Can encouraging ‘teamwork’ within your security infrastructure ever be that easy?  With the correctly automated approach, it can be. Certainly, this should include a licensing model that doesn’t unduly complicate or hinder the evolution of your network, as well as a technology set that brings best-of-breed security capabilities but without the attendant truckload of hardware, and continuing frustrations over network latency.

AUTOMATED IT RATING: 4.6

PDF version available

This advisory describes the process and impact of automating security consolidation to achieve optimum benefits to your security infrastructure and to your business as a whole.

• Situation Analysis
  • - Before Automation
  • - After Automation
• The Business Criticality of Automating Security Consolidation
• Automation Impacts
  • - Running Costs
  • - Time/Labour
  • - Space & Power
  • - Decision Making
  • - Uptime
• Implementing Automation
• Fortinet Solutions

Situation Analysis

Before Automation

• - Datacentres are overcrowded with multiple security appliances from multiple vendors all taking up valuable space and energy. As well as eating up significant budget, this can be especially detrimental to IT departments meeting CRC (Carbon Reduction Commitments) targets on behalf of the organisation as a whole.
• - Despite investing heavily in specialised, high-specification standalone security solutions, organisations are vulnerable to sophisticated, blended threats (such as those derived from Web 2.0 applications) which exploit the gaps in the armoury.
• - Multi-vendor infrastructures escalate management overhead by consuming time, distracting IT staff and duplicating efforts on supplier relations.
• - Licensing costs are high with per-user licensing models that spring from single vendor point solutions, and the process of ensuring the appropriate level of licensing coverage is an administrative burden.
• - Network latency and delays in application response times are the direct results of deploying a large array of layered security systems, creating bottlenecks that provoke expensive investments in higher capacity network infrastructure and connectivity made in an attempt to over-compensate.
• - Business scalability is constrained by the complexity of the silo’d security infrastructure and ongoing management/reporting can only be achieved by duplicating these processes.

After Automation

• - The datacentre becomes more space and power efficient with elimination of unnecessary appliances, saving costs and increasing the organisation’s ability to improve carbon efficiency.
• - Vulnerability to new blended threats is decreased, through a tightly integrated and efficient security solution.
• - Reducing the number of security vendors means that supplier management is simplified, and more time is freed up to concentrate on innovative projects, whilst any technical issues are identified and dealt with more quickly.
• - Replacement of per-user licensing models with a ‘per-box’ licensing approach results in significant savings for the IT department, as well as reduced administrative burdens.
• - Integration of multiple security functions means that performance is optimised, and with each element working in sync with one another, latency is reduced.
• - Flexibility offered by consolidated, integrated security means that IT departments gain the ability to scale security infrastructure with the needs of the business.

The Business Criticality of Security Consolidation

With Web 2.0 applications and social media becoming increasingly integral to business communications, the likelihood of businesses falling victim to new sophisticated, blended threats through these new avenues of attack has increased. Adopting a consolidated security solution composing essential security functions that are all tightly integrated, is vital to maintaining ongoing resilience to counter the evolving threatscape.

A security solution that is intelligent, fast and responsive is an essential element needed to maintain business continuity. By consolidating security solutions, organisations can achieve cost effectiveness without impinging on business performance. Consolidation of security solutions means optimum security is achieved as well as carbon efficiency, reflecting cost savings across the board.

Automation Impacts

Running Costs

HIGH

By following a ‘per user’ licensing approach to security requirements, costs are unnecessarily high.  The impact on both budget and time is an expense that can be dramatically reduced by implementing a cost effective per-box licensing model. In addition, with the capability to turn single functions on and off at your convenience and according to business needs, more flexibility is at your disposal.

Introduction of a multifunctional security appliance/s to automate your security needs will in turn reduce the total cost of ownership. By cutting down on number of physical appliances in use, IT departments can reduce costs involved in the running and upkeep of security.

Latency problems can occur when multi-vendor solutions work in silos and out of sync, making vital data slow and inefficient.  With a consolidated, well integrated solution this can be substantially minimised. Budgets no longer need to be wasted on attempts to over-engineer faster throughput; IT departments can achieve optimum security speed from the get go.

Time/Labour

HIGH

Individual vendor contracts can mean countless hours spent on managing suppliers. By reducing the number of vendors, management is simplified significantly; one contract, one bill and one training regime, in turn this saves the IT department endless amounts of time to be put to better use.

The process of maintaining multiple systems is time-consuming and complex, requiring a high threshold of skills spread thinly across the IT department. With a consolidated security solution, the skills barrier is lowered, allowing skills to be distributed widely.

It can be hard enough to maintain upkeep of individual security functions as it is, but when they are all in different places, and with each appliance built from entirely different proprietary codes, management becomes extremely complex. With each function communicating with one another, implementation is fast and effective and time that would have been wasted on the upgrading process and other essential maintenance tasks is ceased.

Space/Power

HIGH

Consolidation of point products into multifunctional appliances is an opportunity for security to occupy far less space in the datacentre. If IT departments are using a hosted infrastructure there will be a reduced strain on available space and there may be no need to pay the overheads involved with third party suppliers.

