NetOps and SecOps: Breaking Down the Silos

Originally posted by Scott Register.

Things used to be simple. Information technology (IT) and network operations focused on performance and availability while Security Operations (SecOps) worked to secure the business. Each played a vital role in keeping end-users happy while basically staying in their own swim lanes.

But more and more, your NetOps and SecOps teams must interact and collaborate to achieve desired business outcomes. For example, it may not be clear at first whether a user-reported issue is truly a performance problem or the result of a security breach. In drilling down to troubleshoot, the same data might be used by IT to diagnose congestion or latency and by security teams to hunt for exploits.

Both efforts are fundamentally data-driven and both teams increasingly need deeper understanding of the network from the inside out.

The Rising Need for Alignment

Several challenges blur the line between NetOps and SecOps. One centers on complexity as network speeds continue to soar toward the upcoming 400Gb/s standard and encrypted traffic volumes rise exponentially. Then there’s the explosive growth of cloud migration and “Everything-as-a-Service” prompting IT to modernize operations and further digitize transactions. For example, virtualized servers and containerized apps explode the number and diversity of connecting endpoints making it harder to control underlying networks and maintain perimeter security.

These trends give rise to new management issues that impact both sides. For example, a failure or successful attack upon a centralized controller in a software-defined data center (SDDC) can now bring down entire centers and bring both organizations’ efforts to a halt.

Hybrid environments, tool sprawl, competing priorities, knowledge silos, and skillset deficiencies all contribute to noise that in turn leads to chaos that gets in way of sharing knowledge. Uptime and security become competing efforts with each team focused on narrower, more immediate mandates instead of pooling valuable expertise and resources.

Lack of alignment also causes tremendous waste—duplicated instrumentation and training, redundant procurement, increased overhead on the network—causing precious time and money to be lost. Last but not least, operating in silos results in missed opportunities to share information that can benefit cross-functional teams.

So how do we shift toward better alignment? By making things easier.

Rising Above the Noise

Along with intent, collaboration hinges on two things: Real data and rich context. Though they operate in silos, both teams need access to the same monitoring data from the network to their jobs. This can be viewed as a visibility challenge that can be overcome with better, faster sharing of information through:

Fast, reliable access to data can be achieved using Ixia’s physical and virtual “taps” to extract and forward packets to intelligent network packet brokers (NPBs). Ixia’s Vision NPBs handle the pre-processing of data by aggregating, deduplicating, filtering, and grooming traffic for use by performance and security monitoring tools such as ExtraHop’s analytics solutions.

ExtraHop created a way to explore every digital interaction taking place on the network using real-time analytics and machine learning (ML) to turn data into an objective source of truth in investigation. Its [NAME of APM solution} and Reveal(x) security solution take in data provided by Ixia’s visibility architecture and perform line-rate decryption, decoding, and full-stream reassembly for every transaction in real time to achieve complete coverage from the core to the edge to the cloud.

The structured wire data from ExtraHop allows both NetOps and SecOps professionals to analyze, explore and fully leverage insight for response and remediation. It is even possible to search and query transactions at scale to see what happened and why in a matter of clicks.

Better alignment—and results—require detail, guided investigation, and sophisticated analytics. ExtraHop and Ixia combine to provide NetOps and SecOps teams real-time access to exactly the data they need in a format that makes their job easier, whether that means threat detection or troubleshooting slow videoconferencing in the conference room.

Don’t Forget the People

It’s fine to talk about data, but you also need to promote cooperation to experts themselves. This effort consists of:

Start by identifying common handoff and escalation points. For example, NetOps and SecOps should both be aware and prepared before making significant changes to the network. As issues get resolved, documentation equips both sides to hone and update processes. Create SLAs that ensure teams pass along details in formats used by other teams.

Cross-training on tools is another excellent way of breaking down barriers, and actually sharing them will save significant time and money (many companies spend double or triple what they need to on tools). Cross-training promotes faster communication and better understanding of problems by letting both teams leverage a shared dashboard for shared understanding.

Where possible, automate. Make things simpler with integrated, streamlined GUIs and informative dashboards.

Collaboration can best be approached as an evolution versus a revolution. Start simple and keep expanding, and whenever possible involve both teams in procurement processes, new architecture designs, and app rollouts. Show success but recognize that each team will still need to operate independently at times.

Above all, stick with it. Better cross-functional alignment may seem like a valuable “nice to have” now, but it will soon prove essential to running your business effectively. To learn more, watch the webinar and or contact ExtraHop or Ixia to arrange a demonstration.