Utilizing Network Visibility to Prevent the IT Blame Game
Let me ask you a question. Do you know how well your IT departments communicate with each other? As an enterprise you probably have at least four IT sub-departments (such as Security, Network Operations, Virtual DC, Capacity Planning, Service Desk, Compliance, and so on), and the chances are they will be at odds with each other. For instance, there’s often contention over capital budgets, sharing resources, and headcount – to name but a few points of potential friction.
Even if we say that, in normal operations, relationships are usually good between your IT sub-departments, how does this change in the face of a security incident or breach – even if it’s only a minor one? Finger-pointing can quickly ensue, especially if there are problems with acquiring accurate monitoring data about what happened, for security and troubleshooting purposes.
And when this happens, what can you do? This is a topic recently explored by our senior solutions marketing manager Keith Bromley, in an article in Continuity Central. It looked at the challenges organizations face when the IT blame game begins, and what can be done to help prevent this from happening.
Of course, one of the biggest challenges for IT staff today is to get the proper network information they need, when they need it most, so that they can make informed decisions about network security and problem resolution. Without this, discord can quickly break out between the various IT sub-teams.
The answer to this problem is to create complete network visibility for network security and network monitoring/troubleshooting teams. Without this visibility, how do you know that you haven’t been breached? If you have been breached, what was affected? IT professionals know they cannot prevent all attacks, so they need to focus on quickly detecting signs of infiltration. This helps all IT departments avoid becoming a victim of the blame game.
But what can you really do about the problems? Here are some examples of how you can increase network visibility and eliminate some of the pitfalls:
- Add taps to replace SPAN ports. Taps are set and forget technology, which means that you only need to get change board approval one time to insert the tap, and you are done.
- Add a network packet broker (NPB) to eliminate most of the other change board approvals and eliminate crash carts. The NPB is situated after the tap so you can perform data filtering and distribution whenever you want. By implementing a tap and NPB approach, you may be able to reduce your MTTR times by up to 80 percent.
- Add an NPB to perform data filtering. The NPB performs data filtering to send the right data to the right tool whenever you need it. This improves data integrity to the tools and improves time to data acquisition.
- Add an NPB to create role-based access to filters. This eliminates the “who changed my settings” issue and allows multiple departments to share the same NPB.
- Add virtual taps to get access to the often hidden East-West data in a virtual data center or cloud network.
No one wins at the blame game when it comes to security incidents and breaches: everyone in the IT team (and indeed the entire organization) loses. One of the best things that IT can do is increase network visibility because it gets to the core of security issues, instead of merely treating the symptoms – helping to reduce damaging incidents, reduce long-term costs, cut troubleshooting times, and increase staff morale.