Those that have embraced server virtualisation (studies show 90% of UK organisations are looking to in the next 12 months) need to do the same with their security. The 10% that are left behind may find themselves faced with unnecessary expense that could have been avoided. For example; with CRC coming into play, financial penalties for using up too much space and power and not meeting targets will be high.

Decision Making

MED

Adapting to a consolidated security strategy means that scalability is optimised and IT decision making becomes a lot easier and more flexible.

If you can’t measure it, you can’t manage it. Consolidation of security solutions gives greater visibility and the ability to monitor and analyse performance as well as potential vulnerabilities. The advantage of management tools that provide a clear view of the goings-on of the entire network is paramount for efficient and effective IT decision making. Having automated clarity and control of multiple functions will itself prove to be a key decision making tool.

Uptime

MED

Improved security means improved uptime. The benefits of having each individual security element working together at optimum speed, means even less chance of any downtime occuring.

With new and sophisticated blended threats emerging fast, coming from all angles to all networks, IT departments are in need of sophisticated wire speed security solutions to tackle them. Point solutions can often struggle when one fails to keep up with the next. Blended threats require a blended response.

Implementing Automation

Consolidation of tightly integrated security solutions can be established with comparative ease. The ability to try and test each aspect with a few keystrokes means that single elements of the solution can slowly integrate with your existing security infrastructure until your existing licences expire, without impinging on performance. This type of implementation process is almost impossible with any other kind of approach.

Fortinet Solutions

This advisory has been produced with support from Fortinet, a worldwide provider of enterprise network security appliances and the market leader in unified threat management (UTM). The FortiGate product range delivers ASIC-accelerated performance and integrates multiple layers of security designed to provide high-performance protection against dynamic application and network threats, whilst simplifying the IT security infrastructure.  For more information, visit www.fortinet.com

Click here to download the FortiGate-620-B demo

Click here to download the Beyond UTM - The Value of a Purpose-Built Network Security Platform white paper

Click on the links to download information on the following Fortinet consolidated security solutions:

FortiGate-110C

FortiGate-310B

FortiGate-620B

FortiGate-3810A

SLASH COSTS - Avoid unnecessary costs sprouting from per-user licensing models - Reduce total cost of ownership by cutting down on appliances - Significantly cut wasted budget costs on upgrading     SAVE MAN-HOURS - Reduce time spent on managing various suppliers - Lower skills barrier and time spent on training individuals     CUT SPACE/POWER - Cutting down on volume of appliances reduces space and power consumption in the datacentre - Reduce power usage that will significantly aid in meeting climate targets     BETTER DECISION-MAKING - Flexibility and versatility allows IT department ability to scale with the business - Acquire visibility of incoming threats with advantage of flexible management tools     BOOST UPTIME - Decrease chances of systems failure with tight-knit, intelligent security - Eliminate impact on network performance with wire speed technology

As well as being highly disruptive, compliance mandates, and the compliance auditors who scrutinise organisations against them, place extraordinary demands upon logging, reporting and auditing processes.  Frustratingly, these will be different for every compliance requirement and, because there are few hard-and-fast guidelines about what really constitutes compliance, they will emerge in unique response to an organisation’s business apparatus.

The resulting mish-mash of compliance management systems, controls and templates can take an age to construct, cost a huge budget to maintain, and consume significant resources to develop and improve.  To alleviate these problems, and improve the ongoing compliance status of your organisation, automation of these processes is essential.

AUTOMATED IT RATING: 4.4

PDF version available

This advisory describes the process and impact of automating audit, log and report management to meet compliance.

• Situation Analysis (Before & After Automation)
• The Business Criticality of Automating Compliance Monitoring and Reporting
• Automation Impacts
• - Running Costs
• - Time/Labour
• - Space & Power
• - Decision Making
• - Uptime
• Implementing Automation
• Q1 Labs Solutions

Situation Analysis

Before Automation

• - Compliance can be seen as a burden with a tight deadline and therefore meeting the standard is viewed as the only end-game. This is to the detriment of security objectives, as the IT department is in danger of considering ‘being compliant’ the same thing as ‘being secure’.
• - IT professionals are negative and fearful about the compliance process, leading to team morale problems.
• - Individuals are forced to abandon other projects at short notice in order to rapidly respond to an urgent, poorly planned compliance validation request.
• - Each requirement of the compliance mandate is painstakingly interpreted and implemented using a manual process.
• - Where there are multiple compliance mandates, the organisation unwittingly duplicates processes in the haste of making certain they are covered all ends up. Any new compliance requirements must be learned and implemented from scratch, often by separate groups in a company, blind to the efforts of their peers.

After Automation

• - Meeting compliance is viewed as a positive process, and the organisation is empowered to proactively identify and attain compliance and quality-standards based certifications. Because compliance validation can be achieved on the road to better security there is no complacency about meeting compliance requirements equating directly to ‘being secure’.
• - The prospect of urgent and disruptive compliance-related impacts on the IT department is removed, and activity planning can remain focussed upon strategically valuable projects.
• - The process of mining, interrogating and presenting specific audit/log/report information is straightforward and intuitive, and based upon accepted control frameworks and templates. Manual intervention is eliminated.
• - Intelligence for compliance management is centralised, which promotes the most efficient use of data. This eradicates unnecessary duplication of effort, and enables the organisation to meet future compliance goals more easily based upon what it has learnt to date.

