As someone who lives and works in Seattle, I'll take any opportunity I can get to spend a few days in San Diego. When that trip to SoCal comes with a chance to work the ExtraHop booth at Cisco Live 2019, it makes leaving town even easier.
Booth duty at Cisco Live is a great way to meet a wide range of security and network professionals, from product users and engineers to the influencers who manage those teams and the executives who can transform the way their enterprises deliver performance and security at scale.
I had a lot of valuable conversations about ExtraHop integrations with Cisco ISE and Cisco Tetration for security, as well as AppDynamics for application monitoring, but three things stick out in my mind.
First, there were several questions about our unsupervised machine learning and how it enables real-time detection of threats and suspicious behavior. Second, even if a conversation started with performance and application visibility, it almost always pivoted to security. Third, those discussions often expanded to include best practices for integrating Security and Network Operations.
To see the technical and business cases for integrating SecOps and NetOps, check out Five Reasons to Integrate SecOps & NetOps.
Better SecOps/NetOps cooperation has been a hot topic wherever I go, and that makes sense. As enterprises expand in scale and complexity, attack surfaces become larger and more perforated. Plus, there is a well-documented shortage of experienced analysts, making it difficult for security teams to keep up with the pace of expansion.
Overcoming those challenges requires enterprises to leverage tool sets, use cases, data sources, and insights that SecOps and NetOps can share to act as a force multiplier for security. Better integration also benefits both operations centers by driving efficiency, reducing tool sprawl through consolidation, and optimizing budgets through improved resource allocation.
Despite the benefits that integration offers, there seems to be a disconnect between the desire to drive better teamwork and the number of organizations successfully integrating teams.
A 2018 global SANS Institute survey showed that 62% of respondents listed a shortage of skilled staff as their top self-identified SOC shortcoming. The same study also indicated that only about 30% of SecOps already work together with NetOps. Sure, it's all hands on deck when there's a massive breach, but when it comes to day-to-day operations, far too many silos still exist.
Increasing SecOps/NetOps cooperation leads to proactive security. When security teams communicate with network teams, they gain insight into the environment they're tasked with protecting. And when NetOps has a continuing dialogue with SecOps, they can work together on security policy.
More importantly, when both teams share the same data source, leveraging a common toolset becomes more efficient.
If the conversations I'm having at trade shows are any indication, and I'm sure they are, the days of siloed security and network teams are coming to an end—and the people working on those teams are ready to pick up the pace of integration.