Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Executive Summary 1
1. The Cybersecurity Landscape 2
The Role of the Network in Cybersecurity 2
Trends Affecting Network Security 4
A Common Cybersecurity Framework 5
2. Best Practices for Network Security 7
Enable Visibility Across Network Infrastructure 7
Implement Network Automation 10
Promote a Culture of Collaboration 13
3. Applying Network Automation to Security Workflows 15
Protecting the Network 15
Detecting and Responding to Cyberattacks 19
Enhancing Collaboration Across Teams 20
4. Achieving Continuous Cybersecurity 22
Continuous Network Hardening 22
Continuous Threat Response 23
Conclusion 25
Executive Summary
- John Chambers,
" for most organizations isn’t if they’re going to be breached, but
Executive Chairman, how quickly they can isolate and mitigate the threat.
Cisco In this paper, we’ll examine best practices for effective
cybersecurity – from both a proactive (access hardening)
and reactive (threat isolation and mitigation) perspective.
We’ll address how network automation can help minimize
cyberattacks by closing vulnerability gaps and how it can
improve incident response times in the event of a cyberthreat.
Finally, we’ll lay a vision for continuous network security, to
explore how machine-to-machine automation may deliver an
auto-securing and self-healing network.
Information security aims to ensure that all data, whether physical or digital,
20%
is protected from unauthorized access. Cybersecurity, a sub-domain of
InfoSec, aims to protect only digital data (e.g. computers and networks) from
$3.62M
• Intrusion prevention systems (IPS) which perform anomaly
detection, application filtering, and deep packet inspection to detect
and prevent vulnerability exploits. Unlike IDS, IPS is placed in line with
- 2017 Cost of Data Breach
Study, Ponemon Institute the network to actively analyze traffic and take automated actions to
block malicious traffic.
• Virtual private networks (VPN) which create a safe and encrypted
connection over a less secure network, such as the internet.
56%
of respondents* assumed
Growing use of mobile devices and software-as-a-service (SaaS) make
securing the network more challenging than ever. Faster network connections
and more remote users are forcing security teams to consider where and
their organization has been
breached or will be soon. how to provide protection. Further, traffic now flows in every possible direction
due to the transition from monolithic (single application per server) to a tiered
*Survey conducted by the SANS
institute in 2016 application approach, with diverse traffic patterns. The following trends will
continue to impact network security policies and strategy.
Protective technology
Tools and technologies play a critical role in a security plan. Perhaps even
more important, however are the methods and processes which govern the
way these technologies are deployed, provisioned, and managed. Networks
are vastly complex systems and the methods to secure them make them
even more difficult to manage. If a firewall policy is not configured properly,
or an IDS is not properly tuned, it can create a point of vulnerability.
Network Diagrams
Expert
Knowledge What’s
connected
?
CLI
Have we
seen this
before?
How’s it
configured
Network ?
Visibility
What’s
changed? What’s
happening?
Change Performance
Logs Monitoring
43%
to type show commands box-by-box to slowly build a list of
devices, how they’re connected, and how traffic flows. This takes
a tremendous amount of time and is error-prone. Even a good
of surveyed engineers said
that troubleshooting takes set of documentation provides limited configuration data, such
too much due to the manual as hostnames, and IP addresses. Even more frustrating is that
nature of using the CLI
network diagrams are quickly obsolete if not updated frequently.
*Source: 2017 State of the Network
Engineer Survey • The command line interface (CLI)
o Benefits: As a flexible and powerful user interface for network
management the CLI is a preferred tool by experts. Virtually any
topology, configuration, or performance data can be accessed
with knowledge of the right commands. For complex tasks, the CLI
can also be scripted to achieve automation.
o Challenges: The CLI limits the breadth of information a user can
analyze, because it is accessed one device and one command
at-a-time. The CLI comes with a steep learning curve since each
unique vendor and model has its own command structure and
syntax. Automation also requires a steep learning curve to achieve
with complex scripts.
• IDS/IPS/monitoring tools
o Benefits: The primary benefit of these tools extend beyond data
analysis, since the primary role of an IDS/IPS is to alert
administrators to suspicious activity or policy violations. These
tools also provide context into what part of the network may be
impacted by a particular threat.
o Challenges: Many organizations face information overload when
managing these systems. It is challenging to distinguish a real
threat from a perceived threat with such volumes.
The ability of teams to work together effectively, therefore, plays a vital role
in network operations and security. To do so, teams must first commit to a
culture of collaboration. Next, teams must implement tools and processes
which enable frictionless collaboration. There are two areas where teams
should look to improve collaboration:
72%
of engineers cite lack of
1. Democratize Knowledge
Teams struggle to document and share knowledge. This limits their
ability to scale since they are bottle-necked with limited skills and abilities.
collaboration between
There are two types of knowledge in an organization: domain knowledge
network and security teams
as number one challenge and tribal knowledge. Doman knowledge refers to expertise which is
when mitigating an attack valuable both inside the organization and outside, for example knowledge
*Source: 2017 State of the Network
of security best practices or fundamentals of routing and forwarding
Engineer Survey
traffic. Perhaps more valuable is tribal knowledge, which is accumulated
In a typical security incident, the network team is working with the application
team, Linux team, security team, and managers. With this level of cross-
function collaboration, it’s very important to have centralized information to
know what other teams in the department are doing. The ability of teams to
democratize knowledge and seamlessly share information is valuable both
during a cyberattack, but also for proactive network security. For the former,
teams must work effectively to isolate and mitigate the attack as soon
as possible. For the latter teams must share best practices to harden the
network and validate compliance.
The increasing scale of networks, driven by trends such as IoT and cloud
computing, is driving the need for automation – it is now mission-critical for
network security. A comprehensive cybersecurity workflow includes tasks
30%
Of surveyed engineers
performed before, during, and after a cyberattack. Automation should be
applied at each phase.
said they are investing Before a cyberattack, automation is critical for network hardening, to
in network automation
fortify network assets and close vulnerability gaps. But should an attacker
technologies to enhance
network security penetrate the network, automation can help teams isolate and mitigate
threats quickly, to minimize damage. After an attack, automation can help
teams perform a post-mortem analysis, to identify ways to further protect
network assets against similar attacks in the future, and equip teams to
respond more quickly. This workflow therefore represents an ongoing cycle
from proactive, to reactive.
Just as the horse and buggy was supplanted by the automobile, automated
transportation continued to evolve. The automobile was eventually
enhanced with the automatic transmission, and today the next wave of
automation is ushering the autonomous (self-driving) car. The ultimate
goal of continuous automation is to eliminate human error and dramatically
increase efficiency. In Cybersecurity, continuous automation will reduce
both risk and impact of cyberthreats.
1
2
3 Trigger compliance Network Automation
4
5
validation Platform
Threat detected
Threat
mitigation
Change Orchestration