Automating network security? ask these 6 questions first
In recent months the conversation in the public sphere about our nations critical infrastructure and lack of cybersecurity has increased sharply. The media and the public at large are finally realizing that there is an issue, a Big issue, and perhaps more important legislators are finally starting to realize it as well. Last week the US Office of Management and Budget set out to investigate just how up to snuff the cybersecurity programs at federal agencies are, the results will come as a shock to, well No one! The verdict? We are screwed! ok, that is maybe a little hyperbolic but the fact is that most federal agencies didn't even clear the lowest possible bar for cyber threat readiness and security, and lets not even start on the state and municipal organizations. the long and short of it is this; of the 96 agencies, the OMB assessed, nearly three-quarters were either considered to be “at risk” or “high risk” and in need of immediate improvements to their protocols. The report is quoted as saying “the current situation is untenable.” With many agencies lacking even the most basic ability to detect intrusion attempts and lacking the ability to report much less detect a breach after it has happened. This should come as no surprise to the million of Security clearance holders whos personal information was compromised in a 2017 hack widely believed to have been perpetrated by the Chines government. The take away here is this. "Cyber" or really more technically termed Network security is hard, its work intensive, and it's expensive. This is why automated tools that can make the monitoring of an organization's critical network infrastructure and react to the most common threats instantly and automatically has become such a big topic. Whats more a properly implemented and (perhaps more importantly) Integrated Network automation suite can help pull together information from across the network giving administrators and security experts a more holistic view of the often large and complex network environments. This allows them to spot possible threats faster, and take steps to prevent disaster. The issue is of course that many solutions on the market do not do enough to integrate a large amount of network equipment &security applications. They do not do well in aggregating the massive torrents of critical data generated by this vast infrastructure, and they often require an admin to first become aware, then troubleshoot, and finally react to a threat or attack when it happens. This means there is considerable lag time between when an attack starts and the time security experts and sysadmins can identify and mitigate it. So now you may be asking yourself, Well then what can I as the manager or owner of an organization do?
the answer is to get the right solution for you. here are a few questions to ask yourself when looking for a good solution;
1. Can a network automation and monitoring tool be properly integrated and tailored to my environment?
2. Can the Solution interface with my whole environment and aggregate information from across my network to give my staff a full overview of the environment.
3. Is the solution scalable? As we grow and update can the solution grow with us?
4. Can the solution react on its own? Can it identify and autonomously intercede when it detects a threat, and can its actions be customized to my needs and network?
5. Can the solution be used to automate mundane network maintenance and management tasks when there is no active threat to make my network better prepared and patched in the event of a future threat?
6. Is it cost effective? Can the vendor show clear cost savings when using the solution and can I see a true ROI?
Asking yourself and your vendor these questions can help you find a network monitoring and security solution that can help keep your IT staff on top of network maintenance and threats.