I recently read that the Pentagon is converging its security architecture for thousands of its networks in hopes...
to improve its defensive measures. Can you please explain the benefits of eliminating network security siloes? Is putting so many critical networks (as the Pentagon is doing with all four branches of the military) under one umbrella such a good idea?
Ask the expert
Have a question about network security? Submit it now via email!
Ron Gula, the CEO of Tenable Network Security, has spoken at great length about this situation and I pretty much agree with his take on the matter.
Currently, the Department of Defense employs somewhere in the neighborhood of 15,000 networks, many of which maintain completely different architectures, internal policies and security mechanisms. On one hand, the current setup provides a sort of obfuscation in terms of network mapping conducted by adversaries. But on the other hand, according to Gula, bringing all of these networks under an umbrella with one set of standards would allow for better control and more accurate detection and analysis of intrusions.
But is this a good idea in terms of security?
In short, if you are operating a large enterprise network, I condone the idea of having everybody abide by one standard, within one architecture and using one security strategy. This would allow everyone to be on the same page, so to speak. However, as in everything IT-related, certain circumstances may arise that call for an exception or two to be accommodated. In this case, I would suggest that any all-encompassing standard be implemented in such a way that a certain degree of flexibility is allowed.
For example, a company may open a branch office inside of a high-rise building that it doesn't own. In this case, the branch office may be subject to two sets of security policies -- one from its own company and one from the owner of the IT infrastructure within the rented building. Furthermore, the two sets of policies may contradict each other or at least be vague in certain aspects, at which point the above-mentioned flexibility will play a key role in a successful implementation.
Dig Deeper on Network Intrusion Detection (IDS)
Related Q&A from Brad Casey, Contributor
Can Project Sonar, an Internet-scanning project, benefit enterprise network security? Expert Brad Casey discusses.continue reading
Does your enterprise track eliminated firewall rules? It's one of the change management best practices suggested by expert Brad Casey.continue reading
If Wi-Fi network passwords are accessed off Android mobile devices by third parties, it could mean disaster without the right precautions.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.