The Business Criticality of Compliance Monitoring and Reporting

All compliance mandates are underpinned by a monitoring requirement to prove and record individual activities through acutely specified and granular logging, auditing and reporting.  Without these audit safeguards, no regulatory standard would ever been signed off by a QSA (Qualified Security Assessor) or auditor.

However, these aspects of compliance are often the most resource-intensive to establish and the most prone to failure.  Collecting and then making sense of, millions of pieces of data (and under threat of such damaging penalties) is a significant challenge.  The only course is to implement a system to automate and manage these processes, ensuring budgets and resources are used efficiently, and that the goals of compliance and better security are met rapidly and effectively.

Automation Impacts

Running Costs

HIGH

The biggest cost saving that can be achieved through automation relates to the amount of time freed up by stripping away unnecessary manual processes and duplications.

In addition, some solutions can provide additional benefits by way of their embedded compliance intelligence.  For example, a comprehensive tool-set of rules and thousands of proven report templates which are known to satisfy compliance auditors with specific regard to individual regulatory standards.

Moreover, some solutions are converged with other related capabilities that, when deployed, do the job of four ‘point product’ solutions, for around the same cost as one.  This illustrates the importance of developing compliance reporting strategy alongside other IT management must-dos such as log management, network behaviour analysis, and security event and information management (SIEM).

Time/Labour

HIGH

Automation of compliance monitoring and reporting means dramatically less fire-fighting, especially at short notice.  This enables significant reallocations of planned and unplanned resources.  It also positively impacts the morale of IT professionals within the team who no longer dread the processes involved in attaining compliance, and who have more of their time available to pursue strategically valuable initiatives, like better security.

Automation also lowers skills barriers, meaning it can be carried out by a number of people without the expertise needed to do it manually.

The best automated systems come pre-loaded with easy to follow configuration wizards, minimising time and expertise required to implement and fine-tune.

Space/Power

MEDIUM

While its overall potential efficiencies are outstanding, this automation strategy has a limited overall impact on space and power in the datacentre.  However, in the event that the automation occurs as part of a consolidation strategy that combines SIEM with log management, network behavioural analysis and compliance management, the space and power savings of rationalising four separate systems into one will create a beneficial space/power impact.  Moreover, whatever is done in the physical datacentre can also apply to the ‘virtual’ datacentre without the requirement for additional product silos.

Decision Making

MEDIUM

Compliance is a critical driver for business; the requirements it places upon organisations are very real and IT departments must respond as a result.  Ultimately compliance mandates attempt to drive a more efficient security operation in many areas particularly incident response.

Automation gives certainty to the decision-making process, enabling organisations to provide auditors and assessors with exactly the validation they require, presented in the format they need.

Uptime

MEDIUM

When regulatory bodies demand you to achieve a certain level of compliance, what they are really demanding is that for you to achieve a certain, validated level of security.

Any measure than seeks to do a better job of meeting compliance requirements, particularly if this gives rise to a more progressive and positive view of the compliance process, must be supporting that organisation to achieve an improved security posture.

Implementing Automation

Implementation of tools to automate compliance monitoring and reporting can be accomplished almost immediately.  Users find the process of fine-tuning their systems to their specific requirements easy and intuitive.  Value can be derived from the first day of install.

Increasingly, smaller organisations are required to meet stringent and exhaustive compliance requirements, for example small UK councils endeavouring to attain GSX CoCo compliance.  Automating technology is available which scales from this level of requirement right up to the huge multi-standard demands of the very largest organisations.

Q1 Labs Solutions

This advisory has been produced with support from Q1 Labs, a global provider of high-value, cost-effective security management and compliance solutions.  The QRadar family provides key technology underpinnings for a company’s efforts to deliver security best practices as required by specific industry regulations.  For more information, visit www.q1labs.com

Click here to download the case study on Gordon Food Service

Click here to download the Meeting and Exceeding GSI/GCSx Compliance white paper

Cilck here to download the Business Case for PCI-Compliant Security Management solution note

SLASH COSTS - Cut management costs caused by unnecessary manual processes - Create savings through freed up time - One system performing the roles of four point products SAVE MAN-HOURS - Eliminate significant reallocations of planned and unplanned resources - Lower skills barriers allowing more people to possess expertise CUT SPACE/POWER - Achieve power savings through rationalising systems - Transfer benefits in physical datacentre into virtual datacentre BETTER DECISION-MAKING - Achieve certainty to decision making process - Ability to provide auditors with validation they require BOOST UPTIME - Achieve validated level of security - Gain a more progressive and positive view of the compliance process

Many such controls are manual, making them very expensive and time-consuming to manage, and have difficulty keeping pace as application versions, staff members and threats constantly evolve.

Automation of database security controls, meanwhile, can dramatically increase the efficiency of security enforcement, assure compliance to mandates such as PCI & SOX, and improve working practices.  Without it, organisations struggle to maintain intelligence around what databases exist, how they are patched, who has access to them, and what individual access policies allow.  The problem is compounded within multi-vendor database environments.

