Historically, there’s little love lost between NetOps (network operations) personnel and those in SecOps (security operations). These teams tend to work separately, with little coordination, despite sharing the common goal of maintaining secure, high-performance network infrastructure. IT leaders should look to bridge the divide between these two teams, especially when it comes to buying and rolling out tools that are common to both.
One of the areas in which there is increasing overlap is network monitoring and automation. NetOps teams use network packet brokers and network performance monitoring and diagnostic tools for network traffic analysis. SecOps teams often use the same tech, plus cloud access security brokers and SIEM tools, to understand traffic flow in the network and identify the security checks they might need to enable.
NetOps and SecOps teams share challenges too. They both need to supply a well-performing and secure network infrastructure, while maintaining network visibility. NetOps personnel need to have insight into the network in order to manage application performance and understand the cause of performance issues. SecOps teams seek the same insights for traffic flow analysis, network forensics and to identify attempts to gain access to the network.
A disadvantage of NetOps and SecOps using similar tools is that they are generally analysing the same data. This means they have duplicated instrumentation, training and budgets. With duplicated training and budgets, there is a strain on the organisation as it wrestles with the ability (and effectiveness) of paying for both to achieve an essentially similar outcome. Duplicated tools and network analysis also increases overhead on the organisation’s network, which can cause congestion and lead to a decrease in performance.
In an increasingly cloud-based world, network speed and efficiency is paramount to maintaining business and employee productivity. If both NetOps and SecOps are using similar tools to analyse network traffic, then network performance is going to fall and staff will end up waiting for the data they need. This is clearly not a good outcome for either users or the business.
So what is the answer? IT leaders should examine which tools are used across both teams, and then identify the overlapping use cases. Then they must explore the possibilities of using a common tool across both groups.
According to a recent Gartner report, Align NetOps and SecOps Tool Objectives with Shared Use Cases, there are four levels in which IT leaders can explore alignment between teams and tools. The Four Levels of Alignment are:
- Awareness – NetOps and SecOps are aware of each other's tools, with an eye toward higher levels of alignment.
- Co-ordination – NetOps and SecOps coordinate the purchase of certain tools types that share common instrumentation points (such as packet/flow/configuration.
- Shared Instrumentation – NetOps and SecOps jointly capture and process (filter/decrypt).
- Shared Tools – NetOps and SecOps find and use common use cases among each other's toolsets.
The final factor in bridging the gap between NetOps and SecOps is people. IT leaders need to identify individuals in each team that can liaise with each other and provide information and intelligence that can help the other. For example, this could mean that NetOps reviews past security incidents, and then determines which network forensics information would have been helpful to the SecOps team, and vice versa.
The importance of bridging the divide between NetOps and SecOps can’t be understated. Not only will implementing common tools reduce budget and training expenditure, it will also allow information sharing that will help each team do its job better. While the challenge is often getting the teams in the same room together, when it does happen, NetOps and SecOps can work together to minimise duplicate work, share best practices, processes and culture, and ultimately improve network security.
About the Author
Mario Vecchio is Managing Director, APAC, of next-generation data centre networking company Big Switch Networks.