5 Security Experts on Why IT Leaders Need to Start Automating

Automation has been cited as the next big thing for IT leaders looking to secure their communications in all types of cloud environments—but leadership knows the challenges they face in doing so.

Answering to a Network World survey, 47% of respondents claim that it is difficult to monitor network behavior from end-to-end, and 41% say these security operations have difficulties that arise from cloud computing.

The main problem with not automating security operations is scalability and the difficulty in setting up these systems. But it’s necessary—it’s impossible to keep up with the increasing pace, limited cybersecurity, and network operations personnel, all while managing network security operations on a box-by-box, or CLI-by-CLI basis.

But don’t take our word for it. These five security experts have driven deep into the world of network security, and have their own reasons for passing along advice to IT leaders to start automating security processes today.

Security Experts and their Reasons for Encouraging IT Leaders to Automate

According to the Enterprise Security Group (ESG) 63% of networking and cybersecurity professionals working at enterprise organizations (more than 1,000 employees) believe network security operations is more difficult today than it was two years ago.

The bottom line – the main roadblock standing in the way of IT leaders and automated security process is difficulty. Here’s why you should take the plunge despite the challenges.

Jon Oltsik, ESG Senior Principal Analyst and Founder of the Firm’s Cybersecurity Service

Oltsik knows the scalability problems that security leadership faces, even though leadership knows the risk they’re taking without it. He cites a survey of 150 IT professionals, where 31% of respondents say automation is “critical” to address future IT initiatives, while 58% claim it is “very important” to address future IT initiatives.

Because of the recognition of its importance, the technology industry is listening – Companies like Cisco, Fortinet, Check Point, and more have all introduced solutions that will assist security network operations teams in automation and visibility of their networks. His advice to leadership is to adopt these technologies:

“Since relying on people and manual processes can’t scale or keep organizations secure, CISOs and network operations managers should assess where they are in the network security operations automation transition as soon as possible, making sure to look into their people, processes and technologies.

Once shortcomings and bottlenecks are discovered, large organizations should develop a plan to address these areas and institute network security operations automation projects, phasing in capabilities over the next few years.” Jon Oltsik

Stephanie Tayengco, SVP of Operations, Logicworks

Tayengco is a proponent for automation, but automation the right way in the face of risk. Her bottom line—you need to get rid of as much manual work as possible to stay secure.

According her, it’s important to automate infrastructure buildout first, continually check instances across the environment, fully automate deployments, include automated security monitoring in those deployments, and finally, prepare for the future of automation.

“Ninety-five percent of all security incidents involve human error, according to IBM’s 2014 Cyber Security Intelligence Index.

This year alone, enterprises will spend $8 billion on cyber security, but these initiatives are often useless in preventing an engineer from misconfiguring a firewall or forgetting to patch a security vulnerability on a new server. Manual work is risk, and manual security work is a disaster waiting to happen.” – Stephanie Tayengco

Gabby Nizri, CEO, Ayehu

Nizri is worried about the rising number of security breaches. According to the ISACA 2015 Global Cybersecurity Status Report, 781 publicized cyber security breaches resulted in 169 million personal records being exposed.

Well-known companies like BlueCross, Harvard and Target were involved, making it clear that even the most sophisticated and well-funded security departments aren’t safe. Even so, only 38% of organizations across the globe can confidently say they are prepared to handle a sophisticated cyber-attack. Because of this, Nizri urges you to automate.

“Simply put, IT personnel are no match for such intensive, sustained attacks. Not only are humans incapable of keeping up with the sheer volume of incoming threats, but their ability to make quick and highly-impactful decisions to manually address such an attack is equally inefficient.

This is why automation is becoming such a powerful and effective component of cyber security incident response. To combat the onslaught of incoming threats, organizations must employ an army of equivalent strength and sophistication.” – Gabby Nizri

Danelle Au, VP of Strategy and Marketing at SafeBreach

Automation isn’t all about just avoiding mistakes. Au cites instances where automation makes an IT department more agile, and improves processes such as application delivery.

For the private cloud environment, applications and desktops are being virtualized at an faster than ever before. According to Au, As the number of virtual machines (VMs) increases, automation and orchestration is no longer a “nice to have.”

