Using Automation to Advance Federal Network Efficiencies INDUSTRY PERSPECTIVE
Using Automation to Advance Federal Network Efficiencies 1
Introduction Every network deployed and maintained by the federal government today is brimming with data. A typical router, depending on how many interfaces it has, can generate millions of data points every few seconds. When you include all the routers, switches, servers, endpoints and devices attached to even a moderately-sized agency’s network, the number of potential data points being collected can reach into the millions, or even billions, every minute. Without an ability to analyze and act on it, all that data amounts to wasted potential insights for most agencies. No human or group of humans could possibly analyze so much data, and certainly not in any reasonable amount of time. Much of it is simply never examined, so its potential to drive efficiencies is lost. At the very best, specific data points could be collected if operators suspect that doing so might help them identify and solve problems. But doing so forces users to guess which specific data, a drop in the ocean of generated information, might contain useful insights. Even if the correct data is somehow targeted, it can take weeks or longer for humans to plow through it and arrive at a conclusion – one that may or may not help address the original question.
What is needed is a defined set of automatic processes working for operators on the receiving end. Network automation is the implementation of a combination of codified intelligence and business processes that enable organizations to understand information buried in their data. If deployed correctly, data can be captured and analyzed almost as fast as it’s being generated, with results coming to operators in seconds as opposed to weeks, or perhaps not at all. In this industry perspective, GovLoop partnered with Juniper Networks and Technica Corporation, leaders in advanced enterprise networking design and implementation, to discuss how automation can unlock the valuable information hidden in thousands of data points, leading to more data-driven decision making and rapid detection and resolution of network problems.
Industry Perspective 2
The Benefits of Automation Two areas where federal agencies can gain the most immediate benefits from network automation are security and compliance. The federal government faces increasingly sophisticated cyberattacks that can cost millions – the average consolidated total cost of a data breach is $4 million, according to the 2016 Ponemon Institute Cost of a Data Breach Study. And the government must routinely defend its information assets from diverse threat types, from relatively innocuous, nuisance viruses that users might incidentally encounter, to malicious and targeted campaigns created by criminals or nation-state-funded hackers armed with the latest advanced persistent threats (APT). The government, like most organizations, needs capabilities to quickly identify and mitigate actions of threat actors. The longer attackers are able to remain undetected inside any network, the more harm they potentially can do. They are aided in this effort by the sheer number of threats assaulting most networks. Security teams working in Network Operations Centers (NOCs) generally spend their days staring at computer screens, looking at hundreds or thousands of events and logs, or responding to every alert sent up by their security information and event management (SIEM) system. The volume of potential concerns is too much for most teams to handle effectively. This reality provides attackers with a distinct advantage as defenders grow weary of having to respond to constant, repetitive and unending threats. This alert and manual-response fatigue has led to a disturbing trend where networks are not only infected, but infections remain undetected for significant time periods. According to the Mandiant M-Trends 2016 Report, the median number of days an organization was compromised before it discovered a breach, or was notified about a breach, was 146.
Automation has the ability to reduce the detection-to-remediation time significantly, in many cases down to a few seconds. In an ideally designed automated system for cybersecurity, human analysts can train their systems to react exactly how they would respond if a low-level threat is detected. Thereafter, those threats can be handled automatically based on that training without further human intervention. For example, in an automated cybersecurity system, if an endpoint on a federal network becomes infected with a virus, that event will trigger a set of automatic processes, such as the elimination of the threat, a reinstallation of the core operating system, or a number of other pre-programmed responses that a human analyst would normally take. Handled using automation, there is no need for the problem to queue up waiting for a NOC security specialist to respond. Significantly, the potential threat does not go overlooked for days or weeks while the security team addresses more pressing matters. The threat is remediated at machine speed without requiring the attention of busy cybersecurity personnel. Automating the drudgery or sifting through lower-risk threats ensures they are responded to while freeing up analysts to focus on higher-risk potential intrusion or system compromise. Automated security actions are not carried out without the input of security analysts who direct and set in advance the responses they would take when faced with certain events. Control of the NOC is never lost to automation. Instead, the customary human responses to many of the low-level events that tend to jam up operations can be automated for timely and predictable response.
