Not only have NetOps and SecOps teams historically been separate, but they have often seen each other as impediments to getting their own jobs done. This antagonistic dynamic, however, is giving way to more and more NetOps and SecOps collaboration.
Although their day-to-day activities are different, these two teams share a common goal: supporting a secure, highly available environment that fosters a positive user experience. Today, achieving that goal requires a collaborative approach and a tighter alignment of technology platforms.
Size Matters
I have found that the size of an organization tends to play a significant role in how closely the network and security teams work together. Very large organizations often have distinct silos separated by many layers of management and consisting of highly specialized staff. These environments can foster competition and segregation rather than collaboration.
Advocates for large and diversified IT org charts might argue that highly specialized staff provide a more secure and reliable networking environment. But the counterargument points out that there has been a steady stream of high-profile security breaches at many of the world’s largest brands.
Smaller organizations, on the other hand, require staff to wear many hats and maintain a broader set of skills and responsibilities. These environments have less hierarchy separating the NetOps and SecOps teams, which leads to better cooperation.
Cooperation Gaining Momentum
More and more organizations want to foster better collaboration. To move the needle, large organizations have to overcome disparate organizational, managerial, and budgetary structures as well as cultural hurdles and power struggles. Smaller organizations may find it easier to collaborate, but can still struggle with staffing and skills gaps.
Despite the hurdles, organizations of all sizes are working toward better alignment of their NetOps and SecOps teams. As proof, Gartner recently published a report on the subject called Align NetOps and SecOps Tool Objectives With Shared Use Cases (ID G00333211). By streamlining technology platforms and enabling both teams to gain value from shared technology purchases, IT will be better able to foster collaboration. In turn, this will lead to a better user experience and improved security.
Network Traffic Analytics Delivers Both NetOps and SecOps Value
Network Traffic Analytics (NTA) is a great example of an emerging technology that can deliver tremendous value to both the network and security teams. Every “1” and “0” your business cares about traverses the network. Thanks to protocols like Cisco’s NetFlow v9 and the industry standard IPFIX, your network infrastructure is capable of exporting thousands of rich metadata elements that extend from layer 2 all the way to layer 7. This metadata provides rich context and forensic information pertaining to every conversation on your network.
The process of centrally collecting, correlating, visualizing, and reporting on this data allows both NetOps and SecOps to quickly identify the root cause of network and security incidents and return to normal. A few examples of exported data elements include source, destination, username, application, bandwidth, latency, jitter, URL/URI details, SSL details, DNS information, and many others. With a single database to query, NetOps and SecOps teams can easily filter and report on whichever data elements they need for a given investigation. In addition, advanced security algorithms can be run against the database to monitor for anomalous behavior indicative of day zero attacks and security breaches. Scrutinizer (Plixer’s NTA Platform) enables the NetOps and SecOps teams to customize their dashboards, based on their login credentials to maximize the value each team achieves through a single implementation. Below you can see examples of dashboards each team might use.
Click image to enlarge
The Security Event Alarm Dashboard uses a heat map to visualize and prioritize security events through the correlation of violators and violations. Advanced security algorithms monitor all collected flows and metadata for anomalous behavior and violations.
Click image to enlarge
The Root Cause Delay Dashboard delivers a single pane where NetOps can measure delay from the perspective of the client, server, application, and network. When poor user experience happens, this single dashboard quickly identifies root cause and enables fast problem resolution.
A Network Traffic Analytics platform like Scrutinizer is a critical asset for any organization looking to improve collaboration between NetOps and SecOps, drive down the cost of deployed technology, and deliver more secure, positive user experiences.
If you haven’t tried Scrutinizer yet, you can download the free edition to see how it can help you better manage and secure your own network while keeping both your boss and users delighted.
