book Extrusion Detection (p. 27) I defined the term pervasive network awarenesss (PNA):
A truly defensible network permits security administrators to achieve pervasive network awareness. Pervasive network awareness is the ability to collect the network-based information -- from the viewpoint of any node on the network -- required to make decisions.
Today while perusing Webcasts at Gigamon University, I listened to a Gigamon presentation on a "data access network" (so-called "DAN") built as the Interop SpyNet, shown earlier.
InteropNet and see traffic anywhere they like. This Interop Blog post provides a portal into discussions of the SpyNet, including history showing the idea stretches back to 1996. This shows that PNA is a good idea, and like many good ideas, not even new!
At some point I would like to see a SpyNet in person. I will be in Australia for Interop Las Vegas, but I will look into visiting New York in October.
It would be nice to see this approach built into all networks. I believe the reason it is not is that the InteropNet is a clean slate each year. If you're allowed to build a network from scratch using the latest and greatest tools and techniques, then you can see developments like this in action. Networks that have grown "organically" over a decade are likely to have plenty of dark streets and dangerous alleys where monitoring is dicey or impossible.
Update: I should mention that I dislike the term "data access network" (DAN). What could be more generic? What they should have said was "traffic access network" (TAN). Now we're describing the nature of the solution.