Being able to accelerate security and compliance enables organisations to drive down costs but also decrease the risks inherent with managing databases. Organisations seeking to protect themselves from attack by the implementation of controls can minimise risk and effectively secure their database assets through automation.

AUTOMATED IT RATING: 4.7

PDF version available

This advisory describes the process and impact of automating database security controls.

• Situation Analysis (Before & After Automation)
• The Business Criticality of Automating Database Security Controls
• Automation Impacts
• - Running Costs
• - Time/Labour
• - Space & Power
• - Decision Making
• - Uptime
• Implementing Automation
• Fortinet Solutions

Situation Analysis

Before Automation

• - The organisation invests massively in time-consuming and inefficient processes and specialist skills in order to manually enforce its database controls.
• - The developing and constant tuning of a comprehensive control model for database security/access may also be inconsistent and inefficient.
• - The number of databases in deployment, the users privileged to access them, and the extent to which that access is managed are not fully understood by the organisation. IT professionals are likely to be unaware that this is in fact the case.
• - Security patching for databases may not be up to date, and the organisation struggles to understand the extent of this problem.
• - Compliance mandates governing database security are a significant distraction to the IT department, diverting strategic and tactical resources away from services development and delivery elsewhere within the organisation.
• - Even with a robust control model in place, and efficient processes for enforcement, the organisation struggles to respond to the dynamic nature of the database environment (e.g. changing roles of individual users, new technology versions, evolving compliance standards, extent/posture of new threat and vulnerability profiles). As such, the organisation’s best-laid plans rapidly unravel over time into an unworkable and potentially insecure status.

After Automation

• - The organisation maintains an accurate picture of its database estate via an intelligent and automated process, and is able to address internal/external auditors with an authoritative perspective on database vulnerability posture at any given time.
• - Despite constant change to the database environment, its users and its prevalent threats, the database control model continues to be enforced without the need for prolonged or time-consuming manual intervention.
• - The organisation is significantly more confident of the security of its databases, and of having its automated multi-vendor patching cycles completely up-to-date at all times.
• - The IT team is less distracted by compliance anxieties and the constant need for intervention in database control and enforcement. This directly benefits the organisation’s other more progressive IT-driven business goals.

The Business Criticality of Database Security Controls

All organisations use databases, relying and trading upon the value of the data they hold.  Controlling access, alerting leaks and breaches and adapting to rapidly changing technological demands are therefore of vital business importance.  In highly regulated industry sectors such as financial services, the business criticality of database security controls is almost unparalleled.

Establishing a control framework is the first part of the challenge and one that consumes significant resources and expertise.  The second and concluding part of the challenge is enforcing those controls; arguably the larger and more critical undertaking.  Here, multi-disciplinary teams spend enormous amounts of time grappling with the most dynamic of technology environments; environments that they typically have only cloudy visibility into.

The answer is to implement a system to automate and manage these processes, ensuring budgets and resources are used efficiently, and that the ultimate goal of optimum security is met continually.

Automation Impacts

Running Costs

HIGH

An automated database security control solution dramatically undercuts the running costs of the manually-driven equivalent, while enabling a series of new and valuable capabilities.   The biggest cost saving that can be achieved through automation relates to the amount of time freed up by stripping away unnecessary manual processes.

In addition, some solutions are converged with other related capabilities such as improved logging and event management.  Deploying a logical suite of automated processes, available in a single form-factor, can reduce or eliminate the need to purchase or maintain separate solutions.

Time/Labour

HIGH

Automation of database security controls removes the labour burden of multiple time-consuming processes.

One example is the auto-discovery of every database on the network, regardless of subnet boundaries, and the automated determination of user privileges, user behaviour profiles, database version updates, and patching status.  A manual process capable of achieving the same level of accuracy would consume a huge amount of skilled resources; indeed, such a large amount that many organisations may decide against it.

The other main group of processes relates to enforcement of the database controls model.  Rather than task database analysts to write new scripts in response to perceived vulnerabilities, this process can be fully automated, freeing up time for other more strategically valuable tasks, and improving accuracy and prioritisation.  Database analysts typically focus their skills within a limited number of operating systems and applications, necessitating the duplication of script-writing tasks within a multi-disciplinary (often multi-departmental) team.  Automation enables those specialised skills to be used more progressively.

Space/Power

MED  

The overall potential efficiencies of this approach are outstanding; however there is a limited impact on space and power in the datacentre.

A good automated database security control solution should be able to support databases within a virtualised environment, safeguarding the space/power saving virtualisation/consolidation strategy being pursued.  Moreover, an agentless operation option can further reduce the load on database operation.

Decision Making

MED

This automation approach provides a crystal-clear visibility of the database environment that many organisations will never have encountered before.  This will enable similarly precise decision making practices, particularly concerning the development and enhancement of database functionality, scale and user control.

Real-time enforcement, reporting and alerting against whatever comprehensive database control model is applied, will also inform the compliance process; enabling organisations to provide auditors and assessors with exactly the validation they require, presented in the format they need.

Uptime

HIGH

This approach fundamentally enhances the security posture of an organisation, safeguarding compliance to critical regulations and promoting its integrity and public commitment to data protection.

This approach will rarely ‘displace’ existing solutions of a similar ilk, but instead adds robust layers of added security control to an organisation’s most critical assets.

