Lessons from a CISO: security and networking trends

Tufin's John Parmley, area VP, sat down with Larry Brock, former CISO at DuPont, to discuss network segmentation, automation, and managing a multi-vendor network.

Organizations large and small are segmenting their networks, rapidly moving down the path of security zones in direct response to cyber events and security best practices.  This shift is resulting in a dramatic growth in the number of firewalls, managed routers, and switches. According to Larry Brock, former CISO at DuPont, “It went from something that a couple people could manage to something that required a large team to manage.” The explosion of device counts along with additional next-gen firewall functionality is creating an overhead burden many organizations didn't anticipate and are now struggling with.

To alleviate this increasing complexity, organizations are now automating the change life-cycle and management of these devices. If organizations don't embrace automation, and more specifically orchestration, they'll fall behind. According to Brock, “The complexity, the explosion with the numbers, the challenges to find resources, the ability to report to whatever compliance organization, whether internal or external – all those things drive the requirement to automate.”

Brock goes on to say that regarding the growth in security challenges, “If it's not automated, you will have some security lapses, or you will have situations where the firewall may not be managed properly or may allow certain things to occur that would be outside of your normal policies or outside of the compliance requirements, and you can introduce some weaknesses into those firewalls.” This is typically a result of human error. Brock also reiterates the value and necessity of a single pane of glass when managing multi-vendor networks. As the number of firewalls continues to grow, Brock says that organizations need a way to “look across all these different environments to be able to get that one picture, that one pane of glass, to be able to see that all your policies are coherent, they're integrated and they aren't conflicting.”  This strategy needs to extend beyond traditional network security and to cloud as well.

Lastly, the interview looks at how policy-based orchestration will solve or reconcile challenges surrounding real-time regulatory compliance. Brock says that when an organization is able to define what policies they want to implement and enforce those policies across the entire network, regardless of the number of vendors present in the environment, they can ensure that policies are truly being implemented and enforced on a continuous basis.

View the full interview on the Tufin YouTube channel.