Compliance

Demonstrating Compliance Doesn’t Have to Be a Challenge

Ensuring a network is properly secured and meets compliance standards like PCI, NIST, or HIPAA is a growing concern for many organizations. While many may be operating within compliance boundaries, most find it difficult to prove it both internally and for regulatory audits. This is largely due to existing network infrastructure documentation that is out-of-date.

For many, the absence of an automated solution has led to a limited view and understanding of security policies. Further complicating matters is the fact that network and security teams don’t often collaborate and seldom see eye-to-eye.

With these factors in mind, organizations should adopt three critical steps for ensuring success during a compliance audit.

Step 1: Validation Through Documentation

Documentation is the most critical step for teams to prove compliance. However, the ongoing issue for most companies is the manual and arduous nature of the process. In our recent survey, 33% of network engineers and managers said it would take them more than one entire month to document their network. The inability to document not just the network’s topology, but the underlying policies, like firewall rules, access-lists, policy-based routing, and configuration hardening is a real problem.

With NetBrain’s Dynamic Maps, organizations can automate the creation of network maps and detailed design assessments to not only gain visibility, but also, detailed asset reports and more. In the case of PCI, to validate credit card transaction paths, engineers need a way to assess all possible paths, and ensure access to protected environments is restricted. NetBrain’s A/B path calculator works at the layer-4 port-level to analyze ACLs and policy-based routing to visually present the application paths and allow the automation of compliance checks across relevant traffic flows.

Step 2: Standardize Security Processes Through Runbooks

Validating every network configuration against a common set of compliance rules (e.g., device passwords are encrypted, timeouts are configured, no vendor defaults are present) is a crucial step towards compliance and security hardening. Many organizations run into compliance troubles when making network changes and over time, “drift” away from compliance standards.  To combat this, security teams can leverage NetBrain’s Executable Runbooks to ensure compliance through new service deployments and operational changes. These runbooks may include design guides and best practices to help enforce security best practices going forward.

Upon configuring a change, implementation engineers can then execute a vulnerability assessment runbook to ensure that it meets pre-defined compliance standards. An event management system can even be configured to auto-trigger an assessment at the instant a change takes place.

Step 3: Ensure That Compliance Isn’t a One-time Event

Staying compliant is an ongoing process, not a one-time fix. So is guarding against potential security threats. For the entire process to work effectively, collaboration is crucial. With NetBrain, security and network teams can work collaboratively during triage and forensics to proactively prevent threats.

Ensuring that proper compliance procedures are adhered to and that network teams follow defined security practices is critical.  Organizations must remember that it isn’t enough to say that an audit happened. They need to prove it.

Related Resources