Using Automation to Advance Federal Network Efficiencies 3
An offshoot of security for many agencies, compliance, is another area that can directly benefit from automation. Instead of asking NOC teams to examine every system to ensure compliance with security and other regulatory requirements automation can be used to confirm that best practices are being enforced across the network. When a device is found to be non-compliant with agency guidelines or federal regulations, such as the November 2016 NIST guide to Dramatically Reducing Software Vulnerabilities, the National Industrial Security Program Operating Manual (NISPOM), and a number of other government guidelines, it can be automatically flagged or reconfigured to bring it into compliance. Automation also can be used to continually monitor new devices as they are connected to the network, ensuring sustained compliance with current and evolving requirements. Other extremely tedious and often thankless security tasks, like patch management, cry out for automation. Although not an appealing task scanning devices and servers, applying patches as needed, is an undeniable cornerstone of good cyber hygiene. According to Verizon’s 2016 Data Breach Investigations Report, most attacks still exploit known vulnerabilities that have never been fixed despite patches being available for months or years. In fact, the top ten known vulnerabilities accounted for 85 percent of all successful exploits over the past year. Instead of subjecting humans to this tedious but vitally important process, leveraging automation technology to handle these routine updates will improve any organization’s cybersecurity posture, while saving time.
Creating a Culture of Automation in Federal Agencies Automation has many benefits, especially once agency staff embrace this new way of doing business. There are three basic levels of automation, and most organizations need to start by helping users become accustomed to the idea that their machines will take on some portion of their workloads and how they can take advantage of greater efficiencies in network operations.
1.
The first level is human-driven automation. Many agencies employ this approach today, whether or not they consciously think about it. A human starts an automated process, perhaps studying the thousands of data points a router recorded over a certain period of time. The automated script runs and returns requested data to the operator. The human may manually make changes to the network, gather some new information and rerun the script to see if the change worked as intended. This is a good first step and can show the benefits of automation, but does not make a big dent in daily workloads or provide too much insight beyond specific queries.
2.
The second level, which is where most agencies need to get to, is event-driven automation. Here, humans still program the processes, but then remove themselves from the loop. Level two combines the scripts from level one into some type of framework. Thereafter, the network listens for pre-programmed triggers to occur, and then takes some action. The automation process can do almost anything that a human can, from making changes to alerting a supervisor to triggering a script to starting a new event process. The computers are never making any decisions on their own, merely reacting as programmed in response to human-generated instructions.
3.
The third and final level of automation adds in machine learning, where computers are able to program their own frameworks. We are probably several years away from widespread adoption of machine learning, however its potential is drawing a great deal of interest. Furthermore, by reaching level two, federal agencies and those they serve will realize measurable benefits in operational efficiency, accuracy, and improved customer experiences.
For federal professionals, this level of automation also has the advantage of reliable and consistent implementation of policies for auditing and compliance. Agencies can ensure that policies are being followed, because the computers are acting the same way each time based on their automation triggers. The intent is to eliminate errors and create a transparent and easily auditable process.
Industry Perspective 4
Best Practices for Automation Architectures Achieving the second level, event-driven automation, requires an event-driven network architecture. Network devices must be programmed so they can interface seamlessly with one another to take full advantage of automation capabilities. Devices operating within thoughtfully-designed automation architectures have common characteristics, including:
On-Device APIs
Full Configuration Rollback
Each device within an event-driven architecture should have the ability to run scripts natively onboard the device, from outside or in a hybrid configuration. This is vitally important for agency users who have a FIPS 140-2 device running on a closed network, where the device will need to run its automation scripts completely onboard.
If an automation script is not working as intended, any device in an event-driven architecture should have the ability to intelligently roll back to a previous configuration, undoing everything written during the problematic deployment.
Configuration Replacement
Structured Operational Data
Each device should be able to accept new configurations without rebooting or reloading.
Forcing users to deal with screen scrapes will inhibit automation. Devices should return information for analysis directly to automation controllers.
Knowing Configuration Differences
Device Configuration in Structured Formats Devices should be able to be programmed using a standard and common interface.
Atomic Configuration Changes Devices must accept all changes sent to them, rewriting just the part of the configuration file needed to ensure complete compliance with new instructions.
A device should be able to show all intelligent differences between a current configuration and a proposed new one, including everything added and removed, to help streamline agency approval processes.
