Network security is top of mind for every organization. We’re seeing network infrastructure environments that are rapidly expanding, and maintaining security across this kind of distributed complexity is increasingly difficult. When organizations leverage multiple cloud environments and a wide variety of on-premises and edge infrastructure resources, traditional approaches and processes used to maintain a secure perimeter don’t scale well enough when efficiency and response time are critical.
Maintaining security requires a solution that’s built for hybrid environments, allowing security teams to accelerate and scale their capabilities to quickly and efficiently secure modern infrastructure.
Itential’s multi-domain orchestration capabilities and our platform’s ability to integrate with every network security solution are helping our customers achieve a new model for network security. With Itential, security teams can successfully keep up with expanding infrastructure and can use lifecycle management capabilities to track and update services as data and security rules change over the course of the service lifecycle.
Security Teams Face a Mounting Challenge
Organizations are equipping their security teams with rapidly improving toolsets. Security Operations Centers (SOCs) are often staffed 24×7 with skilled security professionals using a wide variety of tools to monitor infrastructure, detect anomalous behavior, investigate security incidents, and respond quickly.
However, network environments are outpacing teams’ abilities to keep up. Today’s enterprise IT organizations usually rely on multiple public cloud environments along with on-premises and edge infrastructure, delivering a large volume of internal IT services across this complex environment. The infrastructure SOC teams must survey and defend is complex, reaching across both traditional on-premises network domains like Data Centers and across one, or potentially many, cloud providers. And when services span multiple domains, it can be difficult to track all of the different elements of a service that must be updated whenever policies or rules change. The way teams solve these challenges today isn’t scalable.
If an entity must be blocked from the network, or if policies must be updated to meet new standards, security personnel must manually execute these activities across different tools to maintain security posture across all of the organization’s infrastructure. Despite an amazing set of tools on the security side to detect and identify issues, teams need something more. Organizations’ ability to maintain security posture is ultimately hobbled by the process of response, which requires manual intervention by multiple teams because of the complex networks in which they operate, and the different tools used within those domains.
Blocking as a Service: How Orchestration Enables Security
Blocking is an important example of why orchestration is necessary for maintaining security in a distributed environment. While their security tooling can help them detect security threats very quickly, most organizations find that acting on those threats by making changes to different infrastructure domains to block the threat across all of infrastructure takes far too long.
Even if the ability to respond can be measured in minutes, that may be too long to prevent a successful intrusion. In order to reduce the time to respond, we need to take a deeper look at the process behind making a change the infrastructure to block traffic:
- Identify the IP endpoint or network to block.
- Identify where to block traffic — where the complexity begins.
- Block on a single device (firewall) for a specific site (data center, remote location, etc.).
- Block on multiple devices (firewalls) for multiple sites (data center, remote location, etc.)
- Block on a single cloud provider, or multiple cloud providers.
- Generate the necessary configuration changes to apply to enable blocking.
- Execute a pre-check process, apply the change using the appropriate tool for that domain, and execute a post-check process.
- Document and track the request, potentially releasing the block in the future.
This single event may generate several threads of work that may go do different infrastructure teams to fulfill using different tools to modify configurations in their environment. Cloud, Network, Security teams may all become involved in updating their respective domains to block, and even with using automations to push changes, manual steps in the whole process causes delays. Delays that can mean the difference between a good night sleep or front page news.
When Itential partnered with a leading global financial services company to streamline and accelerate blocking, they were able to create workflows that could easily block an IP or entity across all of infrastructure in response to a threat from any of their security tools. This meant whichever SOAR platform flagged the threat, it could be blocked within seconds with no gaps, significantly reducing the attack vector. They were able to eliminate crucial vulnerabilities by scaling up their security team’s capabilities and ensuring tool and network sprawl would not lead to higher risk.
The SOC team is now able to self-serve blocking capabilities like network or cloud products. They can simply enter an IP endpoint or network into a form and the appropriate infrastructure changes take place in seconds. They’ve removed as much manual work as possible and orchestrated these processes so they follow procedures — without manual intervention. When organizations can do this successfully, teams can carry out even the most complex set of infrastructure changes immediately and securely.
Using Itential to Orchestrate & Track Hybrid Security Services
With Itential, you can take all of the existing automation tools that your teams are using and build workflows that can orchestrate these together so that updating different types of infrastructure to block traffic can be accomplished in seconds. Itential also provides the tools to track blocking requests and all of their associated infrastructure details together so they can be identified and quickly unblocked if needed.
It’s not just for blocking — any set of security activities can be represented in an Itential workflow by integrating with multiple security solutions and onboarding automation tools. In. addition, the same workflow can integrate with other systems to remove even more manual steps, like ticket management, documentation, and interacting with sources of truth — eliminating human error and accelerating work that’s crucial to security such as software upgrades. And with lifecycle management, teams can always maintain security even for complex services over time as details and data change.
Security is a top priority in networking, and securing services across hybrid environments is a complex challenge. Itential is built to enable efficient, rapid orchestration across hybrid infrastructure, and that includes security.
If you want to see how it works step-by-step, check out this recent webinar where I demonstrated how to track and orchestrate hybrid cloud security services. The webinar dives into a similar blocking use case as we discussed above. You’ll learn how to build workflows to orchestrate end-to-end processes, track a blocking request’s details across its lifecycle to streamline any changes, and orchestrate security changes for services across hybrid infrastructure. Plus, you’ll learn how to expose security services such as blocking as self-serve outcomes for the SOC team to consume. With Itential, your security posture can successfully keep up with the pace of network growth, moving incident response time from anxiety-ridden minutes to a calm and collected set of seconds.