Why The Integration of Netops And Secops Is Here To Stay
By Eileen Haggerty, Sr. Director, Enterprise Business Operations, NETSCOUT
The pandemic accelerated digital transformation and increased organizations’ reliance on cloud services, VPNs, and other solutions designed to support remote work. These changes have redefined, if not destroyed, the idea of the traditional security perimeter.
At the same time, the pandemic led to a massive increase in DDoS attacks and ransomware attacks. Globally, 2020 saw more than 10 million DDoS attacks, the most ever, with a record-setting 929,000 attacks in a single month that year. Furthermore, attacks against remote workers have increased through the pandemic as employees have left the safety of their corporate networks, leaving security teams stretched thin.
In another survey, three fourths of financial institutions reported greater cybercrime during the pandemic, with many (42%) expressing concern that the work from home model made them less secure. Survey analysis showed that education institutions also faced 80 million assaults in the first half of 2021. And bad actors frequently targeted hospitals and healthcare organizations, through Internet of Things devices like tablets and smart beds, as well as via wholesale network shutdowns with malware and ransomware attacks.
At many organizations, these events served as a catalyst to closer cooperation between the network operations (NetOps) and security operations (SecOps) teams, deepening collaborative relationships that had already been formalized, and initiating collaborations where silos had existed in the past.
Now, many IT executives are considering how these teams could be structured to work more closely together for the long-term.
A Historical Failure to Collaborate
To understand the benefits of closer collaboration, let’s start by examining the state of NetOps and SecOps collaboration just before the beginning of the pandemic.
In EMA’s Network Management Megatrends 2020 survey, although 78% of companies reported formal collaborations, only 47% reported that they fully converged to the extent of sharing tools and processes. At 31% of companies, the collaboration involved some integration of tools, but at 16% of companies, the collaboration was strictly ad-hoc. Small and mid-sized companies were the most likely to report high levels of integration.
In practice, 35% percent of network operations teams said security system problems, such as bad policies and device failures, had led to complex and difficult-to-troubleshoot service performance issues. Another 35% reported incidents that originally presented themselves as complex service performance problems that later required cross-silo collaboration.
Add a pandemic to that recipe and it’s easy to see why so many organizations struggled with supporting and securing millions of remote workers early in the pandemic. Given that network performance and security issues often go hand-in-hand, organizations with low levels of collaboration had fewer avenues to communicate and diagnose the root causes of issues, which likely led to longer than necessary disruptions.
In response, with security teams stretched thin, it was often networking professionals who filled the void to manage the complex challenges introduced by organization-wide extended remote work. After all, they already understood much of the underlying infrastructure — and brought their own perspective to play when collaborating with security teams.
By working together, NetOps and SecOps teams gained increased visibility, quickened time to remediation of network and security issues, and reduced security risk.
Fostering Cooperation for the Long Haul
The conditions — a faster pace of digital transformation, the continuation of the hybrid workforce, and an expanded threat environment — will endure for the foreseeable future. So how can IT executives foster and maintain better collaboration and (hopefully) integration? The answer is especially important at large organizations, where siloed operations are likely to persist. There are a few steps to put in practice, specifically:
- Begin at the design stage: NetSecOps collaboration tends to center on infrastructure and deployment, while incident monitoring and response are secondary. As digital transformation continues to introduce new features into the IT environment, it’s critical that communications between the teams are delivered early and natively.
- Find a single source for truth: Collaboration demands that everyone has equal access to current, relevant network data. Too often, this isn’t the case because information shared across silos is outdated or irrelevant. If one team has too many blind spots, they can’t partner effectively.
- Establish a common toolset: Performance management tools can help analysts understand how a security incident affects performance and vice-versa. Network automation and orchestration tools also benefit from collaboration as they allow enterprises to make quick changes to the network in response to a security event.
- Formalize the collaboration: Cooperation between NetOps and SecOps requires ongoing management that documents processes, identifies challenges, improves where necessary and borrows from best practices where relevant. Executive input needs to make sure the teams don’t drift apart and recreate silos again.
Building on Pandemic Successes
The successes of collaboration over the past year have proven the advantages of having NetOps and SecOps teams work more closely together. In short, the more integrated the tools and processes used between them, the more successful they can be. But if left to stray apart, organizational silos can pop right back up. For closer collaboration between NetOps and SecOps teams to stick, IT managers must be vigilant in ensuring collaboration remains a priority even after the pandemic subsides.
The current environment, and the future one, will require these integrations to expand. Working together, an integrated NetSecOps team can achieve results greater than the sum of their parts: better network performance, increased security, and faster incident response.
About the Author
As Senior Director of Enterprise Business Operations, Eileen is responsible for working with enterprise customers to ensure that NETSCOUT’s service assurance and cybersecurity solutions are meeting the needs of NETSCOUT’s customers and the market. Eileen has worked for NETSCOUT for nearly 20 years, where she has held several product management and marketing roles. Prior to joining NETSCOUT, Eileen leveraged her MBA from Boston College working in a variety of technical marketing roles at Motorola Codex, Racal Data Group and Celox Networks. Our company website https://www.netscout.com/