Network Security Management

Albert Einstein defined insanity as "doing the same thing over and over again and expecting different results." Yet when it comes to network security, organizations often repeat processes, deploy multiple solutions with many security rules, and report independently on different parts of security networks – all in an effort to improve security. This complexity does not improve either workload or security. In fact, it undermines both with overwhelming amounts of data streams, slow responses to threats, and convoluted management.

Today's security deployments need to focus on streamlined management, improved visibility into the most critical threats, and reduced response times. The right network security management solution provides all of these components.

Companies can gain much from the deployment of good network security management. The benefits range from time savings to reduced complexity to better security overall. In addition to the ability to configure and manage a network from a central location, a single security rule base can be maintained and kept up to date much more easily than multiple, independently managed security deployments.

While it is possible to govern a few independently managed firewalls without major issues, future business growth may prove difficult when it comes to network security expansion. For this reason, network administrators should consider investing in network security management early in the buying cycle, especially when the business is growing.

Highlighting the key benefits of Palo Alto Networks® Panorama™ network security management, this guide provides insights into when and why you should consider investing in a management solution for your security deployments.

What Is Network Security Management?

Overview of Network Security Management

Security deployments are complex; they overload IT teams with complex security rules and mountains of data from multiple sources. A good network security management solution empowers teams with easy-to-implement, consolidated policy creation and management. Set up and control firewalls centrally with industry-leading functionality, an efficient rule base, and gain insight into network-wide traffic and threats. Network security management empowers not only with streamlined management functionality but also with improved visibility and detection of threats, and a reduction in response time.

What to Demand of Network Security Management

A good network security management solution does much more than just offer central management. It helps streamline the tedious task of management by reducing the time it takes to respond to threats, and it helps in the discovery of unknown threats.

Here is a more detailed list of capabilities and features that a network security management solution must have:

  1. Enterprise-class management from one central location in even the most complex networks.
  2. A single security rule base for application awareness, user identification, URL filtering, threat prevention, file blocking and data filtering.
  3. Static security rules in a changing threat landscape with dynamic security updates.
  4. Customization and regional control for individual firewalls to allow for regional or topical differences in security requirements.
  5. Deployment flexibility and scalability with configuration options that can accommodate fast-growing organizations and large enterprises alike.
  6. Central visibility into and reporting on network-wide traffic and threats.
  7. Automated correlation of indicators of compromise – for the confirmation of compromised hosts – that cuts back on manual data mining to find "needles in the haystack."
  8. Automation features to reduce dependence on manual actions, for example, triggering actions on third-party systems based on a security event.

Benefits of Network Security Management

1 + 1 = 1

Complexity is a reality in today's cybersecurity environment. With different parts of security deployments frequently managed independently of each other, administrators end up with an unmanageable number of devices, interfaces, security rule bases and configuration elements. Often, organizations will have a URL filtering solution, multiple firewalls, an IPS solution, endpoint protection and more deployed on one network. With multiple deployments come multiple, frequently outdated or inconsistent security rules, exposing your company to increased risk.

Sound familiar? How much time are you spending to configure and manage all of these disparate deployments? Are you sure all your security rules are up-to-date and consistent? Why manage more devices than you have to?

Consolidating security deployments is one step toward avoiding a management nightmare. You may combine several security technologies into one product, such as a next-generation firewall that offers IPS, URL filtering, advanced threat protection and more in one solution. Even after doing this you, may end up managing more than one deployment.

Ask yourself how many independent next-generation firewalls are deployed on your network, and how you configure and manage each firewall. If your company does not have multiple firewalls yet, ask yourself if your business is growing. If so, chances are that you will sooner or later have multiple next-generation firewalls deployed. Do you want to manage all of them independently or from one central console?

A general rule of thumb is to deploy a network security management solution if you already manage or are planning to deploy three or more firewalls on your network at one point. That's right, even if you don't have multiple next-generation firewalls deployed yet, you may benefit from deploying a network security management solution in your security network. It will make the future integration of next-generation firewalls into your network easier and much more streamlined.

The Day Has 24 Hours – Make the Most of Them!

The shortage of security professionals means having to do more with less. Security teams and network administrators everywhere are stretched for resources and overwhelmed with the tasks at hand.

Most people who include network security management in their deployments free up time to focus on security issues, rather than managing multiple devices with multiple sets of security rules, also called "rule bases."

Without network security management, each firewall needs to be configured manually because each firewall has its own rule base.

With network security management, you will:

  • Spend less time configuring your network and fixing device settings, so you can focus on proactively improving your network settings.
  • Reduce the time spent on plugging holes in your security settings, or fixing outdated rules, so you can focus on taking your security to the next level with effective policies that are manageable.

What would you do with all this free time? Saving time frees up resources, which translates to doing more with less.

Avoid Duplication and Human Error

Any good network security management solution provides tools to eliminate the duplication of effort – this is not only an enormous time saver, but it also reduces the risk for error.

You have heard it before: "To err is human." Avoiding the duplication of work also is accompanied by a reduction of human errors. Having to rewrite configurations of devices or policies manually is an almost-guarantee for mistakes, which are frequently costly. A recent report by the Ponemon Institute1 found that 22 percent of all data center outages were caused by human error.

