Best practices for building a network assurance program
Lumeta introduced five critical considerations to help organizations develop a Network Assurance program. Network Assurance complements system and data level security solutions to round out the risk management equation by measuring the impact of network change on security, availability and compliance.
By placing security in the context of service availability and network performance, organizations will obtain visibility into risk from a network perspective — a critical requirement for validating policies and controls as organizations build security into the fabric of the infrastructure.
There are five critical competencies organizations must establish as part of a Network Assurance program:
1. Quantify network risk based on a comprehensive set of network facts.
2. Measure the impact of network change on security and availability using a network risk scorecard.
3. Identify gaps between security policies and network defenses by analyzing actual connectivity across the enterprise and between the enterprise and the Internet.
4. Optimize proactive security efforts by prioritizing the deployment of vulnerability scanning efforts to high risk segments of the network such as unknown and unmanaged hosts, devices, and address space to optimize proactive security efforts.
5. Bring unknown network assets under management and apply necessary patches; reconfigure any devices that allow unauthorized connectivity which violates security policy.
“IT organizations face a fundamental paradox: support the business with agility and flexibility without introducing risks that could impact security or result in compliance violations,” said David Arbeitel, CTO Lumeta.
“Currently, the level of security automation is low, creating gaps between defenses and security policies. These gaps exist largely because organizations have focused on security at the host, device and data level without a solid understanding of the network and enterprise connectivity.”