Paul Ditty

View Original

Why the Time Is Right for Network and Security Collaboration

As businesses move to the cloud and offer employees remote access to their network, it creates gaps in security and adds additional strain on NetOps and SecOps teams. Fragmented tools and environments make every security and troubleshooting effort consume more time and energy than these teams have to spare. To top it off, the

The SolarWinds SUNBURST attack exposed major gaps in security.

In our recent eBook, Why the Time is Right for Network and Security Collaboration, we explored how current circumstances have introduced new challenges to IT OPs, and why data sharing and collaboration can help both security and operations teams achieve their key goals more effectively in ways that create a competitive advantage for the business as a whole.

Remote Work and Cloud Migration Impact Security

The pandemic accelerated the move to remote work and forced previously centralized businesses to rapidly adopt a distributed workforce model, which contributed to decentralizing networks. As more employees started using personal devices and VPNs for business purposes, visibility decreased, giving stealthy attackers an ever-growing opportunity inside the system.

This new reality—combined with the already rapid migration to the cloud—exposed the problems of siloed IT and security teams. The speed of adoption had unintended consequences and unforeseen costs. And when these processes are rushed, it creates further stress and challenges to keeping your network safe.

Expanding Attack Surfaces Favor Advanced Threats

In the early years, network operations and security needs could be handled by a single IT operations team. But as organizations grew in both size and complexity, they began to split the workloads into specialized NetOps, SecOp, and now CloudOps teams. Siloing operations allowed inefficiencies to flourish and encouraged a lack of communication.

The success of NetSecOps depends on complete mutual understanding and accountability. If each team can speak the same language and use the same tools and formats, it becomes increasingly easier to identify and respond to incidents. Since everything—whether that’s attack behavior or problematic network activity—must cross the network, this data provides the perfect connective tissue for collaboration.

Accelerate Incident Response and Troubleshooting

When tools and teams are siloed, response times suffer. If the security operations or incident response team has to call or email the network or IT Ops team to get packet captures for an investigation, it can add hours or days to the process. Attackers use that time to move laterally, establish persistence, and ultimately exfiltrate data, causing more damage.

Security teams have had difficulty hiring new talent for years. Demand simply outpaces supply. But if your network operations team is using the same tools and workflows to troubleshoot performance issues, you've got a built-in backup plan. Often, the skills and tools required to diagnose network and app performance challenges are highly relevant to security. Training from within is a great way to beat the security skills shortage, but it only works if your teams are already on the same page, and using the same tools and data sources.

Furthermore, if the business is paying for more than one packet capture tool to meet the needs of security operations and network operations tools, there's a clear opportunity to consolidate.

Collaboration and Network Data Can Close Gaps

NetSecOps benefits from sharing data sources, increased visibility, and improved workflows. Using network data can also provide the resources to collaborate more effectively across infrastructure, network management and monitoring, and incident response. When you use network data as the primary source for fueling security and IT operations, you’re able to:

  • Accelerate incident response and reduce attack dwell time

  • Manage and monitor cloud applications to catch misconfigurations and assure secure, performant deployments across environments

  • Create real business change that feeds future innovation

Remote work and cloud adoption is here to stay, and the need to protect an ever-expanding network demands collaboration between NetOps and SecOps teams. To learn more about how ExtraHop Reveal(x) network detection and response (NDR) can take your security coverage to the next level, read our eBook.