Do You Really Understand Your Network?

Guest post by Kevin Beaver, founder and principal information security consultant of Principle Logic

Back in the early days of local area networks, I remember how important it was to maintain a network diagram. I believe most people understood the need and certainly relied on such documentation as their networks grew. The funny thing about network diagrams was that hardly anyone – myself included – ever updated the darn things. In retrospect, that probably wasn’t a huge deal. People didn’t talk much about security and compliance as we know it was non-existent. All that really mattered was system availability.

Fast forward 20 years and my how things have changed especially in terms of network complexity. Today, any given enterprise network consists of an enormous collection of firewalls, servers and applications that we wouldn’t have dreamed of being responsible before just a decade ago. Factoring in things such as consumerization and cloud service providers, the complexity of our environments can increase exponentially in a very short period of time and that’s what we’re seeing today. This is to be expected as new technologies emerge and businesses grow. But this complexity is the enemy of security; especially if we don’t know what’s where and how we need to be spending our time.

Our sheer lack of control and visibility over our network environments are two of our greatest threats. We cannot fix – nor secure – what we don’t acknowledge (or choose to ignore). This applies to every facet of IT but is especially important in the area of firewall management given all the variables and how quickly things change. The time’s ripe to get to know our networks at a deeper level so we can make some positive changes and get our arms around things before the complexity grows. This is going to require staying on top of our network documentation, our vulnerabilities and our security controls on a periodic and consistent basis.

It could be argued that networks are becoming simpler given the consolidation and virtualization that’s taking place. Some may also say that outsourcing certain areas of IT and network management to the cloud simplifies things. These improvements can simplify but the way I look at it, we still have the same critical firewalls, servers, applications and devices to manage – we’re just managing them differently today. Plus the pressure to maintain more secure networks that are up 24/7 is stronger than ever.

Make network security a top priority and part of your overall IT goals. From firewall management to asset management, think about your network from the perspective of business risk and integrate this mindset into every decision you make. It’s essential to have long time perspective and see this issue as it is. Keep up with your documentation and controls as if they were any other important business function.If we choose to ignore the complexities we’ll undoubtedly suffer the consequences down the road.

Kevin Beaver, CISSP