In the crosshairs
Joe Bombagi, director solutions engineering, UK and Ireland, Riverbed Technology explains how collaboration between NetOps and SecOps is the next step to enhancing security
As companies maintain their work from anywhere operation, many have had to contend with security infringements and breaches – and the cause could be a lack of integration between their network operations (NetOps) and security operations (SecOps). By working in collaboration, these teams could avoid missing crucial information from one another that would enable them both to operate more efficiently and securely.
However, collaboration – and the success of any such venture between the two departments – relies on having and sharing, end-to-end visibility over their network and applications, including capturing and storing every packet and flow. Without full-fidelity visibility, NetOps and SecOps risk not being able to discover and troubleshoot security problems quickly and seamlessly within the network. This in turn reduces productivity levels, as employees are left operating on slow systems and inefficient, fragmented applications for longer periods of time. Something no company can afford in the challenging business environment.
NetOps, SecOps and why their integration matters
As its name suggests, NetOps — and the people and tools it includes — is focused on delivering networking operations. Crucially, NetOps teams provide networking that meets the demands of business applications and technologies, as well as of end-users. As part of this, they identify and resolve bottlenecks to deliver agile, high-performance infrastructure which underpins the entire business estate.
Meanwhile, SecOps is a philosophy and development system that champions collaboration between IT security and operations teams. Its goal is to get both to work together more effectively, chiefly through the integration of the technology and processes they employ to ensure the security of systems and data.
Although NetOps and SecOps teams have traditionally operated in siloes, they are interested in the same type of data. This is because security events and network performance issues are inextricably linked. For example, a distributed denial-of-service (DDoS) attack could overwhelm a network with malicious traffic, therefore presenting as a network problem before the security issue at the root cause has even been identified. Left unresolved, an attack such as this results in severe network disruption and financial cost. Furthermore, this can inhibit not only the productivity of the workforce, but also the safety of their data as DDoS attacks may serve as a distraction to launch other, more dangerous attacks, while the SecOps teams are busy.
However, by working together, network and security teams can use their data and insights across both the estates, to find any breaches quickly. This has become increasingly important as the number of cyber-attacks and network performance issues increased due to Covid-19.
The relationship between NetOps and SecOps
At the onset of the pandemic, there were a significant spike in security incidents; as recorded by organisations such as Interpol. Alongside the increase in cyber threats, businesses also grappled with reduced network efficiency. In fact, 94% of business leaders surveyed for Riverbed’s Future of Work Survey reported technology performance problems. Both issues were somewhat unsurprising. Afterall, businesses across the world had to switch to work-from-anywhere models before they had a chance to develop the security protocols and network infrastructure needed to underpin new ways of operating. However, it has presented an invaluable opportunity for NetOps and SecOps teams to integrate for a more efficient and secure operational future.
Overcoming obstacles to collaboration
Actively deciding to unite NetOps and SecOps is the first obstacle to collaboration, but it is not the last. Not only do both teams have different lines of reporting, budgets, and goals, but most importantly they lack a single, shared data source that can allow them to collaborate effectively. This is where achieving full-fidelity visibility and sharing the information across both teams comes in.
Full-fidelity visibility means having end-to-end insight, across all network and application data, from packets to flows and logs. This enables teams to not only monitor every piece of the estate but see where the correlations are and make informed decisions based on them. Both NetOps and SecOps teams can achieve this independently, but it will not enable them to collaborate unless they share their data to provide a single source of truth for analysis to be conducted upon. Afterall, if one team has blind spots and another has outdated information they cannot work from the same page. Network Performance Management (NPM) offers the solution.
Collaboration and visibility are the answers to success
By enabling NetOps and SecOps teams to collaborate and giving them the right performance management tools to have and share full-fidelity visibility, companies can gain a better overview of the network. In doing so, they can identify any relevant behavior changes, mitigating attack risks and responding accordingly. This will empower them to optimise performance and ultimately drive the productivity vital to the success of their business going forward.