The need for network security operations automation

According to ESG research, 63 percent of networking and cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees) believe network security operations is more difficult today than it was two years ago. Why? Because enterprises have to deal with more connected devices, network traffic and applications than two years ago.

What’s more 47 percent of respondents claim that it is difficult to monitor network behavior from end to end, while 41 percent say network security operations difficulties result from increasing use of cloud computing.

+ Also on Network World: It’s time to pull the trigger on security automation +

Yup, enterprise networks are a series of moving parts, and these parts continue to move faster and faster all the time. You just can’t keep up with the pace with limited cybersecurity and network operations personnel, and you certainly can’t keep up by managing network security operations on a box-by-box, CLI-by-CLI basis. 

Infosec and network operations people understand that the future of network security operations depends upon vast improvements in automation. In fact, 31 percent of survey respondents say network security operations automation is “critical” to address future IT initiatives, while 58 percent claim network security operations automation is “very important” to address future IT initiatives. 

Fortunately, the technology industry seems to be listening to this request:

• Cisco recently announced a new network security operations platform called the Cisco Defense Orchestrator (CDO), a cloud-based management system that can help security and network operations teams see and manage all security policies across hundreds of Cisco security devices. 
• Fortinet introduced its fabric for device collaboration and control. Similarly, the Fortinet fabric is designed to unify all Fortinet devices, allowing them to behave as a single entity regarding policy and logging, as well as enabling end-to-end network segmentation to decrease the network attack surface.
• Check Point management has long been one of the company’s strengths. It recently announced R80 management software is also designed to automate and orchestrate network security operations.
• Ditto for the Stonesoft firewall, now owned for Forcepoint. 
• Software solutions from companies such as AlgoSec, Firemon, RedSeal and Tufin provide similar capabilities across a heterogeneous network security infrastructure.

It is also worth mentioning that these technologies tend to be built around APIs, allowing for further integration with technologies such as incident response platforms (IRPs) and SIEM. This integration can enable enterprise organizations to fine-tune security policies or make immediate changes to firewall rules based upon new intelligence about IT risks.

So, the good news is that technologies for network security operations automation are here, but the bad news is that enterprise organizations can’t “rip and replace” existing network security tools. Furthermore, many network operations folks have been brought up on CLIs, so it may be hard to teach old (cybersecurity and network operations) dogs new tricks.

Since relying on people and manual processes can’t scale or keep organizations secure, CISOs and network operations managers should assess where they are in the network security operations automation transition as soon as possible, making sure to look into their people, processes and technologies. Once shortcomings and bottlenecks are discovered, large organizations should develop a plan to address these areas and institute network security operations automation projects, phasing in capabilities over the next few years.