Blog Automation

Security Starts with Visibility and Automation

Judson Walker Director, Systems Engineering Published 30 Oct 2017

When federal agency CIOs discuss the challenges that keep them up at night, there’s no lack of topics to explore. However, there’s one issue that is constantly bubbling to the top. According to Professional Services Council and Grant Thornton’s annual CIO study, cybersecurity is the top concern for federal IT leaders. This is likely to only increase, as 81 percent of CIOs in CIO Magazine’s annual study noted a greater involvement in cybersecurity in the most recent survey than in the past.

While there are new, increasingly advanced cybersecurity solutions constantly introduced, cyber criminals are nimble and have many resources at their disposal. It’s too easy for cyber criminals to stay a step ahead given misaligned incentives. In such an environment, it’s critical that agency approaches to cybersecurity start with a solid baseline that lies within the agency’s network. Just like network performance and reliability, security starts with visibility and automation, and successful efforts cannot exist in silos.

Network visibility can reveal a lot about an agency’s systems, from where the majority of traffic flows originate to the times of most activity. Similarly, network insights are valuable from a security perspective. Just as network visibility can identify when traffic flows require a change in network configuration, they can also point to anomalous traffic patterns that likely indicate a security breach. For example, if an agency typically sees most activity coming from within the United States during normal work hours, an influx of activity from Europe at 2:00 a.m. may be enough to trigger concern.

Network Visibility = Actionable Insights

In the event of atypical network activity, agencies can set up instant alerts, so they can catch suspicious network activity and limit it before damage is done. Every agency network logs active events via a system log (syslog). These events can then be used as a trigger to initiate a workflow, or asoftware system for the set-up, performance and monitoring of a defined sequence of tasks, that can recognize a risky event and generate a help desk ticket so that: A) the right IT administrator can troubleshoot quickly and efficiently, or B) an automated solution can execute additional workflows. Workflows are extremely effective in minimizing cross-functional delays in respect to the troubleshooting process. An automated approach is especially useful for issues that occur after standard working hours and when an IT team has limited resources to access and address risk.


Subscribe Now!

Based on information from network visibility platforms, such as those from Niagara, FireEye and LogRhythm, instant alerts can be issued in response to activities that are classified as threat events. The next step in making this information valuable and actionable is tying it to automation, ensuring insights from the alerts are immediately put to action.

Overcoming IT Silos for Better Security

While automation isn’t a new concept, it largely takes place in silos, with the server, application, network and security teams all automating internally. If each team is made aware of the abnormal traffic pattern individually, they may each take their own unrelated action, not necessarily constructive to an improved security outcome. IT leaders are recognizing this as a challenge. According to the Workflow Management Coalition, as much as 90 percent of the total time to complete business tasks is actually transfer delay, a result of IT silos, rather than actual execution. When the task at hand is related to cybersecurity, this time delay–sometimes the difference of weeks or days versus seconds–can significantly influence the impact of a breach.

The solution to this challenge is enabling a cross-domain, workflow-based approach to automation. The entire network lifecycle including provisioning, validation, troubleshooting and remediation, needs to be automated to fully execute on the security insights network visibility can provide. Cross-domain integration, which links previously siloed functions including network, compute and storage is also an essential function. To make this a reality, agencies need to establish the set of steps or workflows necessary to address the situation, including order, transitions, conditions and data flow. Extreme supports this cross-domain approach to automation with its Workflow Composer, a solution powered by StackStorm that offers workflow-centric, event-driven automation that cuts across siloes and IT domains.

There’s no question that cybersecurity is an important concern that federal agencies need to address, but not every step along the way needs to be complex. Starting with the same network automation and visibility-focused approach that improves performance also creates a much needed security baseline for agencies that can’t predict where the next threat will come from. How does your agency’s network support cybersecurity efforts? Learn more about how Extreme Network’s visibility solutions and automation tools like Workflow Composer can help.   


Related Government Stories