For the Army National Guard (ANG), getting information in near-real time is imperative. Each Army National Guard soldier must be able to securely access data and other IT services wherever their duty takes them. To make this happen at scale is a significant undertaking, so the ANG has built a formidable network鈥攖he DoDIN-A(NG)鈥攖hat connects its user base of 450,000 people spanning 11 time zones. The network, previously known as GuardNet, is now one of the largest closed networks in the world.
Securing and ensuring the uptime of the network, while maintaining compliance, is a massive challenge. But thanks to the power of automation, it鈥檚 a challenge IT leaders have met head on. Let鈥檚 look at three best practices the Army National Guard is employing to secure, manage, and monitor its unique and dynamic network environment.
Ensuring compliance on a large scale
A key aspect of managing risk in Department of Defense (DoD) environments is compliance with Security Technical Implementation Guides or . Each STIG contains rules on security hardening and maintenance processes for a myriad of networks and IT systems with which all DoD IT assets must comply. Monitoring network configurations against these compliance policies across the massive DoDIN-A(NG) infrastructure is a painstaking process. This isn鈥檛 just a compliance issue. Any configuration changes in the network can lead to security breaches, outages, and slowdowns.
To mitigate this risk and ensure compliance, ANG depends on automation.
Configuration drift is inevitable, but ANG has deployed a monitoring best practice to automatically detect any deviation from a baseline configuration and proactively notify network administrators in near-real time. They can then drill deeper for more information such as who made the configuration change, what changed, and any related performance impact.
Automation also streamlines the process of configuration updates across the entire infrastructure. Instead of pushing updates to one device at a time, administrators can roll out global configuration updates to selected devices in the DoDIN-A(NG) environment鈥攁 huge time saver.
Achieving true continuous monitoring
Continuous network monitoring is an integral part of NIST鈥檚 Risk Management Framework for federal information systems and is intended to move security monitoring and auditing away from a point-in-time 鈥渙ne and done鈥 mentality.
Because threat actors are constantly probing networks for vulnerabilities, ANG employs continuous monitoring across the DoDIN-A(NG) network to automatically identify and remediate areas of risk such as policy changes on devices, non-compliant patches, FISMA compliance violations, and more鈥攁ll in near-real time. If anything strays from the norm, automated alerts ensure no vulnerability goes unchecked.
Because Command Cyber Readiness Inspections (CCRI) and STIG auditors want documented evidence of continued compliance, ANG鈥檚 monitoring capabilities also ensure data is collected and stored from across the network making it easy to generate compliance reports.
Unparalleled global network visibility
Knowing what鈥檚 going on with all the network devices on DoDIN-A(NG) involves staying on top of millions of moving parts across geographically dispersed environments. To help network administrators know what鈥檚 up, what鈥檚 down, and what鈥檚 not performing as expected, the ANG has adopted a holistic, single-pane-of-glass view of the entire network鈥攌nown as OCULUS.
Easily customizable to meet the needs of service owners, OCULUS鈥 intuitive, consolidated map-based views allow the ANG鈥檚 Network and Security Operations Center to visualize network health, identify rogue devices, and troubleshoot performance issues across the entire tech stack.
This unique approach to network monitoring proved an important enabler of the ANG鈥檚 shift to a work-from-home policy during the pandemic. Using OCULUS, administrators can display and monitor the performance of ANG鈥檚 VPN remote access services across the globe. OCULUS provides automatic visibility down to the customer level including the names of who鈥檚 connected, the length of the connection, data transmitted, and more鈥攚hile being able to see the health of the domain and troubleshoot possible issues.
The striking visual impact of the system also provides a persuasive display of performance to senior management and aids in advocacy for funding.
Applying lessons learned across the DoD
At the end of the day, saving time, realizing efficiencies, eliminating human error, and simplifying compliance is the end goal of any IT leader within the DoD. As unique as the ANG network is, by leveraging these same best practices鈥攏otably automation鈥攐ther defense organizations will be better equipped to manage and secure the complex networks needed to execute their missions, without burdening their finite resources.
for more information on one the largest closed network and how the DoD is using automation to support the security of data and other sensitive information.
