Networks tend to grow over time. Sometimes this growth is organic as the organization adds new devices and components. Other times this growth comes by way of acquisition, as an acquiring company also assumes ownership of the network infrastructure that formerly belonged to the business being acquired.
Either way, the larger the organization, the harder it is to keep up with the addition of new network components. The more growth a network experiences, the less visibility the security team potentially has over the infrastructure.
You can’t protect what you can’t see and so network visibility in the case of a sprawling network is a real problem. To that end, there are clear triggers telling you it’s time to reconsider your network security strategy. The decision to update a strategy conjures up several questions including:
- Who should be involved in planning a new network security strategy?
- How should the new network security strategy be structured?
- What’s the best way to seamlessly deploy the new security strategy?
This piece explores each of these questions and provides considerations for planning, structuring and deploying a new network security strategy.
1) Who should be involved in planning a new network security strategy?
There are four groups that should usually be involved in planning:
a) Business. The business needs to feel confident about security. Leaders need to know that security will both enable it to conduct business without constraints or undue fear of potential breaches. The business needs to be able to answer questions from their corporate board with confidence.
b) Security. This group needs to be sure they can secure the network to their satisfaction. Planning is the chance to make sure they have the tools to carry out the strategy. Their toolset needs to be aligned and provide the granularity data, capacity, scale, performance, and ease-of-use, they need to be sure the requirements for security are satisfied.
c) IT operations. The operations team wants to ensure the security strategy doesn’t impact IT service levels and that it is not a burden to manage. This group looks for characteristics that simplify rather than complicates network operations.
d) Enterprise architecture. The enterprise architecture team is responsible for the overall network design and needs to be sure it both fits with the current conception and evolve to meet future needs. For example, if the business will move offices in the next five years, this is the chance to start planning for it.
2) How should the new network security strategy be structured?
This is a tough question to answer without first understanding the unique requirements of a network and its security needs. There are, however, some broad factors worth considering:
- Centralized user model. Even in a network that’s physically distributed, security will want a centralized model for users. No one wants to go into 10 different security tools to figure out what’s happening on the network.
- Centralized management model. Most networks will be instrumented with distributed sensors, but you want the management to work as one system. The system should handle the upgrades or the distribution of policies, for example.
- Distributed sensing, distributed enforcement. You want the ability to act on the spot from wherever a threat is sensed. If you’re in protection mode, you can’t wait until those packets reach the network core to drop them – you want to drop them immediately after determining they are malicious.
- Works for cloud and on-premises environments. Most organizations have some combination of cloud and on-premise network environments. You will need to support both of these or a hybrid of the two.
- Supports novices and experts. Tools need to work out-of-the-box without a lot of work to set it up. However, as the security team gains confidence in a solution, it needs to also support specific actions they might want to take – to write custom policies or use their own global threat intelligence feed for example.
- Adheres to open standards and APIs. Security teams don’t need another silo of data. A new security strategy should be supported by tools that enable data interoperability with other tools.
3) What’s the best way to seamlessly deploy the new security strategy?
If the old network security strategy isn’t protecting the network now, it may not make any difference whether this is non-disruptively deployed to the network. In these cases, you just have to make it happen.
A good approach is to employ packet brokers that replicate the packet streams. If you don’t have these already, this is probably a good time to consider deploying them as part of the network security upgrade.
Once in place, deploy the new security strategy in parallel with the old systems. The new solution can be hung off of its own packet stream while the current systems continue to run uninterrupted. While the security operations center (SOC) analysts are learning the new system and do some on-the-job training, both systems can continue to operate until such time that the new system is the preferred one and nothing is lost by turning down the old ones. Then remove them from their packet streams and retire them.
The considerations we offer here are not prescriptive. We encourage security professionals to focus on their own, specific unique requirements and not get myopically focused on feature lists proposed by any experts. Our suggestion is to start by answering these questions:
- What does your network look like?
- What’s valuable on it?
- How is it used?
- What are you securing?
Think about what you need first and find a solution that gives that to you. After all, the best network security strategy is the one that works.
If you enjoyed this post, you might also like:
The Top 10 Network Security Challenges in 2019