Today's IT security teams are faced with rapidly mutating threats at every possible point of entry from the perimeter to the desktop; from mobile to the cloud. Fueled by the fast evolution of the threat landscape and changes in network and security architectures, network security management is far more challenging and complex than just a few years ago.
Security teams must support internal and external compliance mandates, enable new services, optimize performance, ensure availability, and support the ability to troubleshoot efficiently on demand—with no room for error. That's a lot to balance when managing network security.
Here are four essential best practices for network security management:
#1 Network Security Management Requires a Macro View. Organisations need a holistic view of their network. With disparate vendor devices and hosts, security teams need a normalised, comprehensive view of the network, including: routing rules, access rules, NAT, VPN, etc.; hosts, including all products (and versions), services, vulnerabilities, and patches; and assets, including asset groupings and classifications.With a comprehensive view of the network, security teams can view hosts in the network, as well as configurations, classifications and other pertinent information. A network map or model is both a useful visualization tool and a diagnostic tool, providing analysis that is only possible when considering an overall view. For example, security and compliance teams can use this macro view to see how data would move between points on the network.
Additionally, it highlights information that is missing, such as hosts, access control list (ACL) data, and more. Sophisticated analytics can be conducted quickly and accurately in a model-based environment, without disrupting the live network. Access path analysis helps to validate changes and can troubleshoot outages or connectivity issues, enhancing visibility and improving security processes. "What-if" analysis indicates both accessible and blocked destinations for designated data.
#2 Daily Device Management Requires a Micro View. Although the macro view is needed to see how all the pieces of the network fit together, network administrators must also be able to drill down into the details for a particular device, easily accessing information on rules, access policies, and configuration compliance. And this information must be considered within the framework of the broader network, including context such as segments or zones, routing, routers, switches, intrusion prevention systems (IPS), and firewalls.
Information must be provided in a digestible fashion. The network components that impact the device will undoubtedly come from various vendors, creating data of different vendor languages that must be deciphered, correlated, and optimized to allow administrators to streamline rule sets. For example, administrators need to be able to block or limit access by application and view violations of these access policies.
Sign up for CIO Asia eNewsletters.