How security and network teams can jointly work toward success

Within the IT organization, network and security teams pursue objectives and passions that reflect a disparity in the way each thinks and operates.

Security teams are constantly looking for new tools and approaches to counter evolving threats from agile attackers who strive to work around established defenses. Network teams, on the other hand, are concerned with uptime and “keeping the lights on”.

“A network team is goaled on uptime, does multi-year planning and capacity measurement, has strong processes in place to prevent disruption,” noted Ian Farquhar, Distinguished Sales Engineer at Gigamon in a recent blog post. “But these processes can make the team seem slow, risk-averse to outages and yet apparently unconcerned about security, hide-bound, and ridiculously conservative. It’s not unusual to hear venom in security engineers’ voices when the three words ‘network change control’ are uttered.”

Such antagonism is understandable given that security teams rely on tools and features that require extreme agility, especially in incident response situations. “And yet to the network team, this behavior looks ridiculously over-responsive, lacking in strategy, suffering from a ‘tool of the month’ or even ‘shiny new toy’ behavior, and puts the availability of the network at risk,” Farquhar adds.

Never the twain shall meet?

Simply put, security teams have to perpetually change and adapt against an unknown and unpredictable enemy while network teams seek stability and high availability to satisfy an always-on, latency-sensitive generation of users. This cultural disparity was pointed out to Farquhar by Bob Lord, now CISO at Yahoo and former security consultant at Gigamon. Security people care passionately about preventing security breaches, while network professionals are more concerned with preventing outages, Lord had explained.

Farquhar understands “how easily either side could see the other as disregarding something that is, to their unique mindsets, core to the organization’s success”. Still, the increasing scale of massive distributed denial of service attacks (DDoS) and the stealthy malware attacks that gobble up bandwidth to slow down computers and networks mean that the respective key performance indicators of the security and network teams are more intertwined than ever.

To properly address the security issues at hand without compromising the availability challenges that matter to the network team, both teams will have to make better use of all available information.

To this end, the Gigamon Security Delivery Platform (SDP) paves the way for security teams to be nimble in choosing and deploying new security solutions without disrupting the high availability and efficiency objectives of the network team. The SDP essentially de-risks security deployments for the network team while speeding up network access for the security team.

Win-win deployment

For example, the traditional way of deploying monitoring tools typically involves configuring a SPAN port at a traffic choke-point and attaching a tool to it. However, this method ignores the risk and limitations of the tool being attached to a single network point. SPAN ports do not perform well at high-traffic volumes and may drop packets randomly due to oversubscription. The SPAN ports also require potentially disruptive switch reconfiguration, which must adhere to strict change management, Farquhar points out.

With Gigamon’s platform, traffic passes unidirectionally from a TAP to the SDP to the tool. The SDP avoids introducing availability risk into the network by preventing any injection of traffic by the monitoring tool or due to misconfiguration on the SDP itself.

“The really nice thing about Gigamon SDP is that it can sit in the middle and give teams agility and stability,” says Farquhar. “We allow [the security team] to attach the tools that they need without constantly going through a change control.”

The Gigamon SDP also de-risks inline tools for network teams, ensuring no disruption to the flow of production traffic and, ultimately, enhancing business agility and hastening time to value for security solutions. Inline tool failure detection with follow-on automated remediation response and physical bypass capability to fail a powered-down system over to fibre or wire ensure availability of inline network deployments.

“When implementing monitoring tools, both sides see a win from an SDP deployment,” Farquhar suggests. “There is no right or wrong in this clash of cultures: It is simply different priorities and focuses that so often show network and security teams as competitive. To the network team, a down network is secure. To the network team, a network that carries a number of attacks is still running well.”

This is a QuestexAsia feature commissioned by Gigamon.