Network administrators have long dreamt of simpler security management. They have searched for a way to streamline the management of the various devices that keep networks secure – especially when those devices come from different vendors, manufactures and resellers. Security startup NetCitadel aims to unify the management of those semi-related devices into a single paradigm.
Announced January 29 and officially launched at the recent RSA event, NetCitadel's OneControl Security Orchestration Platform offers a modular management approach to enterprise security, allowing administrators to automate security orchestration across platforms, computing environments and devices. This capability is proving vital in today's ever-changing network landscape.
OneControl augments or replaces vendor-specific management solutions by creating an abstracted user interface that configures firewalls, switches and routers. OneControl's approach allows the product to operate in different environments by pushing a common policy language. The language describes security policy declarations independent of vendor-defined policies. OneControl's policies are applied to groups of hosts, eliminating the fragmented management associated with independent security hardware vendors.
A Closer Look at OneControl
NetCitadel provided me with access to a fully functioning test environment, which incorporated products from a variety of vendors and devices and bore a strong resemblance to a real-world production network. First, I should explain how OneControl is deployed. The product comes as a virtual appliance, which can be hosted at a cloud services provider without reducing the service’s capabilities. Regardless of the provisioning style used (cloud-based, private cloud or onsite virtual appliance), OneControl offers an expansive feature set that uses APIs to access, control and recalibrate security devices across the network.
NetCitadel's underlying technology offers a new standard for security management, one that differs immensely from the divided, device-dependent approach used by most security appliance vendors. NetCitadel calls this new methodology "Security Orchestration," which brings to mind a conductor leading a variety of musicians to create a cohesive song. OneControl is the conductor, while the various network devices act as the instruments.
In practice, OneControl works by automatically getting information about the network and creating a map of physical, virtual and cloud environments that contain a range of security infrastructure and vendor devices. That map is used to associate policies with specific groups of devices on the network, allowing administrators to create comprehensive security policies without dealing with the details of a particular hardware platform or device. The process allows administrators to think about the security policies holistically—not about how those policies are handled on a device-by-device basis.
The discovery process works by using APIs to connect to the network's infrastructure management systems. OneControl is able to communicate with all of the major vendor products, including VMWare, Cisco, Juniper and so on. What's more, the product can use a variety of data sources to identify, monitor and interpret security events. Those sources include DNS, Web APIs, Virtual Environments and Cloud Environments.
Automated discovery and data gathering greatly reduces the need to manually detect changes and remap security relationships. In other words, if an administrator adds a device or server to the network, OneControl automatically detects the change and pushes the appropriate security policy to make sure the new device falls within company guidelines. Those policies interact with a number of authentication schemes, such as AD, LDAP, RADIUS and TACACS+. Thus, they're able to integrate with user access controls and user validation.
I spent a significant amount of time working with OneControl's administrative interface, which is a browser-based GUI that incorporates a management dashboard. The primary dashboard is a good starting place to determine security operations across the network with just a glance. It offers tabs that make evaluating the current security status of the infrastructure easy. The dashboard also includes a summary of the system's status, as well as information on recent changes, recent policy deployments and the statuses of dynamic objects (mapped security relationships).
The NetCitadel dashboard
Of course, there are other menu choices, ones for configuration, data source definition, deployment and administration. Those other menu choices define and administer the policies that drive automated security across the enterprise.
For example, the configuration screen is arranged by device type and provides information about the detected devices. I was able to filter those devices by brand, address, service and so on to quickly create makeshift lists of devices to configure. It was also easy to compare the configurations across multiple devices, making mistakes significantly less likely.
The Data Sources menu allows administrators to define the data sources used by the system. It is simple to use, and I was able to quickly make changes as needed. The deployment menu proves to be a little more complex, simply because one has to remember that there is a correlation between physical network devices and dynamic objects. First-time users might have trouble adjusting to that concept.
I found that the easiest way to understand the new security orchestration was to forget about the physical parts and focus solely on the virtual objects defined by the system. Once I was able to shift my mindset, understanding the deployment of policies and controls became easy. All it took was looking at the big picture rather than at the individual pieces that made up the network's security infrastructure.
One can also use the administration menu to set up users, domains and virtual appliance settings, as well as to create change-lists. Though the product has limited reporting capabilities, I could quickly pinpoint changes that might affect system-wide security by identifying past adjustments from the change-list. What's more, the auditing module allowed me to filter events by date, user and other variables.
Another notable portion of the administration module is administrative user management, where OneControl’s users and administrators can be defined and managed. This feature effectively logs OneControl's user activity.
All things considered, NetCitadel's OneControl offers security administrators certain advantages when dealing with heterogeneous networks. The product's paradigm of automated discovery, policy enforcement and dynamic definitions could transform the way companies manage security. Those who face challenges from multivendor networks should give it a closer look.