BlueAllyBlueAlly
Blog

Is Network Automation Essential for Network Security?

Automation, Security

If your business is not using network automation, there is a good chance that there is a security vulnerability lurking in your network. Remember the T-Mobile data breach? It started through an improperly secured router. How do you ensure a similar event cannot happen in your network? 

Implementing good network security can be much less expensive than the cost of a cybersecurity breach. Just look at the ransomware demand prices, the cost of remediating an attack, or the reputational cost to your business. And if you were to pay a ransom to return to business, you would still have to implement security enhancements to avoid being victimized again, potentially by the same attacker. 

Your business needs to use automation to avoid leaving any doors open to attack. 

Preparing for Network Automation – Culture and Policies 

The network and security teams must work together. Some organizations support separate silos for these two functions, putting them at a disadvantage relative to teams that work together. A culture change may be needed, particularly if the security team has a “need-to-know” attitude. 

The combined team will need to create and maintain network policies that provide security while supporting the business. Policy elements include things like the use of multi-factor logins, network segmentation, application traffic white-listing, and regular software and OS updates. Do not hesitate to bring in a security consultant to evaluate policies and the overall security design. 

Policies translate into network configuration templates and automation tasks. Firewall configuration templates are obvious, but don’t forget about templates for other configuration elements like security event logging, Wi-Fi security, network device security, and network segmentation. 

Applying Automation 

Automated network discovery is the first step, providing the team with a comprehensive accounting of what is on the network. Hardware models and software version information from discovery must be checked against PSIRT (product security incident response team) and CVE (common vulnerabilities and exposures) announcements to report known vulnerabilities. You should expect commercial automation products to include this function. The vast majority of breaches are due to known vulnerabilities, and your team should be responsive to any findings. 

The automation process must then verify that all network devices comply with the configuration templates and operation policies (a process sometimes called configuration audit). It is a good idea to perform this check when configurations change, at least daily. A separate check, called configuration drift, reports on configuration changes. The network/security team should use a drift to track changes and audit for policy compliance. 

Testing with Automation 

Automation can be applied to security testing as well. Consider using an external security scanning service to identify vulnerabilities that are visible from the Internet. This matches the process that the bad actors use to find the chink in your company’s security armor. As with the PSIRT/CVE process, it is important to promptly address any deficiencies. In one example, an unprotected IoT device was scanned and hacked within an hour of being installed. This emphasizes that any external security scanning service must support initiating a scan whenever a change is made to the Internet-facing part of your network. If you want an in-depth security analysis, employ a penetration testing company on a periodic basis. 

Responding with Automation 

Automation is not just for the configuration. It also applies when your network is being attacked. You will need an incident response plan and the tools to help you contain an attacker and recover. Different attacks will need different responses. Remediating ransomware will be different than closing off an attacker’s access to your network and different still from handling denial of service attacks. Automated tools for quickly segmenting the network are essential. 

The bad actors are using automation to attack your network.  Responding with manual processes that cannot keep up is no longer an option. 

When you are ready, BlueAlly Consultants are available to discuss automation and systems to improve productivity and reduce risk to your business. To learn more, contact us about the assessments and professional services we can provide. 

 

 

[1] https://xkcd.com/1205/ and a related comic: https://xkcd.com/1319/ 

Contact BlueAlly

Connect with BlueAlly today to learn more.