Nov 22 2016

Agencies Can Enhance Network Security Through Software and Automation

The Software-Defined Secure Networks approach lets an agency take action quickly against security threats and then share threat intelligence.

Network cybersecurity is a top priority for federal IT leaders, and automated and actionable intelligence needs to be shared quickly to reduce risk and protect the network and its users.

Hundreds of millions of dollars and countless hours have been spent by federal agencies trying to protect their networks from cyberattacks. No matter how diligent their efforts, the threat matrix continues to expand as mobile devices — whether government-issued or through bring-your-own-device programs — proliferate in the agency environment and new technologies, such as the Internet of Things, emerge.

Manually managing security-policy changes and/or upgrades in the typical network operations environment could take days or even weeks to execute, allowing more than enough time for sensitive data to be breached.

Modern network components have varying security mechanisms. Routers and switches have firewall and access control list capabilities, while dedicated security devices have a whole range of capabilities that facilitate security policies within a network ecosystem. However, they are all component-focused and address only their own security integrity.

Taking a Software-Centric Approach to Network Security

A new strategy of network security agencies should embrace is the Software-Defined Secure Networks (SDSN) approach. This new methodology leverages a unified detection system to help manage policy, detect threats, and enforce compliance across the network through automation.

A key component of a Software-Defined Secure Network is the Policy Enforcer. When the security components of the network carry out activities such as scanning file attachments and detects a threat, the Policy Enforcer is notified and can then identify the type of enforcement to activate.

Should the threat be severe enough, the Policy Enforcer will act on the intelligence and automatically deploy a quarantine action to the device (the switch) that’s associated with the system containing the malicious file. Because this process is automated, using the severity level that’s set by the administrator enables this to happen in real time, the performance of the network switch that the device was connected to won’t be impacted.

Additionally, not only does this process dead-end the threat, the Policy Enforcer shares its discovery with other system management domains. One of the aspects inherent to the SDSN architecture is that it can share and receive threat information from other security feeds. For example, Agency A discovers a particular threat, identifies the file and assigns a threat level, acts on it and publishes the information on a threat feed shared with other agencies.

Embracing Security Automation and Efficiency

It’s also important to note that the actions in an SDSN environment are no different than those that would be taken by human administrators; the actions are just automated and actionable in real time.

This is not a “new” capability — just a new level of efficiency. This makes the whole process faster and less prone to error and provides both repeatability and scalability.

This automation also streamlines reporting functions, which can often be a tedious task. Instead of manual intervention, in which users create a log of how the event was identified and addressed, an SDSN environment will simultaneously create entries in the logging system as it takes action.

In sum, SDSN will create an ecosystem within the network infrastructure that leverages the security capability of all the devices in that network, without having to replace the devices.

The day-to-day, more mundane aspects of security can be handled by the SDSN system itself, freeing up more expensive resources — experienced analysts — to focus on the rarer, more sophisticated high-level attacks and zero-day events that require human intervention.

As SDSN implementations spread, each system’s ability to protect itself from threats will improve, as security feeds are shared and updating procedures are streamlined. In a hostile world, with bad actors constantly looking for weaknesses to exploit, this is a welcome innovation indeed.


Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT