Selecting network configuration software for automation

This week, bloggers look into choosing the right network configuration software for an automation project, endpoint security and the future of SD-WAN as a stand-alone service.

Ivan Pepelnjak, blogging in IP Space, explored what network configuration software is best for automation. Ansible, Chef and Puppet are commonly cited network configuration software options, with Salt becoming increasingly commonplace and CFEngine used occasionally. According to Pepelnjak, most network engineers prefer Ansible. Chef and Puppet focus mainly on configuration and state management and don't make changes unless necessary and tend to manage dependencies -- such as creating groups and then accounts within a group.

In Pepelnjak's view, managing configuration and soft state services is a good goal but doesn't go far enough. Among network configuration software, Ansible is unique, aiding in device provisioning, validating network topologies, upgrading software, helping with compliance and generating reports. Engineers can often get started more quickly with Ansible, learning the basics in a matter of hours. "Maybe it's just our mentality, or maybe we have to do things a bit different because of the huge blast radius of our mistakes. In any case, Ansible (which is just a generic automation/orchestration framework) fits better to our way of doing things," he said.

Read more of Pepelnjak's thoughts on network configuration software.

New developments in endpoint detection and response

Jon Oltsik, an analyst at Enterprise Strategy Group in Milford, Mass., reflected on a 2016 project where he interviewed 30 enterprises about endpoint security strategies. At the time, Oltsik came up with a concept he termed a continuum of endpoint tools, with advanced threat detection at one end and endpoint detection and response (EDR) on the other end.

Based on the interviews, Oltsik and his colleague guessed that 75% to 80% of the market would steer toward advanced protection, while the remainder would pursue EDR. He also predicted that vendors would work to bridge the gap with combined offerings.

Now, in 2018, Oltsik said that the hypothesis has mostly played out. ESG research indicates that 87% of organizations are planning to buy comprehensive endpoint security suites and 28% of cybersecurity professionals identified EDR as the most attractive feature of the offerings. He projected that EDR will now undergo additional market segmentation. Traditional EDR, anchored by on-premises infrastructure, will continue as a niche market for high-security industries. A lighter, "trigger-based" version of EDR -- one that collects data when a behavioral anomaly occurs -- will appeal to purchasers in the midmarket, he said.

Managed EDR may also appear, with subsegments, catering to companies that want full EDR capabilities but lack personnel to oversee it. "Rather than default to a product, security managers really need to assess their needs, resources, and skills before making an EDR decision. There will be a lot of options to choose from, so CISOs must choose wisely," Oltsik said.

Dig deeper into Oltsik's predictions about EDR.

Streamlining with SD-WAN and network functions virtualization

Mike Fratto, an analyst at GlobalData in Sterling, Va., said he's heard commentary about stand-alone SD-WAN disappearing, instead becoming just another feature on routers and firewalls. Although he said many vendors will eventually consolidate features like these into a single appliance, he does not see the end of single-function SD-WAN devices.

That's because enterprise IT teams like bespoke products and many teams like the ability to swap out older stand-alone products for newer offerings as they become available.

Second, the shift to software-defined everything will let enterprises rely more on virtualized instances of SