Tales from the Trenches: Vol 3 — Security Operations and Network Operations are always at odds. Or are they?

/by

Since 2004, RedSeal has helped our customers See and Secure their entire complex network. And while those customers may have understood the value of understanding their environment, how it was connected and see what’s at risk, there is often an “Aha” moment when the true significance is clear. The stories of these moments are lore within the walls of RedSeal. But these tales so clearly illustrate the value of RedSeal beyond just theory that we think they’re worth sharing. In the words of our team in the field, the ones working directly with our customers, this blog series will share the moments where it all gets real.

In this edition of the series Brad Schwab, Senior Security Solutions Consultant tackles the potential friction between two departments with RedSeal.

Security Operations and Network Operations are always at odds. Or are they?

Empirically, using the greatest technical brevity, you could explain the two areas as:

  • Security Operations (SecOps) is about limiting where network traffic goes. They are also usually responsible for Vulnerability Scanners
  • Network Operations (NetOps) is about the uninterrupted, fast, network traffic flow

As you can see, these departments could easily be at odds – one is the brakes, the other the throttle. So, yes, they usually are at odds. Everything one wants can easily create work for the other, resulting in a back-and-forth pendulum of requests. SecOps to NetOps, “I need these ports shut down, they are creating security exposure…” NetOps to SecOps, “sure, you deal with the backlash…” Outcome, Finance to NetOps, “I can’t print paychecks…” NetOps emails SecOps the Finance department email and goes dark…. Net affect, neither department likes the other…

How does this involve RedSeal you may ask? RedSeal is in the unique position to work with both SecOps and NetOps and help both realize their Operational Goals and allow visibility into outcomes beforehand so that situations like the above don’t happen. This creates a positive working relationship between the teams.

Working with a large Health Organization, we were at the end of a Proof of Concept, and were having a meeting with the CISO, and the heads of SecOps, “Wendy”, and NetOps, “Bill”. We had been having problems with the NetOps people not providing the access required to gather device configuration files across the entire network fabric. NetOps was claiming they didn’t have the time. On the sly, we also heard that they thought providing us with the ability to gather the configs would only make work for them.

During this meeting Wendy was talking about the mountain of scan data she had and that prioritization was key to her work. I demonstrated how RedSeal could prioritized her patching routine(s) based on Network Access. Which, wait for it, requires the network device configuration files. Knowing that SecOps and NetOps were not friends, I decided to see if I could get a dialogue going, and at the same time incent NetOps to get us the access we required to gather the config files. So, I posed the question to Wendy of SecOps, “Wendy, are you scanning the entire network?” She said “yes.” I asked how she knew she could reach every host on the entire network? She said, “Bill told me I could.” I then said to Bill, “Is that what goes on the upcoming Audit, “Bill told me I could scan the entire network…”. Before he could reply I said, wouldn’t you like actual documentation showing that Wendy’s network reach was complete and entire network scans could and were taking place?

That is when the CISO chimed in and said “yes, we need that. How do we get that?” I said that if I had all the config files, I could provide you, Ms. CISO with your required audit documentation, which would eliminate Bills’ manual effort to supply the always asked for “ACL’s of all devices, not just the edge.” And, in addition, I can prioritize Wendy’s mitigation procedures and show the actual trending decrease in your exposure as her team works through the tickets. What followed was over an hour-long discussion of how RedSeal could provide value, focusing of tasks, and reduction of effort to both NetOps and SecOps, plus provide progress reporting to the CISO.

During the rest of the deployment NetOps was always willing to listen and quickly respond quickly to requests. The final outcome was that both teams, SecOps and NetOps, embraced the RedSeal Secure Methodology of Discover, Investigate and Act.

Interested in how RedSeal can help your team? Click here to set up a demo or an introductory call.