Cover Feature Cyber Security
Unearth the power of ITSM convergence
E By Tony Campbell ACSM Editor
nterprises that run their own IT systems, or rely on service providers managing it for them, normally have several different teams providing network operations, security operations and overall service management. What’s interesting about this approach is that there is often duplication of effort across these groups, with cyber security insights gained in any team other than security falling into an operational void. Let’s look at the justification for conjoined network and security operations teams, as well as the tools and processes they might use to do their job.
Network Ops and Security Ops Network operations teams manage the health of the enterprise’s network, managing routers, switches, network quality of service and troubleshooting issues with connectivity when users or systems go offline. The systems used by network operations teams are powerful administrative tools capable of analysing, at the packet level, the data traversing the business’s wired ethernet networks, Wi-Fi systems and even out to its cloud connected-systems. The security operations team will look at systems from the perspective of potential compromises and identify
24 | Australian Cyber Security Magazine
possible attacks and patterns of user behaviour that might be indicative of malicious intent. Security analysts monitor similar tools to that of the network team, just looking at the data through a different lens. You can immediately see that the focus of the network and security teams are slightly different but, in many aspects, aligned. Most businesses, however, segregate these activities since the former is about keeping the network running (available) while the latter focuses on stopping cyber-attacks. This leads to organisations investing thousands of dollars on two sets of administrative tools to perform, largely, what are the same activities.
Redesigning NetSecOps Instead of considering these aspects of IT service management as separate, take a step back and look at the activities both undertake on a daily basis. Many of the tools used in security operations can provide valuable insight to the network team, and vice versa. For example, a Security Information and Event Management (SIEM) system ingests security event logs from the enterprise’s network systems and correlates on patterns related to attacks. Fundamentally, that is what a SIEM does. In the
