Manage Learn to apply best practices and optimize your operations.

The benefits of converged network security architecture

The Department of Defense is using a converged network security architecture to simplify security management. Learn about the security benefits.

I recently read that the Pentagon is converging its security architecture for thousands of its networks in hopes to improve its defensive measures. Can you please explain the benefits of eliminating network security siloes? Is putting so many critical networks (as the Pentagon is doing with all four branches of the military) under one umbrella such a good idea?

Ask the expert

Have a question about network security? Submit it now via email!

Ron Gula, the CEO of Tenable Network Security, has spoken at great length about this situation and I pretty much agree with his take on the matter.

Currently, the Department of Defense employs somewhere in the neighborhood of 15,000 networks, many of which maintain completely different architectures, internal policies and security mechanisms. On one hand, the current setup provides a sort of obfuscation in terms of network mapping conducted by adversaries. But on the other hand, according to Gula, bringing all of these networks under an umbrella with one set of standards would allow for better control and more accurate detection and analysis of intrusions.

But is this a good idea in terms of security?

In short, if you are operating a large enterprise network, I condone the idea of having everybody abide by one standard, within one architecture and using one security strategy. This would allow everyone to be on the same page, so to speak. However, as in everything IT-related, certain circumstances may arise that call for an exception or two to be accommodated. In this case, I would suggest that any all-encompassing standard be implemented in such a way that a certain degree of flexibility is allowed.

For example, a company may open a branch office inside of a high-rise building that it doesn't own. In this case, the branch office may be subject to two sets of security policies -- one from its own company and one from the owner of the IT infrastructure within the rented building. Furthermore, the two sets of policies may contradict each other or at least be vague in certain aspects, at which point the above-mentioned flexibility will play a key role in a successful implementation.

This was last published in April 2014

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.