Implementing Automation

Implementation of tools to automate database security controls can be accomplished almost immediately, particularly in terms of initial vulnerability assessment.  Following simple installation, the ongoing management of such a system is extremely straightforward; supported by a centralised, web-based management application.

Unlike equivalent manual processes which struggle to keep pace with the dynamic database environment, the beauty of an automated approach is its capacity to tirelessly meet those challenges.

The vendor-independent flexibility of such a solution is extremely important, as is the flexibility to either facilitate the development a new control model, or to enforce an imported set of control criteria.

Fortinet Solutions

Fortinet is a leading provider of network security appliances and the leader of the unified threat management (UTM) market worldwide. Fortinet’s award-winning portfolio of security gateways, subscription services, and complementary products delivers the highest level of network, content, and application security for enterprises of all sizes, managed service providers, and telecommunications carriers, while reducing total cost of ownership and providing a flexible, scalable path for expansion. For more information, visit www.fortinet.com

Click here to download a free trial of FortiDB software version for automated database security controls.

Click here to download the FAQ guide on FortiDB.

Click here to download the FortiDB datasheet.

SLASH COSTS - Cut management costs associated with database security enforcement - Further reduce opex spent on developing control models     SAVE MAN-HOURS - Free up skills for innovation - Eliminate time consuming practices - Eliminate duplication of activity     CUT SPACE/POWER - Supports virtualised environments - Agentless option reduces database load     BETTER DECISION-MAKING - Gain and maintain an accurate picture of database estate - Enforce controls and react to alarms in real-time - Become less distracted by compliance anxieties     BOOST UPTIME - Achieve optimum database security - Add layers of security controls to your most critical data assets

Instead, when called upon to isolate security breaches, investigate outages or to scope the network prior to expansions and upgrades, organisations have the opportunity to automate port intelligence.  This makes tasks far more cost-efficient, streamlined, responsive and less time consuming.

AUTOMATED IT RATING: 4.7

PDF version available

This advisory describes the process and impact of automating port intelligence.

• Situation Analysis (Before & After Automation)
• The Business Criticality of Automating Port Intelligence
• Automation Impacts
• - Running Costs
• - Time/Labour
• - Space & Power
• - Decision Making
• - Uptime
• Implementing Automation
• Infoblox Solutions

Situation Analysis

Before Automation

• - IT professionals are unaware of the amount of available ports on the network, or their status/speed etc., so mistakenly purchase new switching equipment when extra capacity is not in fact required.
• - Without visibility of ports and their status, opportunities are routinely missed to determine the performance of the network as a whole. Moreover, the potential impact of planned switch maintenance/upgrade is unknown. This makes measuring the success of such processes difficult, leading to inaccurate analysis that impacts on future spending decisions.
• - Troubleshooting outages and other failures is ineffective and inefficient. The process of identifying the port in question likely involves manually researching logs that enable the conversion of IP address into MAC address, then into switch location, and finally switch port number. In many cases it will involve physically visiting the switch in question and sifting through cabling infrastructure.
• - Shutting down urgent security issues takes too long, is time and labour intensive, and can provoke counterproductive errors. Attacks exploiting a specific port cannot be acted upon quickly enough, and occasionally the need to ‘pull the plug’ on a suspected port is done hastily and incorrectly.
• - As the manual port intelligence processes in place are ‘learned’, only the most skilled and experienced IT professionals within the team are capable of supporting them.

After Automation

• - Port wastage is eliminated, and the IT team is fully aware of how many ports are available, how many are in use, and what their individual status is. It is far easier to make informed capacity planning choices, reduce common configuration errors and predict the impact of IT infrastructure expansion and maintenance.
• - With new ports costing between £100-300 each, the organisation is saving significant amounts of CAPEX and space/power by no longer procuring infrastructure it does not require, and instead making more efficient use of installed assets.
• - The IT team can rapidly identify which ports need to be shut down in the event of a brute force attack, virus, security breach or DoS attacks, and take action with a simple keystroke.
• - The organisation can seamlessly integrate its IP address management (IPAM) process with port intelligence to make overall network management as efficient as possible.

The Business Criticality of Port Intelligence

Access to real-time, granular information about the most fundamental elements of your network infrastructure means strategic and tactical decision making can be undertaken accurately and with confidence.  Without automation, organisations run the risk of prolonged security attacks, serious configuration/connection errors and immense wastage of time, money, space and power.

Automation Impacts

Running Costs

HIGH

According to Gartner, 30% of ports in a typical network are unused at any given time.  When it comes to extending the size of the network, IT decision makers, unaware of the unused capacity, buy unnecessary new switches.  Through automating port intelligence, the cost of operating the core network can be reduced by being able to correctly identify unused capacity, informing investment decisions accordingly.

Automation also lowers OPEX as well as CAPEX, by reducing the time and associated expense of maintaining inefficient manual processes for intelligence gathering and execution.  Look out for tools which are vendor agnostic, enabling management of all network ports in a multi-vendor environment.

