NetSecOps – removing the roadblocks of traditional network and security operations

By Ronan David, Chief of Strategy at EfficientIP

  • Monday, 4th July 2022 Posted 1 year ago in by Phil Alsop

From a technical perspective, network and security have always been regarded as two separate entities within an organisation. That’s why network infrastructure and operations (NetOps) and security infrastructure and operations (SecOps) teams have operated independently for decades now. While NetOps teams focused on network management and maintenance, SecOps teams focus on network and endpoint security.

However, the development of integrated cloud architectures and the push for complete digital transformation across industries is constantly driving network and security operations to overlap. In fact, many of the complexities experienced by today’s NetOps and SecOps teams can be addressed by integrating workflows and establishing a collaborated NetSecOps division. Every organisation, regardless of size, industry or infrastructure, needs a network security solution in place to protect it from cyber threats and attackers that are always trying to find and exploit vulnerabilities.

NetSecOps is a streamlined process for both network and security operations, which efficiently integrates the workflow for both teams through shared resources for efficient network infrastructure design, incident response, and threat monitoring. Traditionally, NetOps teams are responsible for network orchestration and troubleshooting, with an aim to make the network more accessible and efficient for the users. On the other hand, SecOps teams are specifically focused on monitoring network traffic for malicious activities, providing incident response to security alerts, analysing advanced threat actors, and maintaining the overall security infrastructure of the corporate network.

Having network and security operations completely segregated can lead to significant management complexities in the current digital ecosystem, such as communication delay, wasted resources, longer network downtime, and unidentified vulnerabilities. Security teams and network teams are often focused on opposing mandates. A unified NetSecOps approach allows network engineers to configure network infrastructures in a way that security handling and threat monitoring becomes efficient, while security professionals patch vulnerabilities to improve network performance.

However, NetSecOps is still a very new concept, and its implementation is easier said than done. Before starting the transition journey to collaborated network and security operations, organisations first have to clearly comprehend the potential benefits and challenges of this unified approach.

The benefits of a successful NetSecOps collaboration

The biggest benefit of a successful NetSecOps collaboration is improved security. Research by EfficientIP shows that 57.9% of the organisations that successfully implemented NetSecOps collaboration experienced faster resolution of security issues, while over 51% experienced reduced security risks.

NetSecOps teams work with shared resources and tools, thus the chances of security incidents due to network misconfiguration are greatly reduced. For example, when both teams work through a shared IP

Address Management Platform, any changes made to the subnet configuration by the network administrators are automatically sent to the firewall management platform used by security teams.

In addition to solving security issues, NetSecOps collaboration also allows organisations to achieve faster resolution of user experience and network performance issues. This is because security and network teams in a collaborative setting are more likely to use streamlined solutions performing similar activities, rather than having standalone solutions for different functions.

Collaborative teams can also ensure better policy compliance, as both network engineers and security professionals work with the same set of shared policies. Another key benefit is operational efficiency, with 46.4% of organisations experiencing more efficient operations due to NetSecOps. With successful collaboration, operations become more effective with fewer obstructions.

For example, sharing network data in NetSecOps allows both teams to gain a common view of digital infrastructures and services, thus improving productivity among network and security teams. Streamlined resource allocation, unified solutions and tools, and shared access points allow NetSecOps teams to overcome redundancies and downtimes, and increase overall operational efficiency and security.

Overall, the unified NetSecOps approach takes away the redundancy of siloed network and security operations and enables full visibility into the organisational network in terms of network configuration, security threats, performance, and incident response.

The challenges of achieving successful NetSecOps collaboration

While the benefits of NetSecOps are lucrative for any industry, the critical challenges of implementation can hinder the success of this collaboration. EfficientIP’s research revealed that only 39% of organisations successfully achieved NetSecOps collaboration.

The biggest challenge of successful collaboration is the core nature of both teams. Network and security teams are used to operating completely different tasks. Both teams also have very different ways of carrying out operations. Most security operations are focused on constant monitoring and urgent solutions. Threat actors can emerge from any source, and when a breach occurs it needs to be resolved immediately to contain the damage. So, security teams generally need to operate with a sense of urgency.

However, network engineers tend to take a long-term approach. Their core responsibility is to improve the network performance, which requires a gradual thought process centered around problem-solving.

Cross-skills gaps are another critical issue. Both teams do not operate with the same mindset. Network teams are generally not experienced in cybersecurity terminologies, while security teams are not used to thinking about network performance or user experience. So, a successful collaboration of both units will require sufficient training and realignment of working practices.

The biggest challenge however is data. In our research, 27.6% of the organisations identified data quality and authority issues as the biggest challenge. Successful collaboration requires both teams to be supported with a single source of truth. In most organisations, both teams have access to different sets

of data for similar functions, which creates significant confusion in terms of determining which data is correct. Data integration also becomes a major issue, as not all network data are relevant to the security operations and vice versa.

To overcome these challenges of NetSecOps collaboration, organisations need to equip both teams with efficient technical resources that creates a shared foundation. DNS, DHCP, and IP address (DDI) are three of the most critical assets that are integral to both network and security operations. Thus, using DDI management solutions as a foundation can help to establish a sustainable and successful NetSecOps collaboration.

DDI management is the key to successful NetSecOps collaboration

Network teams have always used DDI tools for operational efficiency and infrastructure optimisation. But security teams can also find benefits in DDI solutions, as DNS and IP data can help with critical security investigations. Using DDI as a base for initiating NetSecOps collaboration, organisations can establish a resourceful communication channel between both teams and build from there.

DDI tools allow security teams to dig in and figure out where things are in the infrastructure a lot faster, and as network teams are proficient in using DDI solutions, they can share DDI data with the security teams for faster resolution to security assessments and shorter IT services roll-out. This will also allow network teams to achieve a good understanding of cybersecurity operations and the core concepts used by security teams. Once both teams are able to establish better communication and synchronise their activities, effective collaboration will naturally flow. From there, business leaders need to gradually introduce more cross-departmental automation, so that the collaboration grows, and network defence and performance start sychronising together.

With the right support, effective solutions, and DDI management tools at the base, network and security teams will soon naturally start collaborating more efficiently, thus leading to a successful NetSecOps collaboration.