Denys Rudyi - Fotolia
What are network managers' top priorities these days?
Network managers grapple with a wide assortment of urgent concerns whenever they settle into their office chairs, but the that most causes heart rates to race and brows to furrow is related to network security issues.
With each passing year, the threat landscape becomes more dangerous. Over the past several months, major hacks included everything from the theft of personal financial information in the Equifax breach to hacks at major retail brands, such as Lord and Taylor and Saks Fifth Avenue. Even more troubling is the dramatic increase in cyberespionage groups attempting to exploit vulnerabilities in routers and other devices underpinning today's networks.
It's no surprise that a recent survey conducted by Enterprise Management Associates (EMA) found 43% of network managers rank network security issues as their biggest concern.
"Network security is always at the top of the list," said Shamus McGillicuddy, a senior analyst who focuses on networking at EMA, which is based in Boulder, Colo. "The historic prevalence of network security makes sense, given the constant evolution and escalation of threats and vulnerabilities that plague enterprises of all types."
The EMA findings also track fairly closely to a study done by Enterprise Strategy Group (ESG) in which network security issues ranked second, only behind meeting budgetary constraints.
Multiplex approaches to security
Seth Price, senior network engineer for Durham County Government in North Carolina, isn't surprised by the results of the EMA and ESG studies.
Shamus McGillicuddysenior analyst, EMA
The March ransomware attack in Atlanta -- where municipal operations were crippled by SamSam malware -- weighs heavily on Price and many other network managers at state and local governments. The idea that critical services could go down for several days like they did in Atlanta has become a major concern.
"We can't just rely on a firewall anymore," Price said.
In Durham County, Price said his agency deployed a multilayered strategy that includes Cisco Umbrella, Cisco Stealthwatch, firewalls from Palo Alto Networks and cloud-based security services from Dell SecureWorks.
Umbrella is used to comb through all domain-name-system (DNS) requests; if it finds a known malicious site, the software automatically blocks the webpage well before it hits the firewall, Price said. In the event a DNS request bypasses Umbrella, the network's firewall and vulnerability detection capabilities will monitor for potential malware and sandbox any malicious files or websites.
Dell SecureWorks acts as a redundant security operations center for the county. SecureWorks receives all the county's firewall logs and reviews them for anomalies.
Durham County also relies on security capabilities built into Application Centric Infrastructure, which underpins its networking operations. The Cisco SDN topology uses policies, accessible through DNA Center, to more efficiently manage firmware updates on its routers.
"Before DNA Center, if we needed to upgrade switch or router code, it was a very manual process. We had to log on and manually upgrade the code on each device," Price said. "With DNA Center, we can push the code out to the devices. Now, we can do all the firmware upgrades in a couple of days. If we had to do it all manually, it would take at least three or four months to get through all the devices on our network."
Because the vast majority of updates are security-related, the ability to push them out in a couple of days makes the county's network more secure.
The push for SD-WAN
At Caterpillar dealer Holt of California, network engineer Justin Giardino said the biggest key to protecting the firm's data is training rank-and-file staff to be security-aware. The company, located in Pleasant Grove, Calif., runs 15 tractor dealerships
"We can install firewalls, but in the end, we are at the mercy of the knowledge level of our end users," Giardino said. "It all falls on the network team to keep the network safe."
Giardino said Holt plans to shore up its security by moving to SD-WAN and exploiting some of the data protection techniques engineered into the technology.
"With SD-WAN, we can save money. It offers easier management; we can use cable modems, and it offers better reporting than we've had in the past," Giardino said.
At the edge of network security's future
Peter Levine, a partner at venture capital firm Andreessen Horowitz in Menlo Park, Calif., for example, cited the growth of distributed computing at the edge as part of a recent presentation. According to Levine, the edge will grow more dominant as self-driving cars, drones, robots and IoT objects become more prevalent and their operation more critical.
Doug Smith, CEO of Texmark Chemicals in Galena Park, Texas, said edge computing enables the refinery to retool its operations. The company has deployed a combination of Hewlett Packard Enterprise Edgeline EL4000 computing devices, an Aruba mesh wireless network and Bluetooth Low Energy beacons to collect performance data directly from key production areas of the processing plant.
The edge computing environment, which Smith described as the "refinery of the future," also lets Texmark use network-connected cameras to film how workers load and unload chemicals to ensure safety guidelines are met. Workers also use wearable devices to take gas and temperature readings.
"A large segment of the workers in the petrochemical industry are approaching retirement age," Smith said. "Utilizing IoT technology and edge computing gives us a competitive advantage in attracting young, tech-savvy workers and also increases safety, reduces risks and saves money through access to real-time information here at our plant."
Steps that companies like Texmark are taking to upgrade their networking operations means network managers will continue to have a lot on their plates in the next 12 to 18 months. Whether it's network security issues, edge computing, IoT or just upgrading a wireless infrastructure, there's little doubt managers will have plenty to do.