By Omar Rafik, SolarWinds Senior Manager, Federal Sales Engineering
Here’s an interesting article by my colleague Jim Hansen. Jim offers three suggestions to help with security, including using automation and baselines. I agree with Jim that one of the keys is to try to keep security in the background, and I’d add it’s also important to be vigilant and stick to it.
Government networks will continue to be an appealing target for both foreign and domestic adversaries. Network administrators must find ways to keep the wolves at bay while still providing uninterrupted and seamless access to those who need it. Here are three things they can do to help maintain this delicate balance.
1. Gain Visibility and Establish a Baseline
Agency network admins must assess how many devices are connected to their networks and who’s using those devices. This information can help establish visibility into the scope of activity taking place, allow teams to expose shadow IT resources, and root out unauthorized devices and users. Administrators may also wish to consider whether or not to allow a number of those devices to continue to operate.
Then, teams can gain a baseline understanding of what’s considered normal and monitor from there. They can set up alerts to notify them of unauthorized devices or suspicious network activity outside the realm of normal behavior.
All this monitoring can be done in the background, without interrupting user workflows. The only time users might get notified is if their device or activity is raising a red flag.
2. Automate Security Processes
Many network vulnerabilities are caused by human error or malicious insiders. Government networks comprise many different users, devices, and locations, and it can be difficult for administrators to detect when something as simple as a network configuration error occurs, particularly if they’re relying on manual network monitoring processes.
Administrators should create policies outlining approval levels and change management processes so network configuration changes aren’t made without approval and supporting documentation.
They can also employ an automated system running in the background to support these policies and track unauthorized or erroneous configuration changes. The system can scan for unauthorized or inconsistent configuration changes falling outside the norm. It can also look for non-compliant devices, failed backups, and even policy violations.
When a problem arises, the system can automatically correct the issue while the IT administrator surgically targets the problem. There’s no need to perform a large-scale network shutdown.
Automated and continuous monitoring for government IT can go well beyond configuration management, of course. Agencies can use automated systems to monitor user logs and events for compliance with agency security policies. They can also track user devices and automatically enforce device policies to help ensure no rogue devices are using the network.
Forensic data captured by the automated system can help trace the incident back to the source and directly address the problem. Through artificial intelligence and machine learning, the system can then use the data to learn about what happened and apply that knowledge to better mitigate future incidents.
3. Lock down security without compromising productivity
The systems and strategies outlined above can maintain network security for government agencies without interfering with workers’ productivity. Only when and if something comes up is a user affected, and even then, the response will likely be as unobtrusive as simply denying network access to that person.
In the past, that kind of environment has come with a cost. IT professionals have had to make a choice between providing users with unfettered access to the tools and information they need to work or tightening security to the point of restriction.
Fortunately, that approach is no longer necessary. Today, federal IT administrators can put security at the forefront by making it work for them in the background. They can let the workers work—and keep the hackers at bay.
Find the full article on GCN.
The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.