What security pros can learn from the networking team

You might find dealing with the networking side frustrating—but they have a lot to teach you

network conflict 1
Flickr/Peretz Partensky/REMIXED

No need to fight

It's a familiar scenario: your security team wants—needs—to lock down part of your enterprise's network. And yet the network team resists you at every turn. Don't they understand that security is paramount? Do they want to get hacked?

But in fact, they're feeling just as frustrated as you are. Just as you're being yelled at to make sure the network is safe, they're being yelled at to make sure the network is available and traffic is flowing quickly.

In truth, your security team has a lot to learn from the networking team about how to keep the whole organization running smoothly. We spoke to networking experts to find out what they most wanted security pros to know.

network conflict 2
Flickr/Tanya Impeartrice/REMIXED

Overlapping turf

Much of the fighting between network and security teams arises when groups with different priorities are assigned responsibilities for the same corporate turf. "For network access security, the administration of a policy management or AAA solution usually falls to the network team," says Trent Fierro, director of security and software solutions marketing at Aruba, a Hewlett Packard Enterprise company. "The security team is usually responsible for what happens on the endpoints, though, so there’s an immediate disconnect. The desktop team may also be involved in cases where BYOD is involved. This becomes very challenging when the discussion turns to agents, passwords versus certificates, and firewall rules."

network conflict 3
Flickr/Rog01/REMIXED

Follow their lead on automation

One key thing security teams can learn from networking staffers is their use of automation to keep things running smoothly. "Network people have gotten very good at keeping their company's systems up," says Joe Schorr, director of advanced security solutions at Bomgar. "Stuff doesn't go down so much anymore because network people got very good at operational work. Security should look a lot like a boring network operation: No red lights flashing, no alarms, but done very, very well, pulling the kettle off before it boils. I know when I'm in a good security shop because everything is automated."

network conflict 4
Flickr/ Quinn Dombrowski/REMIXED

Engage early

To avoid conflict, network and security teams need to map out their roles and goals from the beginning of a project. "Because there are potentially many groups involved, our suggestion is that all of these teams need to engage early in any discussions," says Aruba's Fierro. "All of our deployment advice suggests mapping out roles, expected privileges, what happens with good and bad authentications, and so on."

Chris Pogue, senior vice president of Cyber Threat Analysis at Nuix, says mutual engagement should begin even earlier, during the staffing process. "Hire security staff with production IT, networking, or programming experience so that they can talk on an equal level with IT," he says. "Their different skills may actually help solve problems more quickly for IT, leading to additional trust and shared interest in projects."

network conflict 5
Flickr/ David Mello/REMIXED

Make nice with the biz side

If your security team is tired of butting heads with corporate higher ups, they might want to talk to network staff to learn how to maneuver through the hierarchy to get things done. "Now that security is a board-level issue at companies, security people can also learn lessons from network people about getting along with the business side," says Bomgar's Schorr. "When all businesses were going online, that was pretty revolutionary, and network people had to deal with the business in doing that. Security now needs to learn the language of the business like network people did years ago."

network conflict 6
Flickr/ George Redgrave/REMIXED

Network teams have the data

If you do suffer a security breach, your network teammates should be the first people you turn to for data. "What many security pros may not realize is that network engineers are often collecting—or at least have the systems in place to collect—all of the data traversing the network, down to the individual packets," says Jay Botelho, director of product management at Savvius. "This information is extremely useful to security teams both when analyzing incoming alerts, and when investigating a breach that may not have been picked up because it was reported as a low-severity alert."

"Tools like netflow can keep historical data on traffic entering and exiting the network, including timestamps," adds Radware Security Evangelist Ron Winward. "SNMP graphs are useful for tracking the destination of volumetric attacks inside of a network."

network conflict 7
Flickr/ Pascal/REMIXED

Training, training, training

Your security teams should be trained on relevant networking technology from day one. "As a former network architect, I know what it's like to be told 'make it secure' by a non-network person," says Sean Cordero, senior executive director, Office of the CISO at Optiv Security. "Due to their lack of technical understanding, this person may not realize that the change could be a multi-week or -month effort just to get the appropriate changes, communications, and testing done. Comments like this from underinformed security personnel can be easily interpreted as ignorant or ill-informed, which poisons the well of credibility for the security team."

network conflict 8
Flickr/ OpenGridScheduler/REMIXED

Know your history

One thing to keep in mind is that many of the networks and network tools you're protecting are old and long established. "Many security products that have been deployed over the last 10 years are relatively new, immature products, as compared to the networks that they work alongside," says Brian Molinari, national practice director for infrastructure services at OpenSky. "This means that often, things like management have taken a backseat to getting the product out the door. Security products break. Network gets blamed."

network conflict 9
Flickr/ Tricia/REMIXED

Goals in conflict

It can help just to be mindful of the fact that different internal teams might have different motivations and incentives. "A key flaw that causes so many organizational conflicts is that teams are measured on goals that are seen as orthogonal to each other," says Andrew Storms, vice president of security services for New Context. "Security is focused on reducing risk. Ops wants to ensure stability and uptime. The dev team wants to get code to the customer sooner. Everyone is inherently working at cross purposes, even though ultimately the organization has the same big-picture goal. I've seen this conflict escalate to the point that a department has secured budget for firewalls to block other departments from gaining access." Trying to understand what other groups within your company are being told higher-ups to do can help mitigate conflict.

network conflict 10
Flickr/ Tricia/REMIXED

Getting better all the time

Some of the experts we spoke to believe that things are improving, though. Tom Rowley, a security strategist at Savvius, says that "in my experience there isn’t a lot of tug-of-war between IT and security teams," beyond what you'd expect from "competition trying to get management to support one department or the other."

"The presence of pronounced and threatening common enemies has helped align priorities as all teams now see security as a core priority," said Mike Fey, president and COO of Blue Coat. "And security teams have begun to seek security vendors that understand and meet the rigorous performance requirements that today’s complex networks demand. Most security teams will now not even consider a technology if the network operations team hasn’t signed off; a departure from how things used to work and an obvious sign of growing unity." Here's hoping that unity reigns in your own workplace.