I’ve been seeing many organizations with highly segregated (“air gapped”) networks lately. An interesting effect of this design pattern is the need to replicate security infrastructure or to design those components in such a way that the lack of connection between networks is not a major roadblock to security processes.
A common example is the use of Vulnerability Assessment tools. The deployment of VA scanners is usually straightforward and dependent on number of devices to be scanned and bandwidth limitations, but when there are networks completely isolated, the organizations must consider additional challenges; how the scanners will be updated with new tests? How to apply updates and new versions? How to monitor the status of the scanning jobs? And, after they complete, how to move the results to a centralized system to produce a consolidated view (actually…is a consolidated view needed? Should we keep completely separate Vulnerability Assessment tools?).
Another interesting case affected by that design is SIEM. Someone with two completely separate networks asked me recently if they should use the same tool for both (the use of two SIEM instances was already decided). I believe that even when there’s no connection between the two systems it still makes sense to use the same technology, as skills, processes, license deals and even some content can and should be shared.
Air gapping networks is probably one of the most effective controls (not fail-proof, however; think Stuxnet, for example) to protectice highly sensitive systems. However, it is important to understand the impact of having separate networks to other security controls, specially monitoring systems and processes. The trade-off most likely makes sense, but it is there anyway and has to be taken into account.