“The ability to translate complex business and organization goals into a set of automated data center workflows is critical to not slowing down the application delivery process. It is also an essential part of making compliance and security requirements a lot easier to manage in a very dynamic environment.

To fully realize the promise of private clouds or software defined data centers (as VMware defines it), the traditional IT infrastructure — in particular network security — needs to transform into agile and adaptive end-to-end automated processes.” – Danielle Au

Brian Dye, VP of Intel Security Group

A recent ESG study noted that 46% of organizations said they have a “problematic shortage” of cybersecurity skills—up from 28% just a year ago. That means the development of these skills in IT personnel isn’t improving at a rate needed to keep up with threats.

One-third of those respondents said their biggest gap was with cloud security specialists. According to Dye, this is the reason security automation is important, as well for working with SDN technologies and responding to breaches.

“As organizations explore software defined networking (SDN), they see a need for more automation skills, as security policy must co-exist with the orchestration to fully exploit an SDN environment. These skills become especially important as virtualization expands beyond servers and into networks and storage.” – Brian Dye

Network security automation is important for many reasons – the risks associated with manual processes, adaptation to new technologies, the agility of the cloud, and the race to keep up the skills needed in personnel to use new emerging technologies.

Creating the proper mix of skillsets, automation and processes will provide IT leaders with the security confidence they need moving forward.

SMSEagle is Hardware SMS gateway to send and receive SMS text messages. To find out how we can help support your network security program, check out our online store.

Redundancy and Automated Alerts Ensure Business Continuity?

In the UK and Ireland, you are made redundant when you lose your job. When something is redundant, it means that it is unnecessary, a duplicate of the existing. However, in networking and indeed business terms, having redundant options is a positive concept, as it refers to backup solutions that take over when the primary fails.

In a perfect world, where hardware often has a predetermined or estimated lifespan, companies will ensure that business continuity is possible for a wide range of ‘disasters’ whether these include loss of services, hardware failure, data loss or other unexpected events such as fire, flooding and severe weather conditions. These secondary solutions are known as redundant, backup or ‘failover’ solutions as their function is to assume control or allow the means to restore services when the primary goes down.

How important is redundancy for the average company? Is it feasible to guarantee 100 per cent uptime? What steps can companies take to minimise risk or downtime?

Obviously, due to budgetary constraints common to many companies, it is not possible to simply clone an entire IT infrastructure to ensure uptime in all areas. In any case, even if budgets are available, it does not make business or financial sense to do so. However, companies can take steps to protect themselves and reduce downtime risk.

Essential Services

In terms of business continuity, all companies are at the mercy of power companies and loss of power is a problem that faces everyone. It is solved by the use of uninterruptible power supplies (UPS) for every network device. Unfortunately, they are expensive and are not a long-term solution if power loss lasts more than a few hours. Generators will solve the problem and allow internal tasks to resume.

Given the likelihood that any blackout is not limited to your premises, you have also lost internet access, apart from internet-enabled mobile devices, of course.

It is for this reason that many companies utilise cloud services, with managed service providers for key customer-facing elements of the business, such as e-commerce websites, for example. The adoption of a hybrid IT infrastructure makes perfect sense and allows companies to continue working in the cloud until the on-premise network is back online.

In fact, according to a SolarWinds survey, 92 per cent of U.S. IT professionals claim that cloud adoption is important to their organisation. In addition, it is application, database and storage requirements that that drive increasing adoption. When only 6 per cent of have not migrated anything to the cloud, can you afford to ignore the benefits?

However, bear in mind that cloud migration does not eliminate on-premise network concerns as, in the same report, 60 per cent of respondents believe it’s unlikely that everything will be cloud-based, with security and compliance of the greatest concern. Therefore, downtime remains a tangible risk and automated network monitoring can certainly help.

Prompt Response is Key

How will you know if your network goes down? During the working day, it may well be blatantly obvious, as users will immediately contact IT when they can no longer access services. But what happens when IT are offsite or it’s after working hours?

Power loss is admittedly rare in developed countries but loss of broadband or network access is more regular and companies need immediate alerts if this happens, given that key business activities, both internal and external rely on them.

One option is a hardware SMS gateway, which alerts the parties responsible for network monitoring, whether these are on-premise or outsourced from a local IT company. Most importantly, as each gateway contains a SIM Card, alerts are sent even when an internet connection is not present. With a 3G option to facilitate communication, automated email alerts (in addition to SMS) are also possible due to inbuilt modems and watchdog mechanisms.

