe presents another set of challenges. The ever-evolving threat landscape is seeing cybercriminals and scammers get savvier and more audacious by the minute, in turn, compelling organizations to implement proactive and error-proof network security strategies.
We recently floored our 2024 editorial summit Strategies for a Resilient Network, aimed at helping IT professionals design and manage an agile and secure network infrastructure. Hosted on our BrightTALK platform, this two-day virtual event gathered attendees from across the professional spectrum, from the C-suite to consultants and beyond. Our speakers provided insights to help guide viewers toward achieving optimal network resiliency. Here, you'll find some of the key takeaways from their sessions.
Defeating ransomware: Collaborate
AI and generative AI (GenAI) are everywhere, and unfortunately, in the hands of hackers, too. Kevin Tolly, founder of The Tolly Group, presented how hacker use of AI will impact ransomware attacks. "The raw number of attacks might decrease, but the potency and effectiveness of these attacks will rise. So, it will likely remain a major issue," Tolly noted, adding that 66% of organizations were targeted by ransomware in 2023, and according to Sophos Cybersecurity, 46% of those organizations paid the ransom and received their data back. (And as you've realized, more than half did not.) As traditional defense strategies can fall short in responding to ransomware attacks today, Tolly recommends that organizations explore collaborative architecture. This architecture involves effort between network security elements and data storage subsystems to detect, block, and mitigate ransomware attacks in real time. Tolly believes that collaborative systems can dramatically improve protection and advises network security leaders to have discussions with their perimeter security vendors and storage providers because "inaction really is not an option."
Click here to view this session on-demand and listen to Tolly's presentation in its entirety. He also addresses the role of IoT devices in ransomware.
Align stakeholder priorities to project goals
Amritha Arun Babu, a technical product management leader, who has worked for companies like Amazon and Wayfair, tailored her session to product managers. Arun Babu focused on how PM leaders can empower stakeholders while collaborating cross-organizationally to deliver priority products that meet security needs. Arun Babu encourages PMs to address these five questions before embarking on a project:
- Who is your customer?
- Who is your sponsor/who needs to be bought into the vision?
- What makes this product relevant or significant to anyone?
- Who is your primary influencer driving decisions?
- How can you deliver a good product taking all these into consideration?
Arun Babu also highlighted the importance of stakeholder mappings and the need to tailor communication styles based on the audience to enhance decision-making. She pointed out the differences between communicating with executives and developers, explaining that executives prefer high-level information to understand business value while developers look for technical details. PMs should develop skills in communicating to both audiences effectively to avoid roadblocks during product development.
Review more tips from Arun Babu in the full presentation here.
Consider SASE
There's been a lot of excitement around Secure Access Service Edge (SASE) since its debut in 2019, naturally prompting some questions as well. Krishendu De, head of information security at CESC Limited, delved into how organizations can enhance network performance with SASE.
De provided an overview of the benefits of SASE, the problems the technology aims to address, SASE use cases and key factors to consider when selecting a provider. He stressed that implementing a SASE platform goes far beyond security, stating that "…so, as you can understand SASE is just not about security. It's a lot about network performance because if the end-user experience is not good, then there's no point implementing a solution like SASE. Yes, it provides security aggregation in the cloud, but what about the network?"
Go to the session for a complete look at SASE.
Ensure you have green technology
Independent resilience consultant and writer Paul Kirvan guides viewers through integrating sustainability and green technology into a network infrastructure. "When you're developing a network or when you're managing a network, you want to make sure that it's available. That's a big part of what resilience is. And it's not just a matter of what kind of security software you have, what kind of firewalls you use, what kind of intrusion detection systems you're using. But it's also a matter of ensuring that the technology you're using can not only ensure the resilience of your network, but also that it contributes to a greener environment."
In this presentation, Kirvan also addresses environmental impact of network infrastructure, certifications useful when building a resilient network environment and encourages organizations to align network resilience efforts with their broader sustainability goals and initiatives.
Check out the full session for guidance on going green.
Recognize that cloud security is everyone's job
Did you know Gartner predicts 99% of cloud breaches will result from preventable misconfigurations or human errors by 2025? Michael Ratemo, principal security consultant at boutique security firm Cybersecurity Simplified, shared this startling statistic at the beginning of his presentation. Ratemo continued by explaining that organizations can have unrealistic expectations regarding their responsibilities once they've moved to the cloud, underscoring that "the cloud does not provide immunity from breaches." That's why he focused on misconfigurations in this session.
Ratemo ran a live demo of a misconfiguration to show viewers how these could pose security risks, discussed common misconfigurations and dug into some root causes of misconfigurations, such as the following:
- Human error.
- Poor governance.
- Complexity.
- Shadow IT.
- Automation.
- Lack of visibility.
- Improper deployments.
The theme of this presentation was that cloud security is everyone's responsibility and he reinforced this message by highlighting these seven cloud misconfiguration remediation strategies: implementing cloud governance, upskilling employees, leveraging cloud security posture management (CSPM), developing policies and templates, automating security and configuration checks, monitoring, and auditing changes, and implementing technical security controls. Access the full presentation here for additional insights and to view CSPM product demos.
Natasha Carter is the director of partnerships and event content at TechTarget. Prior, Natasha served as the director of audience development at TechTarget. Natasha also co-leads diversity, equity and inclusion (DEI) initiatives across the organization. Before joining TechTarget in 2014, Natasha worked for The Warren Group.