For decades network operations and security operations teams have functioned separately. That’s starting to change and with good reason. The network team focuses on ensuring access to applications and services while the security team focuses on locking down data and limiting connectivity. But, EMA has found strong evidence that over the last couple of years network operations teams are working more closely than ever with IT security teams. In fact, 63% of enterprises have formalized collaboration between the network team and the security team. Only 37% can be considered NetSecOps.
Figure 1: Relationships between network ops and security ops teams.
What’s more, they found a very strong correlation between close NetOps and SecOps (henceforth NetSecOps) collaboration and overall network operations success. Successful teams are very likely to have converged groups or share integrated tools and processes. Here are five reasons why your Network Operations and Security Operations teams should collaborate in a more formal manner:
Data shows that organizations with unified NetSecOps teams spend less time on reactive troubleshooting and more time on proactive problem prevention. This enables collaborative teams to focus on improving network performance, leading to a better user experience and business results.
Security system problems and security incidents are common root causes of IT service problems, so by joining forces, NetSecOps teams are also better equipped to root out security problems that affect network performance. For example, DDoS issues that take the network offline might formerly be considered a network issue but can now be properly diagnosed as a security problem and can be mitigated more quickly.
Unified NetSecOps teams (36%) and teams that share tools and processes (27%) are focused more often on accelerating security incident detection and response. These teams identify and respond more quickly to incidents and breaches than separate NetOps and SecOps teams. Together they can investigate malware, breaches, and misconfigurations that can affect both security and performance. Surprisingly, infrastructure management (SNMP, WMI, etc.) is a key tool of unified teams. It can detect unusual activity on a network device, such as saturation of an interface by an attack or a misconfiguration and is not a tool that is typically in the security toolbox.
A side benefit of this collaboration is both operational and capital cost efficiency. By sharing tools—full-fidelity flow monitoring, packet capture and analysis, network infrastructure monitoring, NACs, etc.—then teams share one solution, and don’t have to purchase two very similar products. That also means there’s only one support contract and fewer devices to support in the data center (less power costs, rack space, etc.). It’s a win all around: faster, more secure network performance at a cost savings!
When two teams are comfortable working together, they get comfortable planning for changes together—like cloud migrations or work for home (WFH). Integrated plans are always more comprehensive and reduce the risk that change introduces.
When network operations and security operations work well together, the outcome is risk reduction. As the adage goes, more hands make light work. Even if NetOps aren’t complete security experts, they are bound to notice some issues, because they are covering different ground, often in the network’s deepest recesses. And, as we established above, incident detection and response is accelerated, then malware and the like stays in the network for a shorter time. All of this is goodness when you have more brains thinking security.
The benefits of unifying your NetOps and SecOps teams should be clear by now. Ensuring your integrated NetSecOps team has the tools to enable full visibility from cloud to edge, assuring your network is always secure and high performing. Riverbed’s Network Performance Management (NPM) solution can provide an enterprise-wide visibility toolset that includes the following three features: