NetOps & SecOps Collaboration: Shared Tools are Essential

Network performance and network security are increasingly becoming two sides of the same coin. Consequently, enterprise network operations teams are stepping up their collaboration with their counterparts in the security group. Forty-two percent of network managers are collaborating with security teams more than they have in previous years, according to Enterprise Management Associates’ (EMA) new research, “Network Management Megatrends 2018: Exploring NetSecOps Convergence, Network Automation, and Cloud Networking.”

This collaboration is increasing for a variety of reasons, not least of which is the fact that security incidents are the second most common root cause of complex IT service problems, trailing only network infrastructure issues. Security systems, such as firewalls blocking legitimate traffic, are the fourth most common cause of IT complex service issues. Furthermore, 35 percent of network managers say that the reduction of security risk has become a more important measure of network operations’ success in recent years.

Shared Tools & Shared Data Sets are Crucial to NetOps & SecOps Collaboration

EMA’s Megatrends research identified how this collaboration between network and security teams plays out inside the enterprise. Shared tools and data are clearly essential. Forty percent of enterprises claim to have fully converged network and security operations with shared tools and processes. Another 35 percent maintain separate groups but integrated their tools for collaboration. A few (16 percent) have separate teams with some shared tools for collaboration.

Collaboration isn’t just about incident detection and incident response. These enterprises say the most critical point of collaboration for networking and security is infrastructure design and deployment (38 percent of survey respondents). Event monitoring (31 percent) and incident response (27 percent) are secondary priorities.

Collaboration Requisites: Network Performance Management & Advanced Network Analytics

Given that network operations and security operations are either sharing or integrating tools, EMA asked enterprises to identify the most important tools for this collaboration. Network performance monitoring (33 percent) and advanced network analytics (32 percent) are the most important tools in the network manager’s toolset. Security incidents are a common root cause of complex IT service problems, so a performance monitoring solution can serve as an early warning system. It can also help network managers identify anomalies that could support the security team’s investigation.

Advanced network analytics solutions apply heuristics like pattern recognition, anomaly detection, and event correlation to multiple sets of network data, identifying hidden patterns to illuminate threats and breaches.

Network managers also identified several technologies from the security toolset that support collaboration. They include security analytics (31 percent), security incident and event management (24 percent), threat intelligence feeds (23 percent), and DDoS detection and prevention (21 percent).

Roadblocks to Collaboration

The convergence of network and security operations isn’t easy. The two groups have very different philosophies and cultures, and they typically dislike each other. EMA’s research identified several barriers to success.

The most common challenge to network and security collaboration, from the network team’s perspective, is a lack of defined processes and practices (29 percent). Management and monitoring tools are an important foundation for best practices and policies. Network managers should look for tools that help them map, document, and communicate critical services. They can share this with the security team, helping that group to understand what’s important to the network team, how things work, and how the team typically responds to events. Network teams should document everything, including incident response, and ask the security team to define their own processes. Also, the network and security teams should ask the IT service management group if they can assist with any of this. They may have tools that can help.

The second leading challenge (26 percent) is the fact that network and security teams have different goals. The network team’s mission is to connect people to applications and services. The security team’s mission is to lock things down, limit access, and protect assets. This is a leadership problem and a cultural problem. EMA recommends that IT leadership step up and show how these two groups can pull in the same direction.

The third most common problem (24 percent) these groups encounter when collaborating is a lack of shared data that is consistent, relevant, and current. This is partly a tooling problem. Network and security teams should look for ways to integrate their tools and data sets well. Even better, they should share certain tools across groups, which will give them a single view of infrastructure and facilitate best practices and processes for collaboration.

The Benefits of Collaboration

EMA research identified three top drivers for network and security operations collaboration. First, enterprises see it as an opportunity to reduce operational expenses (38 percent). Converged teams will retire redundant tools and streamline workflows, which should boost IT productivity.

Second, enterprises see an opportunity for risk reduction (37 percent). With the two teams working together, especially on infrastructure design and deployment, the network should become inherently more secure.

Finally, enterprises expect more efficient workflows, reducing mean time to insight and remediation (34 percent). When incidents do occur, network and security operations will be better aligned to respond.

Given these potential benefits, EMA recommends that enterprises ask their network operations and security tool vendors — especially network analytics and network performance monitoring vendors — if they can help with network and security operations collaboration. These vendors should be able to support integration and data sharing. Additionally, network teams should start establishing and documenting best practices and processes for collaboration with the security group. They should look for opportunities to strike a balance between the different goals of networking and security groups. If the two groups can solve this issue themselves, they can look to the IT executive suite for support.