There are arguments for a "single pane of glass" to help foster collaboration and cooperation between networking and security project teams. This would mean both teams following the same process and using the same tools to make changes to the network security devices. Would this single pane approach improve enterprise security?
Enterprise policies, standards and procedures exist, so every employee adheres to common corporate policies such as change management, procurement, security, data retention, privacy policies, system configuration standards, acceptable use of corporate resources and system development methodologies. All of these policy documents need to be updated and formally approved on an annual basis and be accessible to all employees.
Without enterprise sponsored and approved mandates, changes to the environment will appear desultory or chaotic, and ultimately there will be overlapping or conflicting activities that could have disastrous results such as not meeting SLA goals, contradicting protection schemes and tools being rendered ineffective. This is where the benefits of a single pane of glass approach to enterprise networking and security projects come into play.
This single pane of glass approach also applies to common tools used to change the IT environment. These tools should be embedded in the change management process and include a common ticketing system for reference. If changes are allowed outside of the commonly accepted process, one change could overlay another. This could potentially lead to unnecessary and regrettable finger-pointing and overall damage the enterprise's ability to service its customers and meet its processing goals. Non-collaborative changes vetted by networking and security project groups could also introduce otherwise preventable vulnerabilities.
That said, monitoring systems do not need to follow the single pane of glass approach and can be unique to each group. For example, SIEM is focused on security monitoring of devices, event anomalies, attack vectors, rule violations and forensic activity. A security operations center (SOC) uses SIEM to track activity driven by an incident response plan. Whereas a network operations center (NOC) uses other tools on the same network and log activity to monitor network traffic, response times, bandwidth and service level agreements.
Some of the benefits of combining networking and security project teams and using a single pane of glass approach include better change management, accountability, and integrity. However, not all tools have enough features to satisfy the needs of the SOC and the NOC. Consequently, there may have to be some redundancies in tools, but processes and methodologies such as change management, release management, and ticketing systems can and should be used by all groups.
Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)
Learn more about the importance of security operations centers in SDN
Find out security operations centers could be the key to the future
Discover the latest advances in SIEM products