How Packet-based Risk Engineering Can Help with Security

Two gentlemen standing over and discussing result data with NOC in background

Organizations are finding that managing their NetOps, DevOps, and SecOps teams separately is leading to inefficiencies, cost overruns, and excess risk. To help address these issues and build a collaborative effort, they need to start with understanding each role and how they all play into risk engineering. Here is a breakdown of each team and its responsibilities:

  • Network operations (NetOps) is responsible for the service availability of the corporate network and hybrid IT network. NetOps teams manage, monitor, and respond to system slowdowns, unavailability alerts, and things of that sort. Success to this team is service availability and performance: the less downtime or lag the better.
  • Security operations (SecOps) is responsible for protecting the corporate network and hybrid cloud IT network from cyberthreats. This team detects, investigates, responds to, and even proactively hunts for any potential threat or vulnerability such as ransomware, malware, or improperly written code. Success for this team is no data breaches or data loss.
  • Development operations (DevOps) is responsible for writing the software code and combining it with IT operations to support continuous integration and continuous deployment. Success for this team is being able to update software code or add new code to the network and minimize recovery time from system disruption and/or failure.

Even though these teams have different responsibilities and goals, they do have one thing in common: Each of them is managing risk, from software reliability to network problems, network downtime, and cybersecurity risks such as vulnerabilities and breaches. If organizations can create a common way of understanding and managing risk, they can create a core motivator to enable collaboration among these teams.

Collaboration Fundamentals

How do you get organizations to collaborate? First, you need a cultural shift within the organization that breaks down silos, enabling collaboration and communication. Depending on the organization, this can be easy or very difficult. Second, to help enable this collaboration, you should seek common tooling as opposed to each team in the organization having its own set of tools. Third, and most importantly, you need a set of common data to provide a single source of truth across all of these teams. Network-packet-derived data is such a source. Common packet-derived data is the glue for collaboration and allows each team to understand common risks and coordinate solutions to problems that span the IT organization. 

Once you have these teams using a common source of packet-derived data, your organization can build a common engineering approach to managing risk. With the understanding that eliminating 100 percent of the risk is not possible because it would cost too much and take too long, you can use the site reliability engineering (SRE) approach. Well-known to NetOps teams, SRE does not target perfection but focuses on how short of perfection you should aim for. This is known as the error budget and represents the total number of errors a service can accumulate over time before users/customers become dissatisfied with the service. 

Organizations can use this same principle for cybersecurity, but using a threat budget rather than an error budget. Similarly, eliminating every cybersecurity risk would cost infinite amounts, and there needs to be a balance of what threats to address, based mainly on severity level, and what to ignore. Having the security team manage risk the same way the network team manages risk creates a common, packet-based risk management approach known as risk engineering.

How NETSCOUT Helps

Unfortunately, scalable deep-packet-based data is very difficult to obtain and can get very expensive. Plus, deep-packet inspection alone lacks the necessary context. You need the right partner to help you leverage your network packet data.

NETSCOUT addresses these scalability and context issues via its patented Adaptive Service Intelligence (ASI) technology. In real time, NETSCOUT’s ASI technology converts raw network packets into a source of locally stored, compressed packets and layer 2-7 metadata we call Smart Data. ASI technology removes the burden associated with packet analysis by automatically uncovering intelligence that exists within the network packet. This Smart Data also serves as the common platform for both NetOps and SecOps use cases. As discussed previously, it's now just a matter of changing perspectives. To enable this, NetOps teams can use NETSCOUT nGeniusONE to detect and solve network and application performance problems. And SecOps teams can use our Omnis Cyber Intelligence to detect, investigate, and hunt for cyberthreats.

NETSCOUT creates a common and consistent source of smart metadata that enables network and security teams to speak a common language and build an engineering approach to managing risk across the security, network, and operations teams—in other words, a holistic approach to managing risk.

To learn more, read the white paper “Combining NetOps and SecOps into Risk Engineering.”