Operationalizing Security

I have been spending a lot of time trying to understand the best ways to plan, build and augment security operations. From operations policy to staffing to procedures to best practices, I am always wondering what the best way(s) are to maintain and operationalize security expertise.

From the Service Provider community we are seeing a few different models, and I would like to cover as many as possible.

1. Customer specific Security Operations teams for tier one through tier four assistance.

2. Service specific teams for network, security, and access services.

3. Blended engineering and operations teams to do both network and security.

4. Tier Four expert operations team fed by all NOC / TAC / SOC / Support teams.

5. Ninja warrior soldier style operations – one guy, one network, one truth.

I am interested in collecting thoughts and experiences around some of these models – good, bad or indifferent and expanding a bit here on the blog. The goal is to really understand what works, what doesn’t and why with an emphasis on comments from real world experiences. Links and best practices encouraged and welcome.

So if you are willing to share your security ops knowledge and experiences feel free to drop me a line at doug@arbor.net. I will summarize and post my findings here at some point. Thanks in advance.

3 Responses to “Operationalizing Security”

May 11, 2007 at 9:04 am, Adam G. Enfield said:

Doug –

We are a service provider who uses Arbor PeakFlow products and have a Product Development staff with a vivid imagination. Understand that I am a bit of a skeptic but I am also not a neophyte. I have been in networking since “the dawn of time.”

I am going to be very interested to hear what the contributors think because I am interested in what the customer is willing to pay. Security has always, in my opinion only, been a foundation of the “Enterprise” and attempting to turn it into a commodity function has huge challenges. Yes, the ATT’s and Verizons might be able to scale but smaller ($2 billion???) providers might find it hard to do more than pull off item #3 in your list.

Why? Because the customer base is not willing to shell out what it would take to build what we (you and I) would consider a “high quality” technical solution. I believe we will end up with a half-assed watered down “eh… good enough” security product offering because the customer will be hard-pressed to part with more than $100 for a service… God forbid that they know what they REALLY want because security is not a hobby and god forbid that you tell them what they need less you risk liability for either completely blowing it or inadvertantly hamper their traffic.

So… I am very interested in this topic. Mind you, I am not a Security Specialist (nor do I play one on TV) but I am partially responsible for defining a solution when our Product Managers are getting drunk and have pen and barnaps at their fingertips.

Keep me in the loop please.

AGE

May 18, 2007 at 9:26 am, Liquidmatrix Security Digest » Security Briefing: May 18th said:

[…] Operationalizing Security […]

May 30, 2007 at 10:16 am, dfleming said:

Looks like I replied to the wrong post.

Thanks Adam – in terms of service launch, the operational portion is the most challenging – both from a provider and vendor perspective. What I am trying to understand is what constitutes the delta between your perspective and your PD folks so that we can build better process and product.

You wouldn’t happen to be going to NANOG 40 in Bellevue so we could continue this conversation (-: ? If not, please drop me a line in private.

Thanks, and will definitely keep you in the loop.

Comments are closed.