There are five key places administrators can add automation to enhance network security:
- User access management
- Network configuration and change management
- Patch management
- System monitoring
- Asset discovery and management
User access management offers an automated user provisioning system. This handles the workflows for requesting and approving what resources an employee can access and making sure all the appropriate privileges are assigned. Automating these functions will ease the burden of remembering to properly remove privileges when the user no longer needs access to those resources.
By automating network configuration and change management you enable network administrators to perform simple and repetitive tasks on the network — such as updating port settings, changing administrative passwords or even adjusting access control lists. Because the entire process is automated, say with a script, it is easy to log when and how any changes were made and which systems or accounts were affected.
Automated network management software helps administrators establish regular patch-management procedures so that they don’t fall behind or miss systems.
System monitoring can look for load imbalances or detect unusually high network volume.
Automatic asset discovery is a good way to find out exactly what systems are on the network. There may be machines that need to be taken offline, or unknown rogues lurking on the network. The asset management tools also can make sure hardware and software licenses are up-to-date.
Network security automation acceptance grows
Twitter uses automation tools to verify the security of its code, according to Alex Smolen, a software engineer on Twitter’s product security team, who spoke at a recent Security Development Conference in San Francisco. Application security teams wanted to get the right vulnerability information to the right teams so that the bugs would get faster. Manual tasks, such as code review, penetration testing, and external reporting can all be either fully or partially automated.
The U.S. federal government is looking at automation for threat detection. The Department of Homeland Security is developing Einstein, an advanced intrusion and detection/prevention system that will be offered as a managed service. Initially deployed in 2004 to detect and block malicious activity across the .gov domain, the upcoming version of Einstein would not only provide analysts with information necessary to block malicious traffic, it would also automatically block said traffic before it enters government networks.
The National Institute of Standards and Technology developed the Security Content Automation Protocol, a suite of interoperable specifications that federal agencies can use to create a standards-based security environment. The current version, SCAP 1.2, deals primarily with endpoint compliance for configuration requirements. This means federal agencies should be setting up automated processes for configuration, as well as vulnerability and patch management.