Support for Industry-Standard Models Devices should support industry-standard configuration models, such as IETF and OpenConfig.
With an event-based architecture in place that supports all best practices, agencies will be able to branch out from automating physical networks. Once the framework is established, automation and optimization of virtual networks also is possible. Automation can be particularly effective in data centers for highly- advanced tasks, such as automatic provisioning of Software-Defined Networks (SDN) based on customer needs, establishing micro-segments over network fabrics for security and efficiency, and automating the application of services by applying service-chaining. The benefits of automation are significant. To take full advantage of the network efficiencies and improved cybersecurity and compliance opportunities that are possible, base networks must be well-constructed, and optimally, purpose-built with automation in mind from the outset. Using Automation to Advance Federal Network Efficiencies 5
Building Out the Best Automation Architecture With Juniper Networks & Technica Corporation The expeditious path to achieving the benefits of automation involves building out an automation-friendly, event-driven architecture designed to support a robust automation framework. That means selecting the best network devices, programs and applications, built with all eight of the top automation best practices included. Juniper Networks offers this capability to federal government agencies. Juniper Networks’ proven ability to work with customers to build effective automation architectures is based on the Junos Operating System (OS). Junos is XML-enabled and natively supports many open-source-based languages and frameworks. Each Juniper Networks device, from switches, to routers, to security appliances, support industry-standard
configuration models, including IETF and OpenConfig. Having a unified OS makes creating automation scripts universal across an entire network, with devices able to seamlessly communicate within an enterprise automation framework. To simplify the process further, Juniper Networks offers an entire suite of automation tools, which enables the rapid creation of rules and triggers, as well as templates that can be deployed across all Junos devices. Juniper’s automation tools are built based on open standards, meaning network staff do not need to be retrained and no new staff will be required to begin using the automation toolset. It’s probably unrealistic to think that any federal agency can completely standardize
exclusively on Juniper Networks equipment. While Juniper’s automation tools use open standards, there may be extra steps required to include third-party devices within an agency’s new automation framework. Juniper Networks has partnered with Technica Corporation to address these systems integration requirements. The staff of Technica Corporation are experts with Juniper Networks equipment, automation strategies, and the interfaces between Juniper devices and those from other vendors. Technica experts can use their agency implementation experience and engineering talent to quickly customize a Juniper-based automation solution tailored to meet the specific demands of each agency’s network environment.
Conclusion The benefits of automation for federal agency networks are practically unlimited, from security and compliance to visibility and efficiency to automatic deployment of advanced techniques like SDN and resource provisioning. To take advantage of these advanced capabilities, agencies need a strong foundation of tools designed to create an event-driven automation architecture supported by experienced professionals capable of implementing even the most technically-complex deployment to meet operational and mission objectives.
Industry Perspective 6
About Juniper Networks Juniper Networks challenges the status quo with products, solutions and services that transform the economics of networking. Our team co-innovates with customers and partners to deliver automated, scalable and secure networks with agility, performance and value. Find out more about how Juniper designs and deploys innovative infrastructure that’s open, reliable and trusted to support federal agency demands at Juniper Networks or connect with Juniper Federal on Twitter and LinkedIn.
About Technica Corporation Technica Corporation has been providing technology integration, professional services, products, and innovative technology solutions to defense, intelligence, law enforcement, and civilian agencies since 1991. We specialize in network operations and infrastructure; cyber defense and security; government application integration; software development and support; systems engineering and training; and product deployment planning, and support. Our research and development department provides customer-tailored, budget-sensitive solutions in emerging technologies such as big data analytics. As an experienced systems integrator, we serve as a trusted advisor to help you navigate the often complex government buying process and procure the services your agency needs.
About GovLoop GovLoop’s mission is to “connect government to improve government.” We aim to inspire public-sector professionals by serving as the knowledge network for government. GovLoop connects more than 250,000 members, fostering cross-government collaboration, solving common problems and advancing government careers. GovLoop is headquartered in Washington, D.C., with a team of dedicated professionals who share a commitment to connect and improve government. For more information about this report, please reach out to info@govloop.com.
Using Automation to Advance Federal Network Efficiencies 7
1152 15th St. NW, Suite 800 Washington, DC 20005 (202) 407-7421 F: (202) 407-7501 www.govloop.com @govloop
Industry Perspective 8