This week’s blog comes courtesy of guest author Shamus McGillicuddy (VP of Research at EMA), a leading industry analyst covering enterprise network technology.
Network operations and security operations teams have increased collaboration in more than 75% of enterprises, according to new research by Enterprise Management Associates (EMA). Digital transformation is a significant driver of this collaboration. About four out of five enterprises reported that NetSecOps collaboration is in response to public cloud adoption, work-from-anywhere initiatives, data center modernization, the internet of things, and edge computing.
EMA’s research has found that networking and security teams can accelerate resolution of security issues, reduce overall security risk, improve operational efficiency, and accelerate resolution of user experience problems when they successfully build partnerships. Unfortunately, these two groups are not natural partners. Their missions are fundamentally opposed, and their siloed skills sets, and management tools often get in the way. A modern DNS, DHCP and IP address management (DDI) solution can serve as the foundation for better NetSecOps collaboration.
DDI Solutions Offer a Cross-Silo Source of Truth
EMA’s research found that issues with data quality and data authority are the top challenge to successful NetSecOps challenges today. If nothing else, a modern DDI solution can serve as a critical repository for network data that both networking and security teams can use as an authoritative source of truth about the network.
“[Security doesn’t] seem to care about [DDI]. But they do come back to us and say, ‘What is this subnet?’” a network architect with a $15 billion retail company told EMA recently. “Having access to IPAM would save them a lot of time. There is no reason why they couldn’t access it.”
EMA found that 75% of network teams are sharing data from their DDI management tools with their counterparts in security. We also found that sharing this data is a best practice for NetSecOps collaboration. Good access to DDI data helps security teams contextualize what they are seeing in other network data, such as packets. It helps them understand the business context of IP addresses, VLANs, subnets, and DNS records, which in turn helps them accelerate security investigations and optimize security policies.
EMA recommends that IT organizations automate the process of sharing DDI data with the security team by integrating DDI solutions with key security analysis tools and data repositories. Unfortunately, we found that 46% of network teams currently rely on manual processes to share this data with security. Our research found that manual DDI data sharing is less effective than automated sharing via API integration.
Both Teams Want to Secure DNS
“As we look at DNS being an indicator of security, DDI tools have become more important as you adopt a plethora of services and try to remain flexible and scalable,” an engineering and operations director with a $7 billion healthcare company recently told me.
DNS traffic is network activity associated with DNS queries and responses. In the past, DNS traffic was largely ignored, but things have changed. Cybercriminals often use DNS to launch DDoS attacks. Others try to poison DNS servers so that they can spoof web servers. DNS traffic can also contain malware.
Thus, it’s no surprise that 97% of security teams have started analyzing DNS traffic. They will need the network team to help them access that traffic. They may also need access to the DDI management solution to review how that traffic correlates with DNS logs.
DDI Automation Brings NetSecOps Together
Finally, DDI solutions that automate infrastructure management are important enablers of NetSecOps collaboration. More than 90% of IT organizations believe that network automation is important to enabling NetSecOps collaboration. “It would be easier to issue reports and inventories and to make changes that meet the security team’s requirements with automation,” a network architect with a $15 billion retail enterprise told me.
When we asked research respondents to identify the types of network automation tools that are most important to facilitating this collaboration, 41% selected DDI automation and 47% selected network change and configuration management.
How can DDI automation help? First, network and security teams want to use automation to improve how they conduct event management together. Also, 51% believe automation will help them collaborate on infrastructure provisioning, and 45% believe it will help them manage infrastructure lifecycles together. For example, they can collaborate on making sure all network device operating systems are up to date and fully patched.
If you are a network infrastructure and operations professional who is struggling to collaborate with the security group, look to your DDI tools. They offer management controls and accurate data that the security team is interested in. It’s your job to educate them on these facts. EMA research found that 87% of organizations want to integrate their DDI solutions directly with the security teams’ solutions. Network teams need to educate their security counterparts on this opportunity. For instance, many DDI vendors offer DNS security products that organizations can integrate into their Zero Trust strategies. Most security teams are well aware of the threats that lurk in DNS traffic. A network operations team can close the collaboration gap by providing them with a solution to those threats.
EMA Research Report Summary
Shamus' report "NetSecOps: Aligning Networking and Security Teams to Ensure Digital Transformation" highlights the results of a detailed online survey of IT professionals on the challenges and collaboration solutions between network and security groups.DOWNLOAD NOW