Time/Labour

HIGH

The process of managing ports and securing them effectively is very time consuming if done manually.  Consider the workload of an IT Manager having to go through this process, which will be not only multifaceted, but multi-platform and multi-departmental.  Tasks are often fragmented and need information extrapolated from a number of different sources.  In a network environment of potentially thousands of ports, it can often take days or weeks to carry out a simple assessment, yet with automation in place it takes just a fraction of that time.

Added to this, automated port intelligence reduces the frequency of helpdesk enquiries, with each enquiry also being solved more quickly and underlying issues identified more swiftly. Prior to automation, issues would have involved a cross department response.  Indeed, many organisations will either lack the in-house skills to carry this out, or will have to second a highly skilled member of the team to manually carry out these processes.  Port intelligence automation lowers skills barriers, meaning it can be carried out by a number of people without the expertise needed to do it manually.

Space/Power

HIGH

By more efficient utilisation of available ports, organisations only need invest in new switches they actually require.  This avoids significant wastage of space and power on superfluous equipment.  Moreover, by leveraging hitherto unused port capacity on existing switch infrastructure, the organisation can achieve a better utilisation per user/device/application while maintain the same density footprint.

Decision Making

MED  

Automated port intelligence provides IT decision makers with a platform for better visibility and faster troubleshooting. Automated port intelligence is a highly constructive ‘housekeeping’ initiative that supports system performance, enables more strategic decision making (particularly with regard to capital investments and switch upgrade/maintenance projects) and reduces the disruption and distraction of valuable IT personnel.

Port intelligence tools with ‘historic’ tracking and analysis capability can even track the connection activity of specific users, and determine the ‘net usage’ of specific ports over time rather than simply reporting a current snapshot.

Uptime

MED  

Automated port intelligence really comes into its own in a crisis; a faster and more granular security response will deliver better uptime.  Added to this, threats are less likely to spread and inaccurate responses - such as pulling out the wrong port - are minimised.

An example of this is when a firewall sends an alert that the device at a given IP address is sending worm packets.  Prior to automation, an IT manager would have to consult a myriad of manually stored logs, or else go and query all of the switches and routers in the network to find where the device is attached.  With 3-6 commands per switch, this can take hours before an informed decision can even be taken.  With automation in place IT Managers can immediately see the port that the device is on and take action.  Added to this, an automated audit history can help identify the “mobile” offender.  Note however, that only some automated solutions carry this ‘historic port intelligence’ capability.

Implementing Automation

Embracing automated port intelligence involves a rapid and pain-free implementation process, whereby the deployed system auto-discovers all the ports on the network and builds an immediate picture of the switch estate.

To maximise the investment in an automated port intelligence solution, it is advisable to invest some time determining which auditing and alerting commands are to be utilised and in a configuration that suits the IT team.  In addition, organisations can further maximise the benefits of automated port intelligence by integrating this with an automated IP address management (IPAM) solution.

Infoblox Solutions

This advisory has been produced with support from Infoblox, pioneers of an appliance-based approach that controls and automates the core services that drive all networks and applications.  For more information on how Infoblox successfully automates port intelligence for businesses of all sizes, visit www.infoblox.com.

Click here to read the Infoblox PortIQ solution note

Click here to watch the Infoblox PortIQ demo

SLASH COSTS - Lower hardware TCO - Better use of existing hardware - Slash opex by over 50% - Less hardware needed     SAVE MAN-HOURS - Free up skills for innovation - Typical 1,000 user organization can save 40 man-days per month     CUT SPACE/POWER - Maximise virtualisation opportunities - Use less infrastructure to manage network infrastructure     BETTER DECISION-MAKING - Dramatically increase efficiency of IP address management - Dedicate less resources to fire-fighting - Platform for better business decision making     BOOST UPTIME - Underwrite critical network services - Mitigate unnecessary human error/intervention - Improve security

AUTOMATED IT RATING: 4.5

PDF version available

This advisory describes the process and impact of automating the security intelligence of your network.

• Situation Analysis (Before & After Automation)
• The Business Criticality of Security Intelligence
• Automation Impacts
• - Running Costs
• - Time/Labour
• - Space & Power
• - Decision Making
• - Uptime
• Implementing Automation
• Q1 Labs Solutions

Situation Analysis

Before Automation

• - External attacks and fraudulent activity by insiders are missed
• - It consumes large amounts of time and focus to manage the sheer weight of new security event data spewing out of your network’s thousands of devices
• - Network and security operations teams are silo’d from each other, cannot leverage key data of interest to both teams, and are slowed in response to network threats
• - Each device or device-set has its own attendant proprietary logging system/protocol, which consumes additional resources including space and power. Stranded investments may also have already been made in log management products, network visibility products and obsolete security event management systems.
• - The ‘skill’ of understanding how to collect and interrogate event data from disparate networked sources is difficult to transfer and is often exclusively silo’d among the team.
• - On the surface, each piece of event data is conceivably of ‘equal merit’ in terms of its value to decision-making at least until it can be combined with context from other data sources. A tremendous amount of time is wasted in prioritising responses into a manageable range of tasks
• - There is real concern that the present ‘best effort’ security intelligence system (should one even exist in whole or part) is not only inefficient, but also endangers the ongoing security and compliance status of the business. It is unlikely to offer any value in the event of a sustained attack, or an urgent audit.

