Go back

The Pitfalls of Relying on Event-Driven Network Security Processes

November 21, 2017

Network security teams have long been forced to rely on the same playbook for protecting the network: Wait for an event or attack to occur, and then work to resolve the problem as fast as possible.

Sure, network teams take the time to proactively guard against threats, but it’s often a piecemeal effort accomplishing little more than security spot checks. Instead, resources focus on troubleshooting and eradicating a problem after an event has already occurred.

A recent Network World article on data-driven vs. event-driven networks sparked us to think about proactive measures that organizations should take to avoid living in an event-driven environment. The two keys to a successful proactive security workflow are end-to-end network visibility and automation. Forward-thinking organizations will eliminate threats before they occur and be more prepared to troubleshoot when network events do happen. Let’s look at these two areas that all network teams should be thinking about.

Enhanced End-to-End Visibility

Organizations that rely on reactive workflows are often unprepared, because they have limited visibility into traffic flows and detailed network data. To proactively mitigate potential threats, clear insight into the network is crucial. This is where automated network mapping has a big impact.

When network teams have end-to-end visibility into a network’s topology, design, and security posture, it’s far easier to identify threats. This doesn’t just mean visibility into the current state of the network, it means the ability to see the history of the network and to catalog changes made over time, identifying potential problem areas before they become issues.

Suppose a hardware vendor releases a new vulnerability or security patch that affects a specific device type. Most organizations would be unable to quickly identify which devices could be impacted and where they connect. With NetBrain, automated tools scan the network, map the relevant devices and assess the impact. This end-to-end visibility helps minimize vulnerability gaps and potential threats.

Network Vulnerability Assessment

Applying Automation to Proactive Workflows

Visibility into the network doesn’t mitigate threats if organizations aren’t following the right processes, and most networks teams are just beginning to implement automation into their security workflows. As a result, many of the same manual processes become a challenge in verifying network hardening policies.

Today, most enterprises are manually checking against network hardening and compliance regulations to ensure that devices are configured to the correct standards, that traffic is properly segmented, and that hardware is frequently patched to close vulnerability gaps. For enterprise organizations, it’s a tedious and mostly ineffective process to manage the hardening process — it can take days to understand the impact of a single vulnerability. As a result, many organizations fail to harden their network properly in the event of a network change and enforcing security best practices and known standards has become problematic.

These manual processes need to be eliminated so that IT teams can instantly have the information they need to begin the mitigation and troubleshooting process. Every day that an organization relies on manual, event-driven processes is another day that their network is at risk.


Download our latest whitepaper on continuous cybersecurity for more information on both proactive and reactive security workflows.