I recently read that the Pentagon is converging its security architecture for thousands of its networks in hopes...
to improve its defensive measures. Can you please explain the benefits of eliminating network security siloes? Is putting so many critical networks (as the Pentagon is doing with all four branches of the military) under one umbrella such a good idea?
Ask the expert
Have a question about network security? Submit it now via email!
Ron Gula, the CEO of Tenable Network Security, has spoken at great length about this situation and I pretty much agree with his take on the matter.
Currently, the Department of Defense employs somewhere in the neighborhood of 15,000 networks, many of which maintain completely different architectures, internal policies and security mechanisms. On one hand, the current setup provides a sort of obfuscation in terms of network mapping conducted by adversaries. But on the other hand, according to Gula, bringing all of these networks under an umbrella with one set of standards would allow for better control and more accurate detection and analysis of intrusions.
But is this a good idea in terms of security?
In short, if you are operating a large enterprise network, I condone the idea of having everybody abide by one standard, within one architecture and using one security strategy. This would allow everyone to be on the same page, so to speak. However, as in everything IT-related, certain circumstances may arise that call for an exception or two to be accommodated. In this case, I would suggest that any all-encompassing standard be implemented in such a way that a certain degree of flexibility is allowed.
For example, a company may open a branch office inside of a high-rise building that it doesn't own. In this case, the branch office may be subject to two sets of security policies -- one from its own company and one from the owner of the IT infrastructure within the rented building. Furthermore, the two sets of policies may contradict each other or at least be vague in certain aspects, at which point the above-mentioned flexibility will play a key role in a successful implementation.
Dig Deeper on Network intrusion detection and prevention (IDS-IPS)
Related Q&A from Brad Casey
Allowing users to tunnel through a firewall to access any site creates a security risk. How big of a risk is it? It depends on how much you trust ...continue reading
Our IT organization needs to secure customer names, but also needs to conduct searches on the entire customer database to match and merge records.continue reading
Don't treat physical and virtual machines' security differently. Since VM security issues threaten the whole infrastructure, here's how to stop ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.