The Silicon Review
“This is an exciting time for Network Perception because we are expanding in three directions.”
Cyber threats have now grown to be so sophisticated that they can use one company’s network to infect another. So, now it’s more important than ever to protect your assets not only for the well-being of your company but also for your business partners.
For this reason, we talked with the CEO at Network Perception – a company that offers network audit and compliance software – Robin Berthier, about how network visibility can improve a company’s cybersecurity posture and uncover the most prominent threats to look out for, and increase overall cyber resiliency.
Q. Tell us about your journey throughout the years. How did the idea of Network Perception originate?
Network Perception started as a research project funded by the Department of Energy and the Department of Homeland Security at the University of Illinois. The initial research consisted in formally verifying that organization-wide network access policies were correctly implemented by distributed local firewalls.
The founding team worked closely with industry partners for years to understand their challenges and develop the next generation of network verification and visualization technology. This technology was packaged into a desktop application called NP-View that has the unique capability of being lightweight and robust, providing compliance and security teams the fastest way to verify complex firewall rulesets in minutes rather than days. The application was adopted by the North American Electric Reliability Corporation, NERC, which is the regulating body for the electric industry in North America, to conduct their Critical Infrastructure Protection audits.
NP-View evolved as an on-premises server-based solution to enable organizations to transition from a point-in-time review of their critical network into continuous verification and visualization through automated workflows. Today, NP-View is available in three editions: NP-View Essential, NP-View Professional, and NP-View Enterprise.
Q. Can you introduce us to your NP-View product? What are its key features?
NP-View is a software solution designed to secure critical assets with intuitive, proactive, and continuous network segmentation visualization and verification. Its key features are:
Working offline, as it only requires copies of network device configurations to run Providing instant custom network topology visualization without having to connect to the network Producing instant network risk assessment by identifying incorrect network segmentation and overly permissive accesses Providing a proactive alerting and notification system
The network visualization is highly intuitive and interactive to provide value to both technical and non-technical users. It also simplifies the firewall review process by unifying ruleset representation across all major firewall vendors.
Q. What are the most common threats carried out via insecure networks?
The insecurity of networks increases risks in two ways. First, it exposes vulnerable assets to malicious actors. Second, it enables adversaries to conduct lateral movement by pivoting from one compromise asset to the next to expand their reach into the most critical zones of the network. The exposure and the expansion can be mitigated by adopting a principle of least privilege, which means segmenting networks and only permitting access to specific applications and services on a need-to-know basis.
Q. Have you noticed any new threats emerge because of recent global events?
Two prominent threats, ransomware and supply-chain attacks have significantly increased recently. There has been an inflection point in 2018 when the number of ransomware attacks against critical infrastructure accelerated and culminated in 2021 with the shutdown of Colonial Pipeline operations for 5 days. This is the result of adversaries perfecting their technique to generate profit from cyberattacks, and the realization that targeting industrial facilities led to higher probabilities of getting ransoms paid. The risk of supply-chain attacks became a real concern when the world discovered that 18,000 organizations had been compromised through an infected release of the SolarWinds network management software. The level of sophistication that enabled malicious attacks to compromise the built environment of a large software manufacturer was unprecedented.
Q. In your opinion, why are certain companies still unaware of the risks hiding in their own networks?
Depending on the level of cybersecurity maturity of an organization, networks and the configuration of network devices are either left as plug-and-forget, which means nobody pays attention if it works, or left, to the purview of a single team who is in charge of everything, from provisioning to maintaining and securing. The result is a pervasive lack of visibility into network architecture and access policies, which leads to a lack of risk awareness. The first rule of network security is that we cannot protect something we don’t know we have to protect.
Q. What are the mistakes to avoid?
There are two common mistakes to avoid. First, an organization can invest in solutions without having established a risk management strategy. This leads to a patchwork approach in which technologies, processes, and people are not aligned with a common set of cyber resiliency objectives. Second, an organization can try to boil the ocean by not correctly identifying mission-critical assets. The key to success is to prioritize efforts and address gaps step-by-step.
Q. Why is it important for an enterprise to have cyber resilience?
Cybersecurity is an arms race between attackers and defenders. Adversaries discover new attack techniques every day and defenders have to play catch up and improve their protection accordingly. Even with the strongest defense, attackers have the asymmetrical advantage of waiting until a single weakness can be exploited to successfully compromise their target. Cyber resilience reverses the imbalance by providing enterprises with the competitive advantage of defense-in-depth and adaptive recovery capabilities to contain threats and to keep operating even when a breach occurs.
Q. What's the best way to begin building cyber resilience?
The building blocks of cyber resiliency are organized into four categories: visibility and understanding, defense-in-depth, least privilege principle, and agile recovery capabilities. The best way to begin is to first document current gaps for each category—which building blocks are missing or incomplete. I recommend having a central reference document to keep everyone aligned on the goals and to best allocate resources to address the gaps identified. For instance, visibility and understanding requires to keep the representation of the network current. Organizations should first document which critical networks lack continuous visibility to prioritize their cyber resiliency investment.
Tell us, what’s next for Network Perception?
This is an exciting time for Network Perception because we are expanding in three directions. Firstly, we are transitioning from a project-based audit application into an operational cybersecurity verification and visualization platform. Secondly, we are building partnerships with leading security vendors to enrich the NP-View visualization map by ingesting and representing endpoint and vulnerability data through an open API. Finally, we are announcing new editions of our product this year with the introduction of NP-View Essential, NP View-Professional, and NP-View Enterprise to better support critical industries through all stages of cybersecurity maturity.