Light Dark
November 20, 2017 By Rick M Robinson 2 min read
Network

Network complexity is a fact of life. It may not be a marketing feature of modern networks, but it is inevitable due to the host of features we rely on, from mobile connectivity and virtualization to the cloud and as-a-service offerings. Put simply, all sources of speed and network flexibility add more complexity, and this growth is exponential.

IT managers may be tempted to throw up their hands and give up trying to manage this exploding complexity. But there are ways to control it so that even the most convoluted networks can be made reliable — and secure.

Too Many Moving Parts

As Infosec Island pointed out, “The likely risk of introducing error through manual processes and the resulting consequences of such errors puts your network in a persistent state of jeopardy.” In other words, networks have too many moving parts, and these parts move too fast for manual controls to be either reliable or safe. Errors creep in all too easily during manual updating. Once introduced, they create unknown vulnerabilities that are practically impossible to identify and correct.

Virtualization and the growth of hybrid clouds have long since diminished the role of the physical data center as the firm resting point of the network, which, as Infosec Island noted, makes it more difficult for security professionals to understand the network. Network segmentation can limit the reach of attacks that penetrate one portion of the network, but segmentation itself introduces additional complexity with its hard-to-trace topology of network interactions.

Reducing Network Complexity With Automation and Policy

To bring network complexity under control, we must call upon two tools: automation and policy. Automated network management makes it possible to handle the sheer workload required to manage network complexity. Even more critically, it provides consistency and minimizes the random slips and momentary brain fades that bedevil manual network management.

For network automation to be effective, it must be guided by well-defined policy. Policy gives automated tool sets their guiding instructions, which enables human network managers to define their working views of the network environment.

The interaction of network automation with policy guidance may be described as orchestration. Fortunately for security professionals, there is a growing range of orchestration tools available that allow network managers to define policy and oversee automation without being overwhelmed by complexity.

 |  |  |  |  |  | 
Rick M Robinson

More from Network
August 7, 2023

Databases beware: Abusing Microsoft SQL Server with SQLRecon

20 min read - Over the course of my career, I’ve had the privileged opportunity to peek behind the veil of some of the largest organizations in the world. In my experience, most industry verticals rely on enterprise Windows networks. In fact, I can count on one hand the number of times I have seen a decentralized zero-trust network, enterprise Linux, macOS network, or Active Directory alternative (FreeIPA). As I navigate my way through these large and often complex enterprise networks, it is common…

June 23, 2023

Easy configuration fixes can protect your server from attack

4 min read - In March 2023, data on more than 56,000 people — including Social Security numbers and other personal information — was stolen in the D.C. Health Benefit Exchange Authority breach. The online health insurance marketplace hack exposed the personal details of Congress members, their families, staff and tens of thousands of other Washington-area residents. It appears the D.C. breach was due to “human error”, according to a recent report. Apparently, a computer server was misconfigured to allow access to data without proper…

April 5, 2023

X-Force identifies vulnerability in IoT platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature