By: Paul Barrett, Chief Technology Officer, Enterprise, NETSCOUT
Mass migration to the cloud and dependence on remote working has given cyber-attackers a renewed chance to target the vulnerabilities in our systems. Remote and hybrid work models have reinvented how we operate during our day to day working lives. However, it is just as important that this is reflected in how our networking and security systems operate too, especially when it comes to security risk reduction. Collaboration between network operations (NetOps) and security operations (SecOps) teams is the best method to ensuring protection against this new swathe of attacks.
Protection against an evolving threat landscape
Throughout the pandemic, the threat landscape has continued to evolve. Security professionals have been inundated with a surge of cyberattacks – including distributed denial-of-service (DDoS), ransomware, and malware attacks – as threat actors have taken advantage of the challenging situations presented by the health crisis. In 2020 alone, there were 10 million DDoS attacks on enterprise networks; a record-breaking statistic with a far-reaching impact that has the potential to devastate businesses. We are already on track to significantly surpass that figure by the end of 2021.
Aiming to cause maximum disruption, the cybercriminals behind these DDoS attacks have mostly focused on crippling Covid-era lifelines and industries that have relied heavily on online services – such as healthcare, online education, streaming platforms and e-commerce – with some groups incorporating extortion tactics in their attacks as well. Businesses of all sizes have had to adapt in order to protect the large volumes of sensitive data and systems being accessed from external locations, ultimately exposing them to threats beyond the traditional perimeter.
This evolving threat landscape becomes even more complex for security professionals when combined with the ever-increasing dependency on software-defined data centres and public and private cloud architecture. Indeed, a white paper conducted by Enterprise Management Associates (EMA) for NETSCOUT revealed that 35 per cent of NetOps teams have experienced issues within their security systems – for example bad policies and device failures – leading to more complex and difficult service performance problems. Another 35 per cent cited instances requiring NetOps and SecOps collaboration due to similar complex service issues.
To tackle these growing security threats, NetOps and SecOps teams increasingly need to work together on these shared challenges to achieve mutually beneficial objectives. To do this, they must break out of their respective siloes.
Benefits of NetSecOps collaboration
It’s apparent that NetOps and SecOps (NetSecOps) collaboration is already being integrated into corporate protection systems, with 78 per cent of corporations having implemented some form of a singular NetSecOps team, even on an ad hoc basis. Such corporations recognise that, with these teams working together, there is a reduction in security risks, better threat detection reactivity, and overall improved network performance. Though not always a seamless transition, the merging together of tools and processes stands a better chance of achieving their shared security objectives.
To ensure the success of these new NetSecOps teams, the initial transition process must be driven from the top and made an official policy. The first step is to provide the teams with the same set of tools which will give them access to the same resources, databases and protocols, creating a ‘single source of truth’. This gives the new team the opportunity to become familiar with the new processes and work together from the start. An additional benefit of this approach is that it eliminates any potential data control conflicts, network inconsistencies, or out-of-date security programmes.
Combining the NetOps and SecOps teams into a singular NetSecOps team streamlines the resolution process and means that the teams can save time and identify the source of the threat more quickly. This increases the chances of rapid remediation while also leading to efficient and improved network performance and operation.
To combine or to collaborate?
Whether the decision is made for the NetOps and SecOps teams to collaborate or to combine into a single NetSecOps team, the overall objective is to streamline operational and cyberthreat reactivity processes. Two heads are better than one when it comes to safeguarding a corporation’s data assets. Though the most successful NetSecOps teams are most likely to combine into a single team, closer integration is the general rule of thumb for a successful partnership. Indeed, EMA found that 97 per cent of network teams were interested in implementing new management protocols to better sustain their NetSecOps collaborations.
The most crucial points, when integrating NetOps and SecOps, are the infrastructure engineering and deployment phases. With so many different threats actively seeking to target the assets within the communications infrastructure, the design of the network and security infrastructure needs to be as robust as possible. Not just that, but better unification of NetSecOps reduces the interferences and complications to daily operations. Implementing a ‘single source of truth’ and distributing resources equally to both sides significantly reduces the chances of miscommunication and disruptions. In turn, fewer interferences saves both teams time to focus on what’s more important: defending against potential threats.
The best way to guarantee better prevention and reduction of cyberattack risks is to encourage collaboration between NetOps and SecOps teams and, at best, to combine them into a single NetSecOps team. Ensuring that they have proper network monitoring tools and investing the right resources into overall network protection and performance is the best way to reduce the threat of cyberattacks.