Introduction
This blog will discuss four critical elements of edge network situational awareness and then provide an introduction of the powerful dashboards, reporting, and collaboration features available in Link-Live (platform for team collaboration, reporting, and analytics). With comprehensive visibility into these components, IT teams can get the information they need to achieve optimal performance and maintain strong security at the edge.
The Need for Situational Awareness
There are many definitions of situational awareness. Here’s one from Wikipedia:
Situational awareness or situation awareness (SA) is the understanding of an environment, its elements, and how it changes with respect to time or other factors. Situational awareness is important for effective decision making in many environments.
Given this definition and the many “moving parts” of the perimeter network, detailed situational awareness at the edge is a “must-have” to achieving peak customer satisfaction and maintaining a robust cybersecurity posture. Why is this so? Because ultimately the edge is the “face” of IT resources where most users connect. It’s also ground zero for the proliferation of devices such as IT, IoT, and other unmanaged endpoints. So many devices being connected and removed, employees, customers, and visitors—friend and potentially foes—joining and leaving the network continuously. Constant changes to the network resources to support all this makes for a chaotic environment from both a performance and cybersecurity perspective.
Hence, ensuring easy and comprehensive visibility for all stakeholders whether NetOps, SecOps is a must. That’s where Link-Live makes the process simple. With tight integration of NetAlly handheld tools such as CyberScope®, EtherScope® nXG, and AirCheck® G3 Pro, field data spanning the entire organization’s locations can be easily uploaded and shared from one central location. Then, anyone with a need and authorization can be given their own login and instantly get a snapshot of status via intuitive summary browser-based dashboards —with drill down details for those who want to dig deep.
Four Key Elements to Edge Situational Awareness
Situational awareness at the edge is crucial for maintaining security, performance, and operational efficiency. There are numerous elements to achieving maximum situational awareness at the perimeter. Here we will highlight four:
- Device Health, Availability, and Status – Ensuring endpoints are consistently operating properly demands ongoing monitoring. Depending on the application or function it supports, validation of device availability can also be an integral part of operational health (e.g., IoT sensors used in healthcare or manufacturing processes) and customer satisfaction.
- Network Topology Intelligence – Knowing the layout and structure of the edge network is key to quickly addressing failures and rerouting traffic. It’s also crucial for quickly detecting unauthorized changes that might otherwise be missed for an extended period, so periodically updating topology maps and comparing with previous versions is essential.
- Infrastructure Integrity – Certifying only approved network components are attached to and operational is another indispensable element in edge situational awareness efficacy. Just say “no” to rogue network equipment. With NetAlly, users can categorize devices into four authorization classes: Authorized, Unauthorized, Neighbor, or Unknown. This makes the process of finding new devices fast. Here too is the need to confirm correct configuration, including things such as network segmentation and provisioning along with a various wireless parameter such as channel usage, manufacturing prefixes, and 802.11/security types.
- Threat Detection and Security Monitoring – Edge networks are often the first line of defense and with their elevated attack surface and easy accessibility a prime target of hackers, so it’s crucial to detect vulnerabilities early before they can be exploited.
Combined Edge Network and Security Visibility is Crucial
As can be seen in the four elements discussed above, the path to peak edge visibility and therefore optimal operational integrity entails the blending of parameters that span the historical knowledge domain areas of security and network teams. Having only one perspective leaves major potential gaps in network perimeter health, status, and worst of all security. The solution? Convergence (or at least cooperation) of edge network and security operational data and intelligence. This does not require teams combine, but it does mean acknowledging NetOps and SecOps each brings distinct, but frequently overlapping areas of excellence that when united offer tremendous upside for the entire organization. The right tool can facilitate this important initiative. NetAlly Link-Live is that tool.
Bridge the Network and Security Teams Gap with Link-Live
The heart of Link-Live’s ability to deliver comprehensive situational awareness is centered with its Discovery and WiFi dashboards. To see this in action, check out this short video which demonstrates the simple navigation and drill-down to resolution capabilities. For this blog, we’ll focus on key highlights.
