Many experts in the field of cyber protection consider the network to be a helpful ally. In practice, though, the network can be just as much of an adversary, shielding vulnerabilities and making it harder to access the data you need to defend your company.
However, with the help of certain additional tools in addition to the already available ones, that network can once again be relied upon.
In a recent podcast, Infoblox’s Bob Hansmann, Sr. Product Marketing Manager, Network Security, and Bob Rose, Sr. Product Marketing Manager, DDI & Value-Added Services, discussed how enhanced visibility into security measures may lead to tighter security and simpler compliance.
Can you tell me what topic they tackled? We’ll start with DHCP server errors.
Let’s imagine an error message from the DHCP server appears. Possible server failure in a network with a single DHCP server Or it could be a place where all of the accessible IP addresses have already been taken. That’s another factor that can lead to DHCP not working. “It’s possible your network server has crashed,” Rose explained. An issue with the DHCP packet relay may have resulted from a change in setup. Sometimes that occurs, and you know it when you see it. Or perhaps another misconfiguration occurred during the subsequent installation.
That’s just how things work within the system, where technologies tend to be incompatible with one another. Then there are all the problems that end users face, such as those caused by IT.
“Users are misconfiguring things all the time. These days, you can find tools on the market specifically designed to check your setup. You’re bringing up some of the resources we regularly employ, and it turns out they’re still in development at the very moment we’re getting ready to go live. Take, as an example, Facebook’s administrative interface. The user interface, platform, and associated tools were all updated, as Hansmann put it. They do exist, but they’re all at such a disorganized stage of development that the configuration error issue persists. Someone incorrectly set up a setting, resulting in vulnerabilities. Therefore, not only do I benefit from having this management history here in terms of knowing who did what, but it also applies if I connect the incident to a vulnerability in some system where somebody made a modification. It’s not about assigning blame; I just want to know when it happened and why, so we can use that information to prevent a repeat.
According to Rose, network complexity is a major factor that begins to make it hostile.
Because it’s conceivable for there to be IT silos with access to integrated, authoritative databases or protocols, IP addresses, network infrastructure, devices, host connectivity, etc., discovery is crucial. If you can’t see it, there’s a security concern, and it could cause your service to go down. But if there are unmanaged devices, “someone might theoretically obtain access through an unmanaged device, enter an environment, and affect millions of customers,” as Rose put it. “If you have a complete inventory of all of your data and endpoints, you can see and analyze it to validate that your designs are right, that your provisioning is right to do troubleshooting, to manage, and to really deliver an effective core network service that is up and running and performing at the highest level,” the author says.
Mergers and acquisitions, in particular, can increase complexity within a company.
Networks in business settings are getting increasingly varied. They are widely available and supported by a number of different vendors. Mergers and acquisitions are another issue that businesses must address. Consequently, the level of complexity you must deal with is increasing. So how do you check if your network gear is secure and up to code, and what do you do if something has reached its EOS? There are no plans to fix it. Rose expressed concern that maintenance had ceased. “At this point, your network is extremely vulnerable and ripe for attack.” It’s a major challenge to keep tabs on security holes. Keeping up with Cisco PSIRT (product security incident response team) alerts and Juniper Bulletins becomes a major hassle in the field. Performing this task requires a lot of time and effort because it is entirely manual. This can be a lot of work if you are collecting and aggregating RSS feeds and emails and trying to cross-tabulate all the vulnerabilities across a wide range of device models and OS systems. Also, patching is never a one-and-done deal. You need an automated procedure that provides you with accurate and rich vendor-agnostic device detection in addition to continual multi-vendor alerts and upgrades.
In addition to the fact that an M&A is already hard, the sheer number of file formats adds to the difficulty. This is especially true when you consider that information may be coming from more than one partner.
The information may exist in numerous locations and take various forms. The ability to automate the process of gathering and compiling this data is quite useful. While this isn’t something commonly accomplished by discovery tools, it is possible. I can now go out and manually check the firmware version, perhaps with the help of my IPAM system. But that just means I have more work on my plate. In other words, as Hansmann put it, “I click a button, and it just does it,” whether at a certain interval or whenever it’s needed. Such a high degree of automation is required.
Rose chimed in to say that they’re also placing a premium on finding hybrids.
While many businesses still operate on-premises data centers, many more are making the switch to virtualized environments or the cloud. Rose advised that “complete discovery across all of your environments” be conducted immediately. You shouldn’t get into the specifics of their cases. One unified control plane that can be accessed locally or in the cloud is what you seek.