A new approach to network security is needed, according to John Maddison, Senior Vice President of Products and Solutions, Fortinet. Here, he argues that, in order to close the gaps inherent in isolated management strategies, a unified approach should be implemented.
If your organisation is like most, you are in the middle of radically rethinking your business strategy to address the realities of today’s digital marketplace. And more often than not, this includes redesigning your networked infrastructure – something that, until recently, hasn’t really evolved for a long time.
The ongoing requirement to continually adapt your network to the demands of the new digital marketplace has taxed the resources of most IT teams. Systems engineers traditionally focused on managing a core network are now being spread thin with developing virtual environments, architecting of multi-cloud infrastructures, managing a growing number of endpoint and IoT devices and keeping an eye on shadow IT inside the organisation.
Many IT professionals now say they often feel overwhelmed and that they have less of a handle on what’s happening inside the network than ever before. Part of the reason is that network projects are not being approached holistically.
Most organisations operate in a fire-fighting mode, resulting in resources being applied only when issues are about to – or already have – become critical. Which means that development efforts are often siloed.
In many organisations, distributed data centres, cloud architectures, IT/OT convergence, rapid consumer and employee application development and massive IoT implementations are being run as separate projects.
And more often than not, these are the domains of separate teams inside the organisation, each with their own set of network and security technologies being deployed as part of the solution. In such an environment, visibility, control and security are far too often being traded for expediency.
The challenges of an organically developed and fragmented infrastructure have further enabled an alarming increase in cyberevents and data breaches, often in spite of a significant investment in security tools. The issue isn’t that there aren’t security devices in place. The issue is that these solutions almost always operate in isolation and that security and operations teams rarely have clear and consistent insight into what is happening across the network.
To address this, many organisations have deployed a Network Operations Centre (NOC) and a Security Operations Center (SOC) solution to increase visibility, centralise management and improve control. But even these systems are still far too isolated to address the challenges resulting from today’s hyperconnected and hyperdistributed networks. Even with centralised NOC and SOC solutions in place, the teams running them tend to still be siloed and as a result are only focused on half of the equation.
The gaps between these approaches and, specifically, the data they don’t share, often leaves gaps in the knowledge needed to do either job effectively. Security deployments that don’t have consistent insight into business requirements or operational processes can cripple network performance by placing inefficient or slow security devices in the middle of performance-sensitive workflows or applications. Likewise, network management systems focused exclusively on performance and throughput measurements can leave critical resources vulnerable and exposed.
Closing the gap between management strategies
Even though a NOC or a SOC consolidates a variety of tools and measurements into a single management system, they are still too isolated. Rather than this siloed approach, what’s needed is a new approach, with a system that can bring security visibility and control into the NOC and provide operational requirements and network and workflow visibility to the SOC. By combining these systems into a single holistic solution, organisations can focus on the bigger picture of ‘secure throughput’ that can streamline operations while managing and even anticipating critical security events.
This new approach could also help overworked IT teams operate with the benefit of the other’s perspective and enable organisations to realise a new level of protection and operational management that can simultaneously adapt to network changes. Not only will this added insight allow organisations to see events more clearly, but it also enables the development of effective automation that allows the network to respond to an event at digital speeds without impacting critical business processes.
For example, once a threat is identified, not only would security engineers immediately understand the scope of a threat, including a real-time view of all networked assets, including their current state and who owns them, but the event could also automatically orchestrate an action that leverages both network and security resources. Such an intersection between operations and security will be key for establishing the sort of flexible defensive posture and adaptable risk management strategy required to protect today’s dynamic environments and business operations.
Effective network management should never be restricted to operations-only or security-only perspectives. In today’s complex ecosystem of hyperconnected digital networks, NOC-only or SOC-only techniques are insufficient. A unified approach to secure network operations, on the other hand, effectively mitigates resource constraints while closing the gaps inherent in isolated management strategies.