After Automation

• - Total security intelligence enables the detection of cross-enterprise threats that were previously being missed
• - Time is no longer spent interrogating multiple sources for event data; instead all the information is collated into a single point and converted into security intelligence.
• - Space/power and other resources are also conserved by a minimal hardware footprint for interpreting security intelligence.
• - Out-of-the-box security value with easy to understand rules, results and reports, so any authorised member of the IT team can ‘pick-up’ security intelligence duties and search, analyse and respond to security log information.
• - The IT team works from 10 or so prioritised tasks generated by the event log information, rather than randomly responding to issues of perceived importance that have been spotted ‘out-of-context’.
• - Compliance and security responsiveness is far more assured, even with respect to zero-day attacks and sudden audit impositions.

The Business Criticality of Security Intelligence

Networked infrastructure elements are good at collecting evidence, and lots of it. Yet it is the process of managing all of this data and converting it into intelligence about your threat/fraud detection ‘must-dos’, network/security operations needs and compliance outputs which is absolutely essential.

Automation Impacts

Running Costs

HIGH

The bottom line impact of automating security intelligence is the radical reduction in operating costs, both in terms of skills employed and the consolidation of countless devices (log management products, network visibility engines, behavior analytics, proprietary logging appliances etc.) into a single interface stream/single product to configure, learn and maintain.

Time/Labour

HIGH

The ability to locate and analyse information quickly – almost instantaneously – saves incredible amounts of time. For example, should a serious security incident be suspected, organisations may need to shut-down devices for several hours at a time and divert precious resources simply to find the location of a threat. A typical 500-user organisation will save between three and five man-days per month by automating security intelligence.

With a fully automated solution in place, IT departments can quickly – in a matter of minutes – locate the individual issue and shut down the activity before any damage can be wrought. Total security intelligence solutions can deliver significant data reduction capability for prioritised incident response to the order of 500,000:1 (accurately prioritising the one important incident out of 500,000 other pieces of security event information).

Automating security intelligence will also support the ongoing convergence and consolidation of network teams and security teams within your organisation. Even if your organisation is maintaining those teams as separate entities, automating security intelligence promotes the efficient sharing of critical data and avoids the possibility of anything important ‘falling through the gaps’.

Space/Power

MED  

Automating security intelligence reduces the impact on space and power resources. For example, a large organisation generating 5,000 security events per second can run all of their security intelligence requirements out of a single 2U appliance. Using a virtualised form-factor, this impact can be reduced further still.

Beware of what analysts describe as ‘first generation SIEM systems’, which are essentially large ‘ERP-like’ software deployments with associated RDBMs costs. The next generation of SIEM uses far more efficient and performance-orientated database as well as an easy to deploy and maintain appliance form-factor.

Decision Making

MED  

Security information and log event data is critical to the decision making process, though its success rests upon deploying a system capable of converting that into reliable, rapidly accessible and priority-led intelligence. An automated approach achieves just that. In addition, it provides all the intelligence an auditor needs to undertake a compliance inspection, or for senior managers to interrogate any aspect of network history.

The heterogeneous nature to true automated approach to security intelligence also supports transparency and flexibility in the procurement process. Knowing how painful and time-consuming it can be (in terms of making provisions for security event data etc.) to introduce a new vendor technology into any existing infrastructure can cloud and constrain capital investment judgements. Now you can deploy what you want without concern for additional security intelligence overheads.

Uptime

HIGH

An efficient, rapid and comprehensive security intelligence system will clearly mitigate the risks to your organisation. Specifically, it will lead to a reduction in human error in terms of preventing individuals from:

• - jumping to the wrong conclusions and wasting valuable resources on wild goose chases because of a failure of analysis
• - having to cover for absent team members who own device/technology specific event data skills
• - forgetting or overlooking arcane processes which follow no policy or process other than those developed by habit, distant memory or scraps of paper.

Implementing Automation

Automating security intelligence can be accomplished within minutes, particularly if solutions with ‘data discovery’ and auto-configuration capabilities are employed. Even with tweaking and user training, the entire process can be accomplished within a few days. Additionally, it may even be the case that the act of implementing a solution to automate security intelligence uncovers areas of historic processes which failed to account for individual devices and systems on the network.

Available technology should be flexible to all deployment scenarios, including among comparatively small/mid-sized businesses who may not have considered security intelligence solutions previously. Only very large organisations generating over 500 million security events per day would conceivably require an architecture where more than a single SIEM unit would need to be run in alignment.

Q1 Labs Solutions

This advisory has been produced with support from Q1 Labs, a global provider of high-value, cost-effective network security management products. For more information on how Q1 Labs successfully integrates previously disparate functions such as log management, network behavior analytics and security event management into a total security intelligence solution for businesses of all sizes, visit www.q1labs.com

Click here to view a case study on UDR

Click here to download the Q1 Labs ‘Business Case for a Next Generation SIEM’ white paper

SLASH COSTS - Lower hardware TCO - Better use of existing hardware - Slash opex for incident response by over 75% - Less hardware needed - Less than 12 month return on investment SAVE MAN-HOURS - Free up skills for innovation - Support security/network team convergence - Typical 500 user organisation can save 3-5 man-days per month CUT SPACE/POWER - Maximise virtualisation opportunities - Reduce network and hardware footprint - Better ROI for storage strategy BETTER DECISION-MAKING - Dramatically increase efficiency of security management and intelligence gathering (500,000:1 data reduction/prioritisation capability for improved incident response) - Dedicate less resources to fire-fighting - Immediate readiness for compliance/auditing - Unconstrained future network/security procurement BOOST UPTIME - Underwrite critical network services - Mitigate unnecessary human error/intervention - Improve security, event zero-day attacks

AUTOMATED IT RATING: 4.3

PDF version available

This advisory describes the process and impact of automating these network services.

