Network security is ripe for automation -- except when it isn't [Q&A]

According to one analyst estimate, the market for network automation tools will grow nearly 23 percent annually from 2022-2030.

While many IT professionals are familiar with automation of business processes, they are likely less familiar with its applications in network operations (NetOps) and security. As automation technology is maturing, organizations are using network automation solutions to transform their core workflows, including troubleshooting, change management and network security, for more efficient and effective network operations.

This reduces the burden on network and security engineers, allows other members of the IT team to take on some of these tasks, and ultimately improves network performance and security. We spoke to Song Pang, SVP of engineering at NetBrain Technologies to find out more about automating security operations as well as the pitfalls to avoid.

BN: What areas of network and security operations are a good fit for automation?

SP: While there are many types of automation solutions, no-code network automation technology can be used for many tasks within NetOps and SecOps. Here are a few areas no-code network automation is particularly well-suited for, but this is not an exhaustive list by any means:

• Network assessments. These are difficult and time-consuming to do (checking every device port, failover link or cloud service manually on an enterprise scale isn't feasible), expensive to outsource and add limited value because of how long it takes to conduct an assessment. As a result, assessments usually only happen when a fiscal event trigger them, when preparing for a data center or cloud migration project, or in preparation for an audit or merger and acquisition activity. But no-code automation can assess a significantly broader set of operating conditions, and can be conducted continuously, immediately creating value and detecting issues before they impact production services. This makes automated assessments a more strategic approach to NetOps.
• Preventing configuration drift. Over time, networks tend to move away from their original configurations due to normal change management activities. This is a leading cause of service outages. Automation can continuously verify the ability for a digital infrastructure to support the organization's core business services and identify deviations that need to be corrected before they cause production problems.
• Continuously checking security policies are in place. Over time, the unintended consequences of normal network updates, maintenance and other changes can bring a network out of alignment with security policies. The configuration of firewalls, SIEMs, and other security tools also tend to deviate from their intended settings over time. Maybe an exception was created to a firewall rule for a contractor working on a specific project, but the exception was never removed after the project ended. Maybe an insecure port wasn't closed on a new batch of network devices. Automated testing can check that these important policies and best practices are still being followed and thus limit the attack surfaces proactively.

BN: How should organizations pick the tasks to automate? What criteria should they use and what technical limitations are there?

SP: Any repetitive task, regardless of complexity, is a good candidate for automation. Automation should not be treated as a large scope project, but should be accessible to everyone on a daily basis. Until recently, network automation required teams of developers to spend months and years defining automation and then developing the software, so organizations had to restrict automation projects to only the most static long-term tasks. But as no-code automation technology has proven, any network and security engineers can create automation based upon their subject matter expertise and the experience of solving problems. Through this democratization, nearly any task can be automated, including those that may have been judged not important enough or not complicated enough to warrant the investment in the past.

Here are some examples of tasks that are a good fit for automation, but there are many more:

• Maintaining suitable QoS profiles required to deliver crisp VoIP calls
• Preventing insecure protocol use (e.g. TELNET)
• Maintaining the performance of key applications due to minimal latency thresholds
• Tracking the overall throughput to the public cloud which is shared by many applications
• Monitoring CPU and Memory utilization of all of the core routers and firewalls
• Mirroring of high-availability pairs to assure that configurations always match
• Testing the ports that are accessible on every device connected to the network

BN: Are there tasks that are too small or too big to automate?

SP: No task is too small to be automated, thanks to the growth of no-code tools. Without these no-code tools, network automation would continue to be limited in application, and would largely consist of engineers that knew Python or another scripting. Now security and NetOps engineers can automate tasks directly without the use of programming.

In the past, complicated automation projects often became long, drawn-out affairs with huge teams of developers with little understanding of network technology. No wonder they failed since these attempts were usually developer-centric, required extreme detail in functional specification, were rigid in their design and maintainability, and had development costs which have far exceeded the originally anticipated value of undertaking such a challenge. This legacy has left many IT leaders cautious of automation and, in some cases, led them to overlook the value many other enterprises are already realizing today.

BN: Is the goal to have NetOps or SecOps be entirely automated?

SP: Not at all. Every operation consists of dozens of steps. Automation may prove perfect at automating two-thirds of those steps, but the SME would be best suited for the remainder. For example, perhaps a few routine diagnostic tests can be set to run automatically when a trouble ticket is opened in ServiceNow. Even if that automation saves forty minutes prior to when a human analyst investigates it, those savings will add up quickly, especially at the scale of an enterprise. No-code automation is a game-changing solution for capturing the knowledge of existing subject matter experts and making it available (in the form of automation) to everyone else.

BN: Where is the biggest value of automation in the security context?

SP: Automation can verify if security policies are actually being followed in the wild and prevent configuration drift and unintended consequences from creating flaws and weaknesses in the organization’s security posture. Real-time network conditions can be tested continuously to identify situations where the behaviors being delivered are not expected, and once identified, bring subject matter expertise into use. This kind of testing simply can’t be done manually on the scale necessary at an enterprise organization with tens of thousands of users and devices. In a typical security posture of 'Trust but Verify', network automation adds the 'Verify' portion.

This continuous, automated testing allows security teams to verify that enterprise-wide and granular security policies, access controls, rules-based routing schemes, and edge access restrictions are being followed. This adds an invaluable and often missing link for network security and directly supports all the investments made in security hardware and software.

BN: What are the most common mistakes or roadblocks made while automating for security and NetOps, and how can they be avoided?

SP: Many IT leaders limit their use of automation because they have been a part of too many unsuccessful automation projects in the past. They often don't fully understand how much automation technology has changed and will only try to automate complicated or mission-critical tasks, because they overestimate the amount of work that automation will involve and are pessimistic on the ultimate value they will receive.

To avoid selling themselves short, IT leaders should start by looking at the most common types of incidents being experiences, and then study the steps needed to resolve each. What they will find is that only a few dozen types of problems actually occur in total, and the steps involved in each can be largely automated. Offloading routine tasks from the to-do list of busy engineers will free them up for more important work and ultimately improve the performance, security and reliability of enterprise networks.

BN: What's the status of no-code automation tools for this? How accessible is automation to the typical enterprise?

SP: No-code tools are available today, making network automation accessible to ever subject matter expert in a typical enterprise. By providing a scalable network automation platform with the ability to capture automation created by every SME, and then making that automation available across the network and all the support teams who service the organization, no-code network automation changes the very role of the NetOps function.

BN: Doesn't AI and ML replace the need for automation?

SP: No. When talking about network operations, AI and ML are solving for a different problem. ML and AI attempt to find the solution to complex problems by observing large data sets and attempting to find common scenarios and results. ironically, every enterprise already has the problem-solving experience and knowledge among its existing IT staff to diagnose and fix virtually all NetOps problems. They don’t need ML/AI to find the fix, they simply need to scale the knowledge they already possess. Once that knowledge has been captured and recorded, it's not a problem fir that one critical expert to be on vacation, in a different time zone, or otherwise unavailable. Other network engineers can access their stored knowledge to solve the problem. No-code network automation enables this knowledge and experience capture and sharing at enterprise scale.

Image credit: firefox/depositphotos.com