In a recent survey of network operations and network security professionals we commissioned with Wakefield Research, a majority (62%) of respondents told us their leadership prioritizes cybersecurity spending on prevention over response. Having a leadership team that values proactive approaches to cybersecurity should be good news for network engineers responsible for security because many of their tasks are focused on continuously enhancing network security posture.
However, 92% say they feel overlooked compared to IT teams in their contributions to ensuring company security and 93% are dissatisfied with their company's current approach to automation which doesn't enable them to be as proactive as they could be. The top reasons cited include difficulty adding new automations, only partial network coverage, compliance concerns, poor integration, piecemeal approaches, and too much manual interaction required. A case in point, more than half (56%) of respondents report that the last time their company experienced a cybersecurity breach, it was due to a known vulnerability being exploited, and 61% of companies only upgrade network and security devices quarterly or less frequently.
The current state of network automation
Clearly, there’s a disconnect between leadership’s focus on prevention and the capabilities of NetOps teams focused on security to do so. However, given that customers and analysts routinely tell us that legacy approaches to network automation are failing, these data points aren’t surprising.
Thus far, organizations have taken an approach to network automation that requires manpower and skillsets network teams don’t have to spare. If a tool requires two people to build and manage automation, it defeats the purpose of driving efficiencies. What’s much more effective is a tool that can automate a specific task out-of-the-box without adding more work to the NetOps team’s plate. Even if a task is easy but takes 30 minutes a day, like asset inventory and upgrades, that time adds up. When network engineering resources are freed up from day-to-day, time-consuming administrative work, they can focus on more strategic tasks that beef up prevention, like establishing additional compliance policies or process improvements that drive efficiencies.
The current path to network automation that most organizations are on isn’t well-suited to the needs of the business and is creating a gap between expectations and reality. This isn’t about speeds and feeds or writing more custom code. It’s about taking an approach to automation that closes that gap by optimizing network security resources so that management can better achieve its security objective of strengthening cyber hygiene.
Aligning network automation capabilities with business goals
A network automation platform enables several best practices and automation capabilities that can help teams be more proactive and align network operations and device security with the goals of the business. Here are just a few to consider:
Benefit #1: Proactive prevention
Proactive prevention starts with having a full understanding of the network and how it changes over time. That’s why capabilities like automated discovery of new devices and integration with IT service management (ITSM) tools and configuration management databases (CMDBs) are essential.
Unpatched software and operating systems are a top access route for hackers, and, according to the UK's National Cyber Security Centre (NCSC), patching and OS updates remain the most important things organizations can do to secure their technology. More effective approaches to automation enable the proactive squashing of vulnerabilities and more timely upgrades without the need for manual intervention. Companies can automate the deployment of patches and upgrades for firewalls and other network devices as part of a weekly schedule, with the ability to inject high-priority upgrades in near real-time as a part of their network automation, compliance, and cybersecurity strategies.
Benefit #2: Compliance validation and management
As network automation adoption matures, more advanced applications include achieving and maintaining compliance with internal policy, government, or industry regulations such as the Health Insurance Portability and Accountability Act (HIPAA) or the Payment Card Industry Data Security Standard (PCI-DSS), or best practices like the Center for Internet Security (CIS) standards. Compliance validation and management capabilities include comparing collected configurations with corporate standards and any regulatory compliance requirements that the organization is subject to, notifying when gaps are detected, and, ideally, automating the remediation process.
Integrating vulnerability intelligence and risk data into the mitigation strategy enables network teams to accurately and systematically prioritize upgrades based on the organization’s risk profile, decreasing risk while doing updates more rapidly.
Benefit #3: Detailed reporting and metrics
Finally, detailed reporting and metrics go a long way to elevating conversations with leadership and help drive a more strategic approach to investment in network automation. This is also an effective means for network teams to raise awareness for the value they deliver to the organization. For example, automation of operational and security audits with preemptive network health checks provide measurable data to help prevent problems and verify proper operations before an issue affects the network.
A final word on network automation
NetOps teams have an important role to play with respect to threat prevention. But to be more proactive they need to be equipped with an approach to network automation that includes capabilities that automate easy yet critical tasks like backups and updates and build to more advanced automations around compliance and risk management. Even if organizations start small, the payoffs will be big and multiply quickly. And that’s a language we can all understand.
Josh Stephens is the CTO of BackBox.