It's no secret that enterprise networks are growing rapidly. In fact, in a recent NetBrain survey, 83 percent of network engineers stated that the size of their networks has expanded in the past year alone. As these networks continue to grow in size and complexity, the vulnerability to attacks and security threats will also increase. These risks are greater than ever for organisations as highlighted by this year's WannaCry attack and Equifax breach.
Unfortunately for many organisations, troubleshooting and security mitigation processes are simply not adapting to these heightened risks as quickly as they need to be. Enterprises simply can't rest comfortably on traditional security workflows, and with attacks on the rise and more money funding these threats, organisations need to critically evolve.
Deeper insight through end-to-end network visibility
When attacks strike, one of the most immediate needs is network visibility. Seeing what part of the network is impacted and its effect on network performance is paramount. Unfortunately, this is also where organisations struggle. Many network teams still rely on time-consuming, tedious manual processes to diagram their networks, which dramatically slow processes down and doesn't provide a clear path for security diagnosis. According to NetBrain's survey, 87 percent of network engineers today primarily rely on manual techniques to create and update network diagrams, whether it's through programs like Microsoft Visio or relying on the knowledge of the organisation's IT expert.
Compounding that complexity is the sheer number of changes impacting today's networks—whether it's hardware refreshes, hybrid cloud migrations or brownfield SDN deployments. Gaining end-to-end visibility is the most powerful tool against threats that emerge in the rapid pace of change. If every engineer can easily monitor and understand what's happening, risks can be more easily identified and appropriate responses taken. Unfortunately, the research data shows that in today's organisations, 58 percent of engineers state that network diagrams become obsolete almost as soon as they are created. These enterprises risk falling a step behind hackers if they can't see what's happening in real-time or are unable to monitor critical updates to access control lists, firewall policies and more.
Collaboration between network and security teams
While visibility can help even the playing field with hackers, rapidly diagnosing and mitigating network attacks still looms large. Enterprises still need coordinated teams to fight off threats, but what happens when a network is under attack at 3 am? While an intrusion detection system (IDS) may be able to identify the problem, what happens when there are limited network engineers on call to respond? What if those engineers don't have the tools to see what's happening?
That's where most organisations are still challenged today. In the survey, 52 percent said their response to a security issue is “one part professional, one part hysteria,” while seven percent said it's like “fire in a crowded theatre.” The root cause is often the inability to share knowledge quickly and accurately across network and security teams in times of pressure. In fact, the number one challenge cited when troubleshooting network security issues was the lack of collaboration between the network and security teams, selected by 72 percent of respondents. For instance, the fact that the security team knows which routers and firewalls are immediately non-compliant with the latest vulnerability patches should be continuously communicated to the network team to enhance posture and policy, helping to minimise and prevent threats in the future.
Toward continuous cyber-security with automation
The world has changed drastically when it comes to technology, yet it's clear that manual processes still reign supreme. To get ahead of network security attacks, enterprises need to think about security differently. They need to move away from a largely manual world and embrace a stronger culture of automation. With an automation mindset in place, the journey toward continuous cyber-security can one day become reality. Just as engineers programmed cars to drive themselves and robots to run a production line, networks will soon get to the point where they will be able to secure, troubleshoot and heal themselves.
A critical step is automating the network mapping process, which solves the visibility problem plaguing enterprises. Many leading organisations are also automating playbooks like checklists, guides and best practices to make security troubleshooting faster and easier. For instance, by digitising engineering knowledge into programmable apps and making them available across all teams, every NOC and SOC engineer then has the requisite knowledge to visualise and diagnose security problems more quickly through improved collaboration.
Taking this one step further, organisations can also leverage APIs to trigger key response processes in the event of external threats. In a DDoS attack, for example, an IDS should be able to trigger and set in motion a series of automated responses to defend the network, from dynamically mapping the attack path and diagnosing the threat. By arming network and security teams with the data that matters, appropriate defence mechanisms can be taken. That's where the power of automation comes in.
While all these steps can begin the path toward continuous cyber-security, most networks will probably still rely on engineers to perform specific tasks for problem resolution. In the near-term, this hybrid approach is what will make the most sense. However, as organisations invest in DevOps, adopt more automation techniques and use APIs to integrate existing networking tools with 24/7 monitoring and security information and event management (SIEM) systems, these forces will help drive the change to continuous network security and ultimately self-healing networks.
Moving forward, enterprises that continue to rely on manual processes will be more susceptible to attacks while outdated manual methods will soon stand little chance against increasingly advanced threats. Organisations need to embrace network automation and the benefits of continuous cyber-security as they prepare to face this rapidly evolving landscape. Those that are slow to act may never catch up.
Contributed by Grant Ho, senior vice president, NetBrain Technologies.
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.