• Situation Analysis (Before & After Automation)
• The Business Criticality of Network Services
• Automation Impacts
• - Running Costs
• - Time/Labour
• - Space & Power
• - Decision Making
• - Uptime
• Implementing Automation
• Infoblox Solutions

Situation Analysis

Before Automation

• - Keeping the ‘network glue’ of DNS, DCHP and other core network services in tact is as a result of thousands of onerous, time-consuming, repetitive tasks
• - IP address management is time-consuming, complex, insecure and unreliable; typically administered via a range of spreadsheet records held by IT dept
• - Large number of general purpose servers used to host network services wastes computing resources as well as space/power overheads

After Automation

• - The IT team collectively spends hundreds of man-hours less per month on admin task drudgery; individually they are each liberated to concentrate efforts upon more strategically valuable work
• - IP address management is fully controlled, secured, and rapidly administered
• - Hardware resources and operating overheads are rationalized to a minimum, even though specialized appliances are now deployed

The Business Criticality of Network Services

Managing these services (and their related IP address management requirements) is absolutely critical to maintaining business uptime. If your organisation continues to function in any capacity, then it is because these core network services are being diligently and continually managed, tweaked and controlled.

Automation Impacts

Running Costs

HIGH

Operating costs can be drastically reduced through network services automation. The principal contributors to these cost savings are in terms of labour and space/power.

Time/Labour

HIGH

Core network services consume massive amounts of personnel resources in repetitive, manual tasks that are often replicated among IT teams.
We estimate that a typical 1,000 employee organization with 5,000 IP addresses will conduct (per month):

• - 300 x Static IP address assignations = 30 mins each = 150 man-hours
• - 500 x DNS host additions = 20 mins each = 167 man-hours
• - 100 x IP address reclaims = 60 mins each = 100 man-hours
• - 50 x new network provisioning = 60 mins each = 50 man-hours
• - 5 x unauthorized device troubleshooting = 7.5 hours each = 37.5 man-hours

The total in this example is just over 500 man-hours per month; the equivalent of three people working non-stop for the entire period. By automating the management of core network services, this burden is reduced to less than 25 hours; about the same as one person spending one hour per day each month.

Space/Power

HIGH

Core network services are typically hosted on general purpose servers located at each site. This incurs a high cost for server management which is inefficient and unable to discharge effective IP address management. The automated approach involves replacing these with dedicated appliances which are cheaper to run and which support centralized management.
The effect upon space/power is minimal, though the result will net an estimated $168,755 three year overall saving (based upon replacing an architecture of five servers).

If space/power reduction is a key priority then automation can take place via a virtualized agent, thereby removing the need for dedicated appliance/server replacement. Infoblox vNIOS Virtual Appliance software can be run on existing Riverbed and Cisco network equipment. This process reduces TCO further, and makes ROI even more compelling.

Decision Making

MED  

The automation of network services enables the IT department to be far more knowledgeable and responsive in decision making. This is due to the overwhelming management, visibility and reporting capabilities brought about the automation process and its underlying technology.

Uptime

MED  

In any set-up, continual ‘housekeeping’ of core network services is required in order to maintain the foundations of a fully operational enterprise network. Therefore, an automated network services approach directly enhances the business continuity objectives of a business, adding resilience and accuracy to a hitherto piecemeal methodology.

Implementing Automation

Automating network services is a comparatively straightforward undertaking, although given the criticality of the data and processes involved it requires a great deal of sensitive and intelligent planning.
There are various deployment paths one could follow, so there is certainly scope for flexibility. Migrating to a system of full network services automation could take place very quickly, and any initial outlay on new capital equipment would be recouped within the six months of operation.

Infoblox Solutions

This advisory has been produced with support from Infoblox, pioneers of an appliance-based approach that controls and automates the core services that drive all networks and applications. For more information on how Infoblox successfully automates network services for businesses of all sizes, visit www.infoblox.com

Click here to view a case study on Grainger
Click here to download the Infoblox white paper on IPAM
Click here for the Infoblox solutions interactive presentation

SLASH COSTS - Lower hardware TCO - Better use of existing hardware - Slash opex by 50% - Less hardware need SAVE MAN-HOURS - Free up skills for innovation - Typical 1,000 user organization can save 40 man-days per month CUT SPACE/POWER - Maximise virtualisation opportunities - Use less infrastructure to manage network infrastructure BETTER DECISION-MAKING - Dramatically increase efficiency of IP address management - Dedicate less resources to fire-fighting - Platform for better business decision making BOOST UPTIME - Underwrite critical network services - Mitigate unnecessary human error/intervention - Improve security