According to ESG research, 63% of networking and cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees) believe that network security operations is more difficult today than it was two years ago.
Because enterprises have to deal with more connected devices, network traffic, and applications than two years ago. What’s more 47% of respondents claim that it is difficult to monitor network behavior from end-to-end while 41% claim that network security operations difficulties result from increasing use of cloud computing.
Yup, enterprise networks are a series of moving parts and these parts continue to move faster and faster all the time. You just can’t keep up with the pace with limited cybersecurity and network operations personnel, and you certainly can’t keep up by managing network security operations on a box-by-box, CLI-by-CLI basis.
Infosec and network operations people understand that the future of network security operations depends upon vast improvements in automation. In fact, 31% of survey respondents say that network security operations automation is “critical” to address future IT initiatives while 58% claim that network security operations automation is “very important” to address future IT initiatives.
Fortunately, the technology industry seems to be listening to this request:
- Cisco recently announced a new network security operations platform called the Cisco Defense Orchestrator (CDO), a cloud-based management system that can help security and network operations teams see and manage all security policies across hundreds of Cisco security devices.
- Fortinet introduced its fabric for device collaboration and control. Similarly, the Fortinet fabric is designed to unify all Fortinet devices, allowing them to behave as a single entity regarding policy and logging as well as enabling end-to-end network segmentation to decrease the network attack surface.
- Check Point management has long been one of its strengths. It’s recently announced R80 management software is also designed to automate and orchestrate network security operations.
- Software solutions from companies like AlgoSec, Firemon, Red Seal, and Tufin provide similar capabilities across a heterogeneous network security infrastructure.
It is also worth mentioning that these technologies tend to be built around APIs, allowing for further integration with technologies like incident response platforms (IRPs) and SIEM. This integration can enable enterprise organizations to fine-tune security policies or make immediate changes to firewall rules based upon new intelligence about IT risks.
So the good news is that technologies for network security operations automation are here but the bad news is that enterprise organizations can’t “rip-and-replace” existing network security tools. Furthermore, many network operations folks have been brought up on CLIs, so it may be hard to teach old (cybersecurity and network operations) dogs new tricks.
Since relying on people and manual processes can’t scale or keep organizations secure, CISOs and network operations managers should assess where they are in the network security operations automation transition as soon as possible, making sure to look into their people, processes, and technologies. Once shortcomings and bottlenecks are discovered, large organizations should develop a plan to address these areas and institute network security operations automation projects, phasing in capabilities over the next few years.