A good network security management solution provides the necessary capabilities to automate and streamline many of the configuration and management processes. Here are some key capabilities a good network security management solution should offer to save time and reduce the risk of manual error:

  1. The ability to create, reuse and stack templates as elements of network configuration goes a long way toward streamlining manual processes.
  2. Grouping firewalls into device group hierarchies and providing granular, centrally managed role-based access control ensure that security networks match organizational structures, are logical, and can easily be understood by all administrators, further reducing the risk for human error.
  3. Enabling the import of pre-production firewall configurations, or the addition of existing firewalls into your network with a few clicks, eliminates the need to manually configure each device.
  4. The ability to secure a network with a single security rule base, eliminating the duplication of rules for different firewalls and ensuring all security policies are up-to-date, reduces manual effort, complexity and threat exposure.

It's Like Radar for Your Security Network

Another large benefit of deploying network security management is the ability to see into all parts of the network from one central location. Most network security management solutions offer this capability but with major differences in the way the data is displayed to the administrator. It's not really about data visibility – it's about making the data actionable, interactive and valuable to the user.

What's more, a good network security management solution not only provides visibility but also prioritizes the data for the user, visually displays critical data, and facilitates fast responses to any threat encountered.

Key components of an ideal network security management deployment include the ability to customize the dashboard for each administrator, provide easy drill-down capabilities, and offer local administrators the right level of needed visibility into network traffic and threats.

Finding the Needle in the Haystack – Automatically

How much time are you spending on manual data mining? Maybe you don't even have time to devote to analyzing data. Well, a good network security management solution can automatically correlate indicators of compromise across your entire configuration, no matter how hidden, and highlight compromised hosts for a fast resolution. Having a network security management solution like this is like adding a valuable team member to your staff who does network-specific threat research for you and finds the needle in the haystack.

You Look So Familiar!

A key requirement of a good network security management solution is a user interface that is almost identical to the user interface of individual next-generation firewalls, in the event that you are migrating to a network security management solution after having deployed several independent firewalls.

You also want the transition from individually managed devices to a network security management solution to be as smooth as possible for all administrators. Ask your security vendor how similar the individual firewall UI is to the UI of the network security management solution to get a better understanding of how much of a change your company will undergo once it decides to move to network security management.

Don't Wait Until It's Too Late!

Alexander Graham Bell said, "Before anything else, preparation is the key to success." The same can be said for your security network. Possible or likely growth should be factored into the equation when evaluating whether to deploy a network security management solution. Planning ahead can save significant headaches at a later time. If your company will surpass five or more firewalls in the near future, consider moving to network security management immediately.

A good network security solution will facilitate easy and smooth growth, and new firewalls can quickly be added to a small system once it is configured for growth. It is always easier to plan for growth from the beginning than to accommodate growth at a later time. A small investment in network security management today could save you lots of headaches and expense down the road.

Should You Move to Network Security Management?

How many firewalls do you currently have deployed?

  1. 0 (Points)
  2. 1-2 (1 Point)
  3. 3-5 (5 Points)
  4. 5-25 (10 Points)
  5. More than 25 (15 Points)

How many firewalls do you think you will add in the next two years?

  1. None (0 Points)
  2. Up to 2 (2 Points)
  3. Between 3 and 5 (10 Points)
  4. More than 5 (15 Points)

How are your firewalls configured?

  1. I only have one firewall (0 Points)
  2. Identical configurations (2 Points)
  3. Slight variations in configuration (3 Points)
  4. Very different configurations (5 Points)

How time-consuming is it to configure/manage your firewalls?

  1. It is not very time-consuming (0 Points)
  2. It is time-consuming, but I can manage (2 Points)
  3. I am wasting a lot of time with this (5 Points)
  4. It keeps multiple admins busy (15 Points)

How much manual involvement and duplication of work do you have in network and device configuration?

  1. I am in control and everything is fine (0 Points)
  2. There is some duplication, but I manage (5 Points)
  3. There are many errors (10 Points)
  4. It's completely out of control (15 Points)

Let's talk about your security rule base. Which one of these statements rings true for you?

  1. My rule base(s) is/are current and secure (1 Point)
  2. Most security rules should be correct (3 Points)
  3. I am frequently correcting errors (10 Points)
  4. There are more holes than Swiss cheese (15 Points)

How easy is it for you to have central threat and traffic visibility and reporting capabilities across your network?

  1. I don't need central visibility. (0 Points)
  2. It requires multiple UIs, but I can manage. (5 Points)
  3. I am overwhelmed. (15 Points)

Results

0–15 Points

You're a Zen master! And you are managing fine without a network security management solution, but it's worth considering an investment in a network security management solution as your organization grows. It could save you time and effort configuring and managing your security in the future.

16–30 Points

You might need to explore. You are either already at the point where a network security management solution will pay for itself, or you'll be there shortly. Now is the time to make the jump into network security management.

31–60 Points

You are a glutton for punishment. You'd be pleasantly surprised at the amount of time you'd save and how much more efficient a network security management solution could make your security network. There is no doubt you would love the benefits of a network security management solution.

61–90 Points

Wow, you seem to have some masochistic qualities in you! You should pick up the phone today and make an appointment with a Palo Alto Networks sales rep to talk about moving to network security management, or make an appointment with your cardiologist.