I’ve been seeing many organizations with highly segregated (“air gapped”) networks lately. An interesting effect of this design pattern is the need to replicate security infrastructure or to design those components in such a way that the lack of connection between networks is not a major roadblock to security processes.
A common example is the use of Vulnerability Assessment tools. The deployment of VA scanners is usually straightforward and dependent on number of devices to be scanned and bandwidth limitations, but when there are networks completely isolated, the organizations must consider additional challenges; how the scanners will be updated with new tests? How to apply updates and new versions? How to monitor the status of the scanning jobs? And, after they complete, how to move the results to a centralized system to produce a consolidated view (actually…is a consolidated view needed? Should we keep completely separate Vulnerability Assessment tools?).
Another interesting case affected by that design is SIEM. Someone with two completely separate networks asked me recently if they should use the same tool for both (the use of two SIEM instances was already decided). I believe that even when there’s no connection between the two systems it still makes sense to use the same technology, as skills, processes, license deals and even some content can and should be shared.
Air gapping networks is probably one of the most effective controls (not fail-proof, however; think Stuxnet, for example) to protectice highly sensitive systems. However, it is important to understand the impact of having separate networks to other security controls, specially monitoring systems and processes. The trade-off most likely makes sense, but it is there anyway and has to be taken into account.
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.