With such an alert mechanism in place, response time is reduced and your chosen IT professionals can solve the root cause faster, reducing downtime and loss of productivity.

How Much does Downtime Cost?

In many situations, reactive support is necessary, hence the requirement for an automated alert system. With power loss and internet connection issues solved, companies can take additional steps to maintain business continuity.

The big one is, of course, data loss due to hardware failure. Hard drives fail regularly and few companies operate without protecting their data by using real-time backups and regular offsite archiving. However, this is only a small part of the network redundancy options available and each companies needs to evaluate their redundancy strategy. Ask yourself how much it will cost if your internal network goes down for an hour. How about an entire day?

In factory production, for example, an hour could be very costly. In a small office, perhaps not so much. Therefore, weigh the costs of employing network redundancy at all points in the data path against the cost and perceived risk of failure.

Increase Redundancy?

Reducing risk factors is a key objective in business but is generally considered in budgetary terms. If the risk is low and the cost for a redundant feature far exceeds the possible costs of failure then it is not worth implementing.

For example, redundant measures could include but are not limited to:

  • Network cabling setup that facilities redundancy — ring protocols or redundant coupling, for example.
  • Managed switches that reroute connections if one path fails.
  • Redundant dedicated broadband connections from another service provider.
  • Multiple backup plans for servers and desktops.
  • Use of colocation servers and failover technology.
  • Backups for cooling, power, fire and water detection

In conclusion, 100 per cent network redundancy comes with a hefty price tag, requiring ongoing maintenance and management from professionals with a variety of skill sets. Even then, 100 per cent uptime is not guaranteed.

Large enterprises with dedicated data centres can handle these requirements but smaller companies simply do not have the budget or staff to support a fully redundant network. While theoretically, it is indeed better to be proactive, it is more cost-effective to put a preventative maintenance process in place and react to hardware problems as they occur, in accordance with a defined disaster recovery plan. When alerts are automated, what more is needed to reduce downtime?

Monitoring Switches in Data Centers

MONITORING NETWORK SWITCHES IN DATA CENTERS

Network availability and performance are critical parameters in determining the proper operation of LAN, MAN or WAN. Malfunctions in network switches adversely affect the productivity of companies, therefore their proactive monitoring is an important element in the work of the administrator. Here we provide a short overview of methods used nowadays for monitoring of network switches.

SNMP Protocol

All types of switches can be monitored using SNMP. Monitoring can provide information within the port: port availability status and information about transmitted packets. In addition, we can monitor equipment performance metrics: CPU usage, RAM usage, etc.

NetFlow, sFlow, jFlow Protocols

NetFlow is a Cisco protocol running on the switches of the company, sFlow protocols and jFlow are similar technologies developed by competitors. These protocols provide information about a stream of data flowing through the network devices, providing detailed insight into the performance and network bandwidth. Because the data is pre-aggregated, the use of this protocol is easier than using a packet sniffer.

Packet sniffing : monitoring using the monitoring port 

The outer packet sniffer (usually built into NMS system) examines all network data packets sent through a special monitoring port in a switch. This port in a switch sends a copy of all network packets from different port (or ports) of a switch. Such packets are then analyzed by the NMS system. Out of the three switch monitoring technology, this one creates a highest load on CPU and network. 

NMS system 

The central point of the supervised switches environment is IT infrastructure and network monitoring system (NMS). The system aggregates data from the monitored points, provides powerful capabilities for analyzing and visualizing the information collected, and transmits alerts about incidents and failures.

SMS Alerts as an effective notification of failures 

A key element in the course of automatic detection of an incident or failure is early as possible and effective notification of the occurrence of the event. For this purpose, data center administrators often use SMS channel. Due to the very good responsiveness to SMS messages (incoming SMS is considered a high priority by the customer compared to other channels, type of e-mail, instant messaging) and versatility (SMS does not require any dedicated application) it is an often used channel for sending alerts about incidents or failures. In order to shorten the critical path (minimize number of devices between NMS server and GSM/3G network), one can use hardware SMS gateway with built-in GSM/3G modem. Such device allows to send SMS alert directly from NMS to the GSM network excluding external Internet Service Provider.