A recent study from Enterprise Strategy Group (ESG) found that 92% of respondents agree that network security monitoring depends on a strong relationship between network/IT operations and cybersecurity.
However, in a typical enterprise setting, network operations (NetOps) and security operations (SecOps) teams often exist as separate entities. Despite this, the two groups share a common goal of maintaining a secure, well-performing critical network infrastructure.
With this common goal in mind, NetOps and SecOps teams find themselves facing similar challenges in cohesively delivering on performance and security. For network operations, a detailed view into network traffic is crucial for managing app performance and uncovering the catalyst for performance-related issues. On the other hand, security operations need access to network traffic to support their analysis of traffic flows, network forensics, and the identification of nefarious attempts or attacks on the network, among other concerns.
The alignment of NetOps and SecOps is already starting to take shape in the enterprise. For example, Network Packet Brokers (NPBs) are increasingly feeding raw packet and flow data to security tools, such as those used for Security Information and Event Management (SIEMs). In addition, organizations are leveraging more Network Performance Monitoring and Diagnostics (NPMD) tools for security purposes, such as identifying infected hosts by analyzing markers of malware attacks such as the recent WannaCry and Heartbleed incidents.
Because NetOps and SecOps analyze the same data (network traffic and device configurations), and often use similar toolsets, one thing is clear: NetOps and SecOps must align to mitigate inefficiencies and avoid procuring multiple tools for the same purpose. They can accomplish this by assessing which toolsets are used across both teams, identifying overlapping use cases, and exploring the possibilities with using a common tool.
As networks evolve and become more complex over time, it’s critical that enterprises take a proactive approach to ensure continuous, always-on monitoring to mitigate security threats and maintain peak network performance. A comprehensive solution or set of tools that offers real-time reporting and analytics that is consolidated in a centralized dashboard will result in improved network efficiency, full visibility into traffic, as well as cost reduction and minimal threat risks for NetOps and SecOps.
Will 2018 be the year that NetSecOps is conceived? We welcome your thoughts and/or questions on this topic.