Your Mission, Should You Choose to Accept It
Introduction
Sometimes it seems like achieving the best end-user experience and defending against hackers is an impossible mission. Users expect instant wireless access with limitless performance and no bottlenecks. Meanwhile, the challenging cyber threat landscape demands those responsible for network and endpoint security keep the environment locked down.
Hmmm, is there a way for your organization to be like Ethan Hunt and accomplish both missions simultaneously? Delivering users reliable IT connectivity while also protecting your critical IT assets and sensitive data? With the right collaborative mindset, processes, and tools the answer is “YES”. In this Episode 1 blog, we’ll begin the discussion by demonstrating the real-world value of NetOps and SecOps partnering. Then, drill into keeping users happy with excellent IT service availability.
The Value of NetOps and SecOps Partnering
The foundation to accomplish great IT service and strong security defenses begins with maximizing perimeter visibility. Knowing all devices and endpoints, the deployed infrastructure in place, and how the network is architected is essential. Sounds simple, but for many organizations this can be a challenge. The dynamic nature of the environment, whether IT assets or users connecting can be overwhelming.
Satisfying the distinct objectives of the NetOps and SecOps groups begins with an efficient path to comprehensive visibility which is best achieved by the partnering and collaboration between the teams. If these responsibilities are performed by the same team or even one person, the concept still holds—working together yields better results.
A recent NetAlly CyberScope® webinar co-hosted by EMA with highlights from their research shows the value gained by this partnership. Key takeaways:
Of those surveyed, 86 percent of network teams have tools that provide security insights. In particular, network teams whose tools provide security teams with inventory assessments report better collaboration.
The benefits of NetOps and SecOps collaboration cited by survey respondents was significant:
• 43 percent called out reduced security risk
• 40 percent reported improved operational efficiencies
• 40 percent noted faster network problem detection & resolution
• 39 percent indicated accelerated detection/resolution of security threats
There are two additional areas network teams’ capabilities or collaboration with security groups can add value.
- Security Risk: When it comes to security risk monitoring by network teams, 72 percent are on the lookout for vulnerabilities, 50 percent validate network compliance, and 50 percent check for suspicious behavior
- Zero Trust: In the case of zero trust initiatives within an organization, 88 percent of security teams form strong partnerships with network teams because they are experts in:
• Secure remote access
• Network segmentation
• Network visibility
Top Five for Success at the Network Perimeter – Peak End-user Experience
- Comprehensive Up-to-Date Visibility – Network visibility is important, this information must be as real-time as possible, especially at the edge where things are in such flux. Beyond assets, having observability into performance is crucial to address bottlenecks before complaints of degraded service begin arriving. Poor application performance is not acceptable. It starts by maintaining a detailed inventory of all network resources and then builds with knowledge of the current service delivery status.
- Security and Network Partnering – Optimal user experience is not simply about speed or app availability. A fast application is useless if it’s compromised, and a secure network still fails the user if it’s slow or unreliable. This is why teamwork between groups is so critical. When teams share or utilize the same visibility tools, they understand what the solution can and cannot deliver and where there may be blind spots. It also enables them to provide a united front when addressing anomalous behavior, whether it is tied to performance for security threats. Classic examples here are combining vulnerability scanning and WiFi security (often a security team responsibilities) with network discovery (think network team). Integrating these overlapping activities boosts efficacy and improves overall team goals.
- In-depth & Portable Troubleshooting Tools – For all the talk about cloud-based applications and the magic of internet connectivity, most users invariably connect at the perimeter. Think of branch offices, warehouses, campuses, or remote locations among others. Many centralized tools, whether security or performance focused start to break down here. What is needed are compact tools that connect right where users do so and where they are experiencing issues and logging complaints. This distinct edge perspective provides deep insights into specifically where the connection breaks down, from for example linking to the AP to passing through the gateway to reach the internet and everything in-between.
- Know what Normal (Performance) is – Don’t wait for complaints to arrive. Get in front of the issue and prevent problems before users notice. Network teams should establish what is “typical” performance and behavior for the environment. Then, proactive monitor for errant activity such as bandwidth spikes, significant increases in link throughput, new/missing/changed device configurations, or a large amount of unauthorized access attempts. If cross-team processes are in place, when such events occur the network team can alert security, kick-starting investigations immediately and limiting possible damage if it is related to a breach
- Empowered Teams – Today’s networking is robust and forgiving to a point. But technology will ultimately only work as well as the people behind it. Delivering consistent, optimal user experience demands IT teams with the skills needed to solve problems fast. With the IT staff and skills shortages in many organizations, teams must often augment expert personnel with tools that simplify the process and assist less seasoned staff in getting to root cause and resolve the problem. Given this, look for solutions that enable all levels of staff to be productive.
In Summary
Just as the IMF team’s struggles against the Entity continues, this first Episode 1 blog is the initial foray into completing the mission. We’ve set the scene on network and security collaboration and teaming. As part of this, we targeted the discussion on the network team and what they must be able to deliver to the larger organization from an optimal end-user perspective as well as their significant value to the security side of the business. Episode 2 will turn the attention to the security organization.
