Network engineers remain under considerable pressure to secure their networks. Even more so now that the FTC (in the US) has expanded rules on security breach reporting. Now when breaches occur, it’s more than just an obscure security or network team that deals with the fallout, it’s the boardroom that gets involved.

Suits in the data center

For those that don’t know what that’s like, I’ll share a brief story. Some (long) time ago I did a lot of work with the American Stock Exchange. I was at a software vendor, but our badges allowed us into the applications ops center at the AMEX that ran the trading applications and systems. Occasionally, there’d be people in there in suits… and when that happened, we (as vendors) knew to make ourselves scarce. Those were executives, and something was seriously not working properly when they were in there. It might be hard to empathize, but when executives stick their noses in your business, it’s stressful for us “regular folk”. That’s the kind of pressure network engineers now face when there is a suspected breach. Suits in the data center.

Zero Trust Network Operations

That’s why we’re launching Zero Trust Network Operations (ZTNO) as a framing for our Access Manager and Network Vulnerability Manager (NVM) products. When organizations have a zero trust initiative, network NetOps teams can participate using BackBox products to help secure the network in alignment to zero trust principles.

ZTNO uses the core BackBox Automation Platform for Network Teams, Access Manager, and Network Vulnerability Manager (NVM) to protect both humans and devices on the network.

Protecting humans

Access Manager allows BackBox to act as a governable jump box for all administrative activity performed by network engineers. BackBox can connect into credential vaults for richer password security options, while immutable activity auditing and video session recordings are used to help with compliance.

Protecting devices

The BackBox Automation Platform combined with NVM provides for onboarding compliance and vulnerability management. Once onboarded, continuous compliance ensure that devices remain 100% compliant with desired “golden configurations” and that vulnerabilities are immediately identified and remediated.

BackBox Product Roles in ZTNO

BackBox Automation Platform for Network Teams

Network Automation Manager is the core component of BackBox responsible for automating the administration of network and security devices. As it pertains to zero trust, Network Automation Manager is responsible for ensuring 100% configuration compliance; both as devices are onboarded and over time as natural configuration drift occurs.

Privileged Access Manager for Network Teams

All manual network engineering tasks require a solution like Privileged Access Manager (PAM) to manage administrator rights and compliance. This helps solve for two opposing desires – increasing the ability to inject change into the network while also decreasing the changes made by individuals. Ad hoc changes made by individuals add risk to the security and stability of the network and, as such, changes by individuals should be limited.

To do this, IT leaders and network administrators need a way to transition from network engineers having individual, direct accounts into their network and security devices to centralized accounts with a single access point to all devices.

This is the purpose of BackBox’s PAM. It is the central point of control, as well as a single place to audit and record administrator sessions for compliance. PAM ties into credential vaults, provides immutable logs, recording and auditing of sessions, and serves as the foundation for zero trust NetOps for human network administration. Applying the granularity of PAM to achieve zero trust objectives ensures all access is appropriate, managed, and documented, regardless of how the perimeter has been redefined.

Network Vulnerability Manager

Network Vulnerability Management (NVM) ensures that new devices are added to the network only after remediating known vulnerabilities. Over time, NVM ensures that devices stay protected and that as vulnerabilities are discovered, they are quickly patched or fixed.

Q&A

1. How do you enable zero trust through the CLI? With Access Manager you don’t have to trust that the network engineer is who they say they are. BackBox uses TACACS or a credential vault to secure access, and then has video logging and auditing of sessions.
2. How do you enable zero trust through device onboarding? A device gets added to the network, how do you know it adheres to the organization’s policies? Through automation. With BackBox, compliance policies are instantiated as automations that are run upon device discovery through the onboarding process. Compliance policies can either remediate non-compliance or report to network engineers for manual remediation.
3. How do you ensure that devices added to your network aren’t done so with known vulnerabilities? Simple. You check for known vulnerabilities and like with compliance remediate any vulnerabilities before the devices are added to the network. BackBox Network Vulnerability Manager provides risk scoring and insight into the vulnerability state of devices.
4. How do you make sure that zero trust policies stay in place? Through automation. Automations to check for policy compliance and vulnerabilities can be run regularly to ensure that devices stay compliant. Remediation can be automated or reported on for manual intervention.

To learn more, check out ZTNO on BackBox.com where you’ll find a solution brief, links to webinars, and an ability to try it for yourself.