For the Army National Guard (ANG), getting information in near-real time is imperative. Each Army National Guard soldier must be able to securely access data and other IT services wherever their duty takes them. To make this happen at scale is a significant undertaking, so the ANG has built a formidable network—the DoDIN-A(NG)—that connects its user base of 450,000 people spanning 11 time zones. The network, previously known as GuardNet, is now one of the largest closed networks in the world.
Securing and ensuring the uptime of the network, while maintaining compliance, is a massive challenge. But thanks to the power of automation, it’s a challenge IT leaders have met head on. Let’s look at three best practices the Army National Guard is employing to secure, manage, and monitor its unique and dynamic network environment.
Ensuring compliance on a large scale
A key aspect of managing risk in Department of Defense (DoD) environments is compliance with Security Technical Implementation Guides or STIGs. Each STIG contains rules on security hardening and maintenance processes for a myriad of networks and IT systems with which all DoD IT assets must comply. Monitoring network configurations against these compliance policies across the massive DoDIN-A(NG) infrastructure is a painstaking process. This isn’t just a compliance issue. Any configuration changes in the network can lead to security breaches, outages, and slowdowns.
To mitigate this risk and ensure compliance, ANG depends on automation.
Configuration drift is inevitable, but ANG has deployed a monitoring best practice to automatically detect any deviation from a baseline configuration and proactively notify network administrators in near-real time. They can then drill deeper for more information such as who made the configuration change, what changed, and any related performance impact.
Automation also streamlines the process of configuration updates across the entire infrastructure. Instead of pushing updates to one device at a time, administrators can roll out global configuration updates to selected devices in the DoDIN-A(NG) environment—a huge time saver.
Achieving true continuous monitoring
Continuous network monitoring is an integral part of NIST’s Risk Management Framework for federal information systems and is intended to move security monitoring and auditing away from a point-in-time “one and done” mentality.
Because threat actors are constantly probing networks for vulnerabilities, ANG employs continuous monitoring across the DoDIN-A(NG) network to automatically identify and remediate areas of risk such as policy changes on devices, non-compliant patches, FISMA compliance violations, and more—all in near-real time. If anything strays from the norm, automated alerts ensure no vulnerability goes unchecked.
Because Command Cyber Readiness Inspections (CCRI) and STIG auditors want documented evidence of continued compliance, ANG’s monitoring capabilities also ensure data is collected and stored from across the network making it easy to generate compliance reports.
Unparalleled global network visibility
Knowing what’s going on with all the network devices on DoDIN-A(NG) involves staying on top of millions of moving parts across geographically dispersed environments. To help network administrators know what’s up, what’s down, and what’s not performing as expected, the ANG has adopted a holistic, single-pane-of-glass view of the entire network—known as OCULUS.
Easily customizable to meet the needs of service owners, OCULUS’ intuitive, consolidated map-based views allow the ANG’s Network and Security Operations Center to visualize network health, identify rogue devices, and troubleshoot performance issues across the entire tech stack.
This unique approach to network monitoring proved an important enabler of the ANG’s shift to a work-from-home policy during the pandemic. Using OCULUS, administrators can display and monitor the performance of ANG’s VPN remote access services across the globe. OCULUS provides automatic visibility down to the customer level including the names of who’s connected, the length of the connection, data transmitted, and more—while being able to see the health of the domain and troubleshoot possible issues.
The striking visual impact of the system also provides a persuasive display of performance to senior management and aids in advocacy for funding.
Applying lessons learned across the DoD
At the end of the day, saving time, realizing efficiencies, eliminating human error, and simplifying compliance is the end goal of any IT leader within the DoD. As unique as the ANG network is, by leveraging these same best practices—notably automation—other defense organizations will be better equipped to manage and secure the complex networks needed to execute their missions, without burdening their finite resources.
Visit our website for more information on one the largest closed network and how the DoD is using automation to support the security of data and other sensitive information.