The Value of Automation to NetSecOps

by in IT Operations Management

Contributors: John Jackson and Matt Miller

I talked to a few of our solution architects about use cases for Micro Focus Network Automation (NA). They relayed this NetSecOps example, saving a customer a lot of time and preventing a repeat of a significant outage. I’ll explain.

Before automation

This scenario happens at many customer deployments; it is part of what developed the practice of NetSecOps. Security teams have the primary responsibility for securing an organization, particularly the IT infrastructure. Many security vulnerabilities are network-related. When the security team finds a network-related security issue, they contact the network team to implement a fix.

These reports could come from SANS or their network vendors. Some issues are attacks, and that is the situation we will discuss here.

In this case, a security team detects malicious traffic and collects the IP addresses in a spreadsheet. Next, a ticket to make a change in the firewalls to block those IP addresses is created. The network team gets the ticket and builds a configuration for each firewall. Since firewalls don’t upload spreadsheets, the data needs to be put into the format the firewall needs, a manual operation. The configuration is then uploaded to each of the firewalls manually. This user had 100s of firewalls.

Figure 1: The manual steps from malicious IP detected to updating a firewall.

Unfortunately, “to err is human.” And in this user’s situation, there was a typo in an IP address. That typo caused the firewall to interpret the IP address as 0.0.0.0, which told it to block all traffic. If firewalls blocked all traffic at your organization, what impact would that have – nothing good, I’m sure.

Beyond the error problem, this was a time-consuming process – almost one full-time person.

Automating configuration updates

Let’s see how Network Automation is used to help.

Once the network team gets the spreadsheet from the ticketing system Network Automation takes over.

Figure 2 – Network Automation creates change plans and configures firewalls.

They wrote a script that pulls the IP addresses from the spreadsheet and turns them into configuration changes for each firewall. It has error checking to avoid the problem mentioned above. This one-time effort of building the script provides significant benefits.

Here are the steps:

  1. Each time a ticket is received with the CSV file, the network team copies the file to the NA server and runs the script converting the IP addresses to configuration change files for the firewalls.
  2. NA asks for authorization to perform the change. Once approved, it moves to the next step.
  3. It records who authorized the change.
  4. NA takes a snapshot (configuration backup) of each firewall.
  5. NA loads the configuration changes into each firewall.
  6. NA closes the ticket in the ticketing system.
  7. It creates a complete audit trail of what changed when the change occurred and who authorized the change.

In the event of a problem, NA can restore the previous configuration to any or all firewalls.

Some might say "I could write a script to do that". Yes, one could, but it would take significant knowledge of each type of device, where NA already understands the devices and normalizes instruction across the device types. NA is also continuously updated with new devices which is just a pain to keep up with when maintaining your own code.

What’s the final benefit? For this customer, it took one full-time network team member per week to handle the updates. The automation takes a few mins per day—approximately a 40 to 1 reduction in staff time.

Recent and upcoming Network Operations Management events

See all the Micro Focus events Worldwide

Read all our news on the Network Operations Management blog.

Related Items

Labels:

Network Operations Management
Anonymous