Security Still Stands as the Top Priority for Businesses Going Digital
As companies bet their futures on their digital transformation initiatives, the stakes have gone way up. Delivering a great end user experience is imperative, and ensuring security has become more critical than ever—and increasingly become a “team sport.” Security is top of mind for every network manager today. In fact, a 2017 Enterprise Management Associates (EMA) study identified ‘Networking Security’ as the number one initiative driving the priorities for network and application performance management. Given the potential impact on service reliability, the risk of data breach, and the potential brand impact, C-Level executives have understandably given security initiatives top priority.
EMA research has also noted that security incidents are the second most common cause of complex performance problems (network infrastructure is first). Solving these types of performance challenges will require a new level of collaboration between the network ops and security ops teams, and they can learn a lesson from the enterprises who have transformed their approach to performance management over the past several years.
Given the domain-centric evolution of IT, over 80% of enterprises are still littered with fragmented point monitoring tools. This leads to the typical war room dynamics with claims of ‘all indicators are green, everything is performing well (across each domain), but end users are still suffering from terrible performance. While many companies are on the journey to rationalize their monitoring tools, a handful of enterprises have been leading the charge toward next-gen multi-discipline performance management, helping them move from reactive to proactive through common, integrated tools, advanced analytics, and an unprecedented level of collaboration and speed. Gone is the inefficient finger pointing and debates about data sets and siloed analytics—for these enterprises, performance issues are being identified and fixed before the end users ever pick up the phone or worse, vent via social media.
Taking a lesson from this, to be successful, network and security teams need to take advantage of shared telemetry to ensure commonality of their datasets. Similar to the fragmentation of performance management tools, network and security teams often have duplicative tool sets that are collecting packets, flows, end-user device metrics, etc. By taking advantage of shared telemetry, and analytics tuned for their respective roles, they will have 1) a common fact base, 2)‘more eyes’ watching for issues, and 3) the ability to efficiently ‘pivot’ and drill down into the most relevant data set for forensic exploration.
Just as we’ve seen from Riverbed SteelCentral’s work helping enterprises achieve new levels of proactivity and deliver a great end user experience, this shared telemetry approach will drive collaboration and more importantly speed in identifying responding to security incidents—and obviously with an adversary in your network, time is of the essence.
While taking preventive measures is always a given in the security landscape, as our defenses get better, our attackers are getting better. There will always be threats that bypass prevention measures, no matter how strong those preventative measures are—and according to Gartner, the pendulum has swung significantly in the direction of solutions that detect and investigate issues after attackers have gotten in. Security managers should take full advantage of the arsenal of data collected by performance management teams [with solutions like SteelCentral] in support of rapidly investigating and mitigating the scope and impact of breaches.
Fortunately network performance monitoring solutions have begun to integrate threat intelligence, DDoS detection, and threat hunting workflows into their traditional network flow or packet monitoring solutions. These provide capabilities that can be leveraged by both the network ops and security ops teams, and deliver the workflows to quickly dive deep into forensics as necessary. Collaboration that takes advantage of greater breadth and depth of integrated data is essential for the today’s digital enterprise to protect its users, partners, and customers.
Choosing converged tools provide numerous benefits to network and security teams:
- Cost efficiencies through tool rationalization: Some tools and technologies will become redundant when the network and security teams combine their efforts. Some solutions can be removed to cut maintenance costs, reduce administrative overhead, and streamline workflows.
- Risk reduction: With shared tools and processes, network and security teams gain better understanding regarding their mutual dependencies, e.g. an improved sensitivity for vulnerabilities through network design, configuration, and change, or perhaps a better understanding of the impact of security controls on network health and performance.
- Productivity through improved collaboration: Convergence accelerates the two teams’ ability to identify and remediate incidents. The streamlined workflows reduce the time that high-value engineers devote to incident response so they can spend more time with strategic projects.
Take advantage of the lesson learned from the the performance management leaders: moving to shared, integrated telemetry with integrated workflows will improve collaboration, broaden visibility, and accelerate remediation cycle times when incidents occur—all while reducing OPEX, mitigating risk, and boosting productivity. This approach broke down barriers across traditional IT performance management teams—and will be extremely powerful in driving the type of collaboration and speed that is critical for today’s network and security teams.
Originally posted on Forbes.com.