Security Operations to be Handled in a Different Way
With the arrival of internet, we started working with security technologies and since that time everything has changed. Cloud adoption is increasing each day, firewall is not the only protection mechanism against threats, each year we meet with new threats and technologies, there are IT service companies managing security products for their customers, there are several compliances to comply with. How about security operations? When we talk about security operations it generally means administration of security devices. Firewalls, proxy, IPS, WAF are some of the devices that is managed by security operation teams. These teams do maintenance activities for these devices, also they need to resolve tickets coming from the ticketing system related with these devices. Security administration was something like that 20 years before except the addition of new devices to the system. Daily routines and effort needed activities must somehow need to be changed. Security administrators need to focus on advance capabilities of the systems they are managing and advance more on their knowledge. To be able to do that they must follow new publications and new technologies, test new technologies in their lab environment. They need to focus on Improving the infrastructure and harden it and also make extensive testing before making any changes to the system. With the daily ongoing operations although it is necessary it is not possible to arrange time for these activities. So, daily routines, operational tasks and all other things that can be automated must be automated. We are not in an era that configuration backups of the devices are managed manually for example. We are using systems that can do it daily for us. Similarly, policy changes are also among the activities that can easily be handled by specialized products. Periodical analysis and hardening activities can also be managed in a way that operation teams not spend time on with the aid of same kind of systems. If an activity that is done manually can easily be written down step by step, then it can be said that it can also be done automatically by the aid of any system, so the approach to this kind of any task must be to automate it. The realm of security operations places a significant burden on IT teams, particularly when it comes to complex tasks like firewall management. In addition to their core responsibilities of maintaining IT infrastructure, IT teams are tasked with configuring, monitoring, and updating firewalls to thwart potential cyber threats. This burden is amplified by the constant evolution of attack techniques and the need for stringent policy enforcement. Manual firewall management consumes valuable time and resources, diverting IT personnel from other critical duties. Furthermore, misconfigurations or delays in updating firewall rules can inadvertently open vulnerabilities in the network. As organizations grow and networks become more intricate, this burden becomes even more challenging to bear. To address this, IT teams are turning to automation and advanced management solutions that not only streamline firewall operations but also free up IT personnel to focus on strategic initiatives and proactively addressing security concerns. Cyber defense or cyber monitoring activities are also security operations that not include administration of security devices, instead including analysis of events generated on the system. These events are managed in tiered levels of experts, however in the first layer it is needed to use orchestration solutions to triage the events going on. It is a triage activity automation, otherwise to be done by people. Security operations in nowadays is composed of administration of many devices. Manual routine activities on these devices need to be automated to make use of qualified employees in an optimum way. In a way that enable them advance more on their security knowledge.
Challenges SMBs face for Effective Policy Management
Small and medium sized companies are the most widespread size of companies in the world. It is estimated that around %99 of businesses are SMB and nearly half of the overall GDP of countries come from SMB business. There are several challenges SMBs are facing during their lifetime, but in this post we will be dealing with firewall policy management challenge they need to face. When it comes to policy management or IT management activity for an SMB business, it is seen that most of these companies outsource this activity to a 3rd party. Hosting, server management, application management, network and security management are the services that is generally outsourced. Therefore, the first challenge for effective policy management comes from IT resource need. For a company to make effective policy management, they need to hire an employee having necessary skills. However, to make an effective use of financial resources they prefer working with MSSP companies that will be doing this activity on their own. This brings us to another challenge of 3rd party service management for firewall and policy management activities. Companies must be able to coordinate and audit outsourced IT services like firewall management since it is related to overall security maturity of the company and also there are several regulations that these companies must comply with. To be able to follow, evaluate or manage the service they are given there are several IT software applications that can be used. One that is related to policy management service is network security policy management applications. Therefore, either the company outsourcing this service or the MSP itself must own this kind of software. Indeed, it makes sense to make a contract having these software applications integrated to their services. In the context of Small and Medium-sized Enterprises (SMEs), managing firewall policies poses unique challenges. Limited resources and expertise often hinder efficient firewall policy management. SMEs may lack dedicated cybersecurity personnel, leading to a struggle in keeping up with the ever-changing threat landscape. Additionally, with lean IT teams, the manual configuration, updating, and monitoring of firewall rules become burdensome tasks, leaving networks vulnerable to misconfigurations and potential breaches. Furthermore, SMEs might have rapid growth or dynamic network environments, making it challenging to maintain an accurate and up-to-date inventory of assets for policy enforcement. In this context, the need for user-friendly, cost-effective, and easily scalable firewall policy management solutions becomes increasingly evident, allowing SMEs to mitigate these challenges and establish a stronger cybersecurity posture. For larger SMB companies the situation differs a bit. For larger businesses, inhouse IT resources are needed since the size of the company bigger or it is a web-based company or there are some regulations that necessitate keeping employees internal. In this case, although the company or IT is big the number of people working in IT may not be so high. There are super admins in this kind of teams managing both servers and applications or network, security, and client applications. To be able to talk about effective policy management there must be an automation in place in this kind of environment. This automation can deal with policy management activity and optimization of the firewalls, so the super admin can deal with just the reports generated by this system, not the whole life cycle of policy management. In summary, SMB businesses are the most widespread companies in the world and effective policy management is a need for them as any other company. NSPM solutions must be in place either in as a service model or inhouse for both policy and change management needs of the company.
Challenges for an Effective Policy Change Management in Large Networks
Making policy management effective is not an easy task for large enterprise environments. There are several reasons for effective policy change management in large multi-vendor networks. The first reason is surely having a multi-vendor environment, the second issue is that the written materials are obsolete or missing. Apart from these the number of policies and firewall devices are too high. In this post we will deep dive on these issues and how to cope with them in detail. Generally, large enterprises especially operating globally have firewall devices belonging to different vendors and at least two or three vendors exist in their networks. The reason behind working with several different vendors may come from regulations, security politics, local needs or abilities and procurement strategies. It is a widespread choice and there may also other reasons however, we will not deal with these. This causes increasing the challenge for policy management. First of all, If you have different firewall vendors in your network you need to train your employees for each of them or need to hire new people to your team. Also, there will be no central management of this equipment. Each vendor has a different central management software. The cost and complexity of central management will increase if you are using central manager software. Finally, standardization may be a problem since different vendors have different capabilities and different approaches, so you may need to define more general use cases or policies that would be applicable for each vendor. To be more specific it is needed to have similar and lower number of vendors for this standardization. As to written materials and guidelines. Large enterprises may have several different documents or guidelines for their networks, servers, applications and databases. However, in most of the cases the written materials are obsolete. They are written when they are first installed or created and afterwards updates are not done for all of the materials. In that case, when a change needed the materials may not be sufficient to use. For example a new application server is to be installed for an already installed server farm. For this server to correctly work the security policies need to be applied. The application team may not open a ticket for the required policies since he or she does not know the necessities and there is no written material. In that case firewall admin will need to find the necessary policies to be applied, but it is not an easy task and requires a lot of effort. There will be similar other cases that will need effort, and this will increase the challenge for effective policy management. Lastly, for large environments the number of policies and devices is generally high. Any new policy to be applied may need to flow over at least two different firewalls. Also, since the number of policies is high examination or analysis of the firewall become more difficult. It may take weeks to analyze the policy tables on firewalls. To sum up, in large enterprises there are several reasons that increase the complexity and challenge for policy change management. It may be a good idea to use an easy to use and stable NSPM solution for an effective policy management in a large multi-vendor network.