RT Insights | Net Security Requires Tight NetOps and SecOps Integration

NetOps and SecOps must collaborate from the very beginning of the network development process if companies want visibility across their networks to ensure effective security.

Ensuring network security is becoming only more crucial — and challenging — for large enterprises. As IT infrastructure becomes increasingly complex, malicious actors continue to attempt to exploit any available security gap to infiltrate the network, steal data, and launch attacks.

In the past year, from the eye-opening SolarWinds hack to the pandemic-induced migration to remote work, companies are quickly learning that their networks are more vulnerable than ever before due to a lack of visibility. The uncovered vulnerabilities stemming from these cybersecurity events highlight the crux of the matter: If companies don’t know what’s going on in their network, they simply can’t know how to fully secure it.

Effectively combatting these threats requires the NetOps and SecOps teams to work more closely than ever. Traditionally, the organizations have worked separately using tools specific to their team. This has hampered information sharing and slowed problem solving, and is no longer acceptable.

Eliminating network blind-spots

In the modern-day NetOps landscape, gaining full visibility of the network can seem impossible, as most enterprises have tens of thousands of devices running billions of lines of configuration. Because these massive networks have evolved over time, they typically lack comprehensive, up-to-date topologies and inventories. This means even NetOps teams are working from outdated spreadsheets and Visio files trying to make sense of traffic flows and device topology, state, and configuration.

The first step in remediating a security incident is locating the device and its reach, and speed is imperative. Even the time required to pick up the phone or shoot an email over to NetOps is time that the organizational risk is increasing. However, if the information the NetOps team relies on is incomplete or out of date, even more time is lost trying to manually find devices, trace paths, and security settings – which can take weeks! How can you possibly secure a network you can’t see or close entry points you don’t know exist?

There’s, unfortunately, more bad news as remote work is now the standard, and cloud adoption is on a massive upward trajectory – meaning network complexity is intensifying, and visibility is becoming more obscured—at exactly the time threats are becoming more complex and pervasive. CIOs are obviously aware of the issue and the importance of solving it; a recent IDC report indicated that improved integration between NetOps and SecOps is a top priority for IT leadership in 2022. Shared visibility is the first step to achieving this goal.

What does integration look like?

NetOps and SecOps protect network health, but they approach the issue from different angles, if you will, addressing infrastructure and security policy issues within separate workflows. While this is likely to continue, they also depend on the same basic information to accomplish their goals, and both teams need instant, unfettered access to the current information presented in an easy to consume manner.

Imagine if you told two people to give you driving directions to San Francisco without telling them where you are starting from – everyone is working from an unnecessary disadvantage, and it’s going to take more phone calls, emails, meetings, and most importantly, TIME to arrive at a workable route.  That’s exactly how these teams are working now. They are slowed down either because they can’t access current information, they lack all the details, or worse – they are working from different assumptions.

The issues that arise from a lack of integration aren’t limited to threat identification and remediation.  These teams update devices on the network all the time. Each update is made by well-intentioned and highly trained professionals.  That said, even the best of us make mistakes – which in this situation creates config drift and security policy violations that typically are undetected unless there’s an incident.

These teams don’t need more layers of process to slow them down; they need common ground and the ability to check for policy violations and remediate them before there’s a problem.  This could easily be a full-time job for an entire team of people, but who wants to spend their resources having talented experts comb through millions of lines of config?  Teams need a single source of network truth and the ability to continuously check for non-compliance so issues can be resolved before they cause an issue.

Collaboration is the key to security

From all of this, it has become clear that NetOps and SecOps teams can no longer work as individual units. They will have to collaborate from the very beginning of the network development process if companies want visibility across their networks to ensure effective security.

As a greater distribution of networks have resulted in deeper complexity of our networks and more exposed cybersecurity vulnerabilities, enterprises will have to make critical security decisions. Those who fail to do so will be rolling the dice on their network’s security posture, and it will be a matter of when, not if, a cybersecurity vulnerability will be exposed.