Discovering and analyzing network configuration parameters along the service path is key to be able to isolate where exactly customer impacts are occurring, and where hidden security vulnerabilities may lurk. Similar to gold standard VM image management in a traditional IT environment, service providers require strategies to import, update, define and manage the lifecycles of “Gold Standard” service templates. Furthermore, using these templates in a proactive, automated fashion to scan the configuration of service chains helps eliminate configuration issues in the first place.
Privileged identity access management strategies must provide granular access control, flexibility, auditability and ease-of-use. Identity data provides critical forensic information. Correlating security events with network configuration data changes or anomalies provides a powerful strategy for service providers to prevent, detect, neutralize and threats. Behavioral analytics helps service providers predict.
Network configuration management is a process by which configuration changes are proposed, reviewed, approved, implemented, verified, and re-verified. Implementing configuration management best practice is not only essential to assure network quality but also to mitigate security risks. Often vulnerabilities are the result of misconfigured network security policies.
The definition of identity access management must expand to include people, processes, and systems and provide contextual awareness. Technologies including SDN and NFV drive the need for new approaches to holistic network security. The notion of a Secure Network Auditing Platform has emerged which combines identity access management, continuous network configuration data auditing, with value-added network behavior analytics. Learning expected network behavior, correlating network security access events with network configuration changes allows service providers to detect anomalies in order to anticipate, prevent, pin-point, and isolate security policy violations.