Enabling NetOps-SecOps Collaboration
Why it’s important and how to make it happen
IT organizations have always needed to evolve to meet the demands of everyday life. In recent years, it has become apparent that the next evolution is collaboration between network operations (NetOps) and security operations (SecOps). According to the recent EMA white paper “NetSecOps: Aligning Networking and Security Teams to Ensure Digital Transformation,” more than 75 percent of network and security teams have increased their level of collaboration in recent years. This is due to increased digital transformation, rapid growth in work-from-home operations, and data center automation, among other factors.
According to the EMA white paper, one of the main drivers for enabling this collaboration is network data. The paper points out that security teams need access to network data for many reasons, with the highest priority going to the following four elements:
- Network detection and response/network traffic analysis: To detect, investigate, respond to, and mitigate malicious activity
- Incident response: To identify, contain, and remediate any incident while also being able to prevent the same type of incident from occurring again
- Real-time packet payload analysis: To understand the communications between applications, servers, and end users on the network in real time
- Forensic packet analysis: To understand the timeline of the incident, which helps teams understand the entire attack chain—from where it originated, to what data was possibly taken, to all the associated parties involved
However, this is not a natural partnership, and there are some challenges to making it successful. One of the main challenges pointed out in this paper is data quality/authority issues. Both NetOps and SecOps need access to the correct information, as quickly as possible, and many organizations struggle with this. The difficulty is that each organization needs to view data from its own perspective, or what that organization feels is most important. Having one single source of truth is necessary, but the ability to view that data from the perspective you value most is what really makes this collaboration easier.
The EMA paper also lists some additional challenges worth considering, including
- Cross-team skills gaps
- Architectural complexity
- Budget issues
- Lack of tools/technologies that enable collaboration
Beyond the various challenges with this kind of NetOps/SecOps partnership, however, there are major benefits, including
- Faster resolution of security issues
- Reduced security risk
- Operational efficiency
- Faster resolution of user experience/network performance issues
“Things move faster with good collaboration. There are less roadblocks,” confirmed a network architect with a $100 billion bank who participated in the EMA study.
How NETSCOUT Helps
NETSCOUT believes in achieving comprehensive visibility without borders by enabling a single source of smart network-derived data, which we call Smart Data, for more efficient service assurance and cybersecurity. With a single source of shared data, both NetOps and SecOps can view the same network-derived data, with a lens on network and application performance via nGeniusONE and a lens on cybersecurity via Omnis Cyber Intelligence, and can collaborate and quickly act on that data to prevent further damage to the organization.