Discovery Dashboard
Let’s start with the Discovery dashboard which includes four “modes” of methods of displaying the network status information. These are located at the upper left-hand side of each dashboard, where users can easily switch between these by clicking:
Each provides a distinct perspective of network security status, valuable for different audiences:
- Graphical Mode – Excellent for providing a status summary. This is a dynamic, interactive graphical interface, rolling over each widgets provides instant visibility into each of the variables called out via fly-over values. Users can also drill-down as required for investigations. Among other situational awareness elements discussed above, “Infrastructure Integrity” can be quickly assessed from this angle.
- Tabular Mode – Provides a device-by-device breakout with key attributes, one per line across multiple columns. Included here is powerful free-string search and filtering by all network parameters listed such as device, VLAN, and security. Delivers insights into both “Device Health, Availability, and Status” and “Infrastructure Integrity” situational awareness elements.
From this starting point, it is easy to select and drill into the questionable device for in-depth specifics into status and test results.
Note filtering and searching is persistent across all four modes which makes workflow navigation a breeze.
- Nmap Mode – This viewpoint is available with CyberScope only and offers drill down overviews into specific Nmap commands and scripts executed during Discovery. Excellent for rapidly assessing “Threat Detection and Security Monitoring” elements of situational awareness.
If required for security investigations, IT teams can drill into specific Nmap outputs
- Topology Mode – Outstanding for providing a great visual way of seeing devices and their connectivity between each other. A perfect fit for the “Network Topology Intelligence” element of situational awareness.
WiFi Dashboard
In this case, the dashboard summary includes widgets that call out Wi-Fi counts, manufacturer prefix, client manufacture prefix, SSIDs, channel usage, 802.11 types, security types, BSSID authorization class, and client authorization class. Everything one needs to quickly assess the status of the edge wireless network.
The second console is the WiFi dashboard. Generated as part of the discovery process, here the focus is on wireless, both WiFi and Bluetooth.
As with the Discovery dashboard above, this is a highly flexible, interactive graphical interface, rolling over each widgets provides instant visibility into each of the variables called out via fly-over values. Users can also drill-down as required for investigations. Wireless “Infrastructure Integrity” can be quickly assessed from this standpoint.
Navigating from the summary dashboard begins by clicking on the “Analysis” in the upper right corner. Two “modes” of assessing the data are then presented. These are located at the upper left-hand side of each dashboard, where users can easily switch between these two by clicking either the graph or tabular icon.
In conjunction with this there are six “Views” offered whether in Graph or Tabular mode: Channels, SSIDs, APs, BSSIDs, Clients, Probing Clients, and Bluetooth.
- Graph Mode – Two widgets are shown, the first, “Overview By Channel” (this is the first “view”) gives a channel by channel count of SSIDs, APs, BSSIDs, and Clients. Displays details, depending on View into all situational awareness elements except “Network Topology Intelligence”.
As with all widgets, fly over functionality makes getting an instant readout or drill-down fast. With persistent filtering and search, users can switch between each of six views easily as well. As with Graph Mode, displays key facts—as a function of View—into all situational awareness elements except “Network Topology Intelligence”.
- Tabular Mode – In this example, “Overview By SSID” is shown (this is the second “view”) lists all SSIDs with relevant parameters in columns.
In Summary
At the beginning of this blog, the claim was made that given the hectic environment at the edge, the need for comprehensive situational awareness was critical to ensuring optimal network performance and a robust cybersecurity posture. Busy IT Help desks suggest there is truth in this from a performance standpoint while I would argue the relentless stream of yet another organization announcing a security breach serves as strong evidence from a threat perspective.
Given these observations, one way out of this conundrum is to offer a single tool that lets both SecOps and NetOps (or those responsible whether one team/individual or multiple ones) have end-to-end, comprehensive network perimeter situational awareness—four of which were highlighted.
Using numerous screen captures, Link-Live was shown to be that one tool to deliver on this critical IT organizational need. With the ability to collect and share information across the entire business, Link-Live is the solution to address all the challenges at the edge, whether performance or security.