Automating the path to security success

This article was originally published on Technology.Info.
As part of our continuing strategy for growth, ITProPortal has joined forces with Technology.Info to help us bring you the very best coverage we possibly can.

The concept of automating security is bound to rack the nerves of the most trusting of security professionals.

Why?

Well, because security culture is one of control and by its very nature security professionals have learnt not give up control of people or systems. Introducing automation, on the other hand, to a tightly controlled network requires an act of faith that the job will be done without causing issues.

But as networks become more complex and fast moving – with sometimes 100s of changes daily - security teams will need to embrace automation as a best practise. Without security automation, we are prone to human error at best and outages at worst. There has to be a hand over around security decisions, a loss of control so to speak, and in order to do that there has to be complete trust in the process that’s being automated.

Where to Start with Security Automation

Today, non-security related automation in IT is on the up; system admins use automation for application deployments as well as managing infrastructure both on premise and in the cloud. It’s increasingly becoming the norm. However, when you move from IT into security automation, that’s where the adoption ends. So how do you get security teams on board?
First, start off slowly. Security teams are open to automating tasks that aren’t directly in their remit. Compliance audits are one good example of this. While it’s a security-related activity, it cannot induce risk (except for the risk of failing the audit). There are other similar, time consuming tasks that security professionals should have no issues automating.
Another area where security automation is abundant is with those processes that are just too overwhelming for security teams to deal with manually – where there’s no other feasible alternative but to automate. Patch management and event management (SIEM) systems are two good examples where manual processes are just not viable.

Creeping into the Network with Automation

Trust issues really come into play when we talk about automating changes network changes – which can directly affect security. Nowhere else is security risk more predominant than when it comes to configuring security devices, because more often than not, misconfigurations lead to outages. When it comes to firewall policy or network security management, automation has to prove itself before security teams can hand it off. Again baby steps are called for here.
How?
Consider starting with the processes that can be reviewed in detail first with a simulation of the automation before the “RUN” button is pressed – a dry run. This will certainly help determine what the system is going to do or not do. If teams have the opportunity to review what will be configured before it gets automated, it will help set you on the path to building trust in security automation.
The key is collaboration and breaking down silos just as much as it is about technology. Bringing security into review the change processes as they are being automated, is a trust and team building exercise in and of itself, and ensures that security considerations are baked into process automation from the get-go.
Trust between the people determining which processes should be automated – and how – tends to occur over time, as everyone gets to know each other, and especially as security teams gain the visibility and input they need to ensure that security is baked into process automation. As concerns are alleviated, security teams will become increasingly remote, but they need to be eased into it.

Phasing in More Network Automation

For security teams looking to take a gradual approach to full automation, security policy orchestration is the perfect vehicle. While automation in itself is like a robot repeating tasks in a basic way, Orchestration on the other hand is more intelligent - like a conductor coordinating a talented group of musicians (network of complex systems) who are playing a symphony together.
Core to this approach is simulation. Once the organisation has its network topology accurately mapped out, the system can automatically identify relevant policy enforcement points (firewalls, routers, load-balancers) that are associated with the flow of the business connectivity requirement. Based on this, a network simulation can be performed to accurately design the implementation.
In moving toward automatic network design, DevOps teams can greatly benefit from using tried and true best practices already in place, in the security world. For example, automatic risk analysis against a pre-defined zone-to-zone security policy, across the entire network, allows the security team to review and decide whether certain business needs are aligned with corporate security guidelines or not.
As trust is gained in the automatic network design and the automatic changes set by pre-defined policies, there will be less reliance in reviewing every design change and more faith in automation. As soon as the system automates change provisioning, you have reached a mature automation model.
Orchestration handles changes as part of a process rather than through hidden API calls, this gives you the necessary transparency including an audit trail, separation of duties and check points that are critical for trusting the machine. The capability of providing an audit trail enables a post-mortem analysis in the event something fails to go as intended. Checks and balances, allow for human intervention where defined conditions occur. Lastly, the system has to be very accurate, reliable and secure.
The path to security automation may not be a quick one, but by taking a phased approach and automating the right processes, everyone will feel more confident with the implementation of automation. This way, the people we trust to secure our networks can focus their attention on addressing the next generation of security challenges.
Reuven Harrison, CTO and Co-Founder, Tufin

Topics