Automation can be used to improve network security in multiple ways.
Fallacy: Automation Is a Security Risk
I was talking recently with fellow NetCraftsmen Steve Meyer and John Cavanaugh, a Cisco-Certified Architect who is leading our security practice, about network automation for one of our customers. I was suggesting that automation would be a useful addition to their network operations. His response was surprising. The IT security department viewed automation as a risk to the network. The premise was that a bad actor could turn the automation tool against the company’s network. John noted that remediating a security incident without automation would take much longer than it should and that assuring full coverage across the entire network would be challenging. He also made the point that the bad actors typically don’t rely on an organization’s internal automation processes because it can provide visibility into what is happening. Don’t be fooled, bad actors bring their own customized tools.
What Executives Should Know
An organization’s executives, particularly the CIO and CISO, should be aware of the strengths and weaknesses of network automation so that they can better direct their organization’s IT systems. With regard to the above example, the executives should ask the security team how they intend to remediate a security incident in a timely manner and how they intend to guarantee full coverage of the remediation. Get incident response time estimates. Ask for the incident response plan, which should be a written document that describes the processes and procedures that will be followed for different types of incidents. Look for escalation processes based on the severity and timeline of the incident. Who gets informed for each level of severity? Low severity incidents should automatically be escalated if they are not resolved in a timely manner. The CIO should be informed of all events, regardless of severity, just in case it might impact the business.
The Benefits of Automation
The first benefit of automation has nothing to do with security. It allows the business to implement agile IT processes, remaining competitive with respect to their peers. Network changes should not take a week to implement. Some companies have embraced automation through self-service portals that allow authorized internal IT staff to easily implement basic network changes. Automation also makes sure that the network configuration is consistent. Consistency is especially important in security, where you must be 100% sure that all network devices are running the right software and are properly configured.
With regard to security, there should be automation systems in place to assist with various types of security incidents. The most basic automation is changing passwords on network devices after a member of the network team leaves the organization. At the other extreme is the loss of sensitive information (think customer data, strategic plans, and product design documents), where access to the data should be immediately disabled to protect against further disclosure.
Maintenance of firewall rule sets and access control lists in network equipment are a well-known source of problems. One humorous quip I’ve heard is that ACL entries are like tattoos: easy to add and difficult to remove. The more advanced forms of automation will identify the ACL entries of a specific application or service, making it easy to add or remove access at any point within the network. Auditing ACLs can be done by looking at the list of permitted applications. Automation allows the network team to work at the more abstract level of an application instead of its network connectivity requirements.
Putting It Together
The benefits of automation significantly contribute to the success of the organization. I find it astounding that there are organizations that view it as a risk. I have to wonder if there are other reasons for not doing automation, such as having to learn something new. Executives need to learn enough about automation to see the cost-benefit of adopting it. Then they can help direct the company in a direction that assures the organization’s continuing success.
Learn how ScienceLogic’s IT automation capabilities help improve MTTR, reduce manual effort and risk, and increase operational efficiency.