Strategies to cultivate collaboration between NetOps and SecOps

In this Help Net Security interview, Debby Briggs, CISO at Netscout, discusses breaking down silos between NetOps and SecOps. Practical steps include scheduling strategy meetings, understanding communication preferences, and fostering team collaboration.

With evolving cloud models, collaboration and clear role assignments become crucial. Automation and AI enhance incident response, while budget allocation impacts team efficacy. Choosing the right tools involves considering problem-solving capabilities, interoperability, and cost-effectiveness.

NetOps SecOps

Traditionally, NetOps and SecOps have operated in silos. What are some practical steps to breaking down these silos, and how does this impact the overall security and efficiency of business services?

Start by scheduling combined strategy meetings. In these meetings, you can discuss your 12–to 18-month roadmap and identify ways each team can help the other.

Next, it is essential to have an understanding of each team’s communication preferences. For instance, when the network team needs approval for a new firewall rule or policy, how can they communicate this effectively with the security team? Establishing communication procedures breaks down barriers that cost organizations valuable time and contributes to more efficient processes.

Lastly, do something outside of work that encourages team collaboration. Some examples: take a cooking class, go bowling, or simply share a meal. Establishing positive relationships outside of the office will benefit the work environment.

With the rise of cloud models and hybrid cloud paradigms, how have the roles of NetOps and SecOps evolved, and what challenges does this pose for team alignment?

As we all migrate to a cloud-first architecture, the roles of NetOps and SecOps have been changing. Moving to the cloud changed the technology to virtual devices and produced a faster demand for both the networking and security teams. Working together, the two teams can create secure images of firewalls, routers, and load balancers that the security team can then scan and ensure are hardened.

With this movement to the cloud, both teams need visibility and tools that work across environments. For example, the security team can utilize the network packet data that the NetOps team has to monitor for security events. SecOps can create dashboards and give NetOps access to their vulnerability management platform with a unique dashboard of the network devices. Another example: network device logs should be sent to the SecOps SEIM tool. The two teams can then work together to create alerts from the log data.

Everyone needs to have clarity on what their roles are in the hybrid cloud paradigms. I find a responsibility assignment matrix, or RACI chart, is a simple way to do this, as it is straightforward and easy to understand. I have seen the policies for firewalls, VPNs, DDoS appliances, and network segmentation be the responsibility of SecOps, that the NetOps team then implements.

How influential is a collaborative culture in bridging the gap between NetOps and SecOps teams, and what are some effective strategies to foster this culture within an organization?

Collaborative culture starts at the top. The leaders of these teams need to collaborate and communicate consistently. They cannot have a turf war over each team’s roles and must understand each team’s responsibilities. Whether it’s shadowing a member of the other team for a day or taking opportunities to get to know other teams outside of work, establishing a collaborative culture is an important long-term investment for mutual success.

What is the role of automation and AI in enhancing the collaboration between NetOps and SecOps, particularly in incident response and threat detection?

AI and automation will blur the lines between these two teams, as projects focused on these elements are ones that can be tackled together. For example, having your vulnerability management tool automatically open tickets for other IT teams can create a feeling that the security team is dumping vulnerabilities over the wall. Each needs to think about what the automation will look like to the other team and proceed accordingly.

How do you manage budgetary control and resource allocation between NetOps and SecOps, and what impact does this have on the efficacy of each team?

If security teams can secure a decent budget, it should be allocated towards tools, automation, and AI capabilities that both teams can use and benefit from.

The SecOps team tends to secure the budget as they take in risks to the company. For instance, if a project is done how does it reduce risks and if the project is not done, what risks does the company retain? The automation and AI tools are using network traffic (packet data) to create workflows/automation and AI tools are using this data to feed into Large Language Models (LLMs.) Both teams can utilize this AI LLM to solve network and security issues.

Given the wide array of software and tools available, what criteria do you use to choose the right ones for optimizing NetOps and SecOps?

1. What problem does the tool solve?
2. Do we have a tool that already does this? Interoperability is key.
3. Do you have existing tools whose capabilities overlap these?
3. If you are using a SaaS-based tool, when does the contract expire? How long have you had this tool? Has technology changed in space and, if so, can you get a tool with more features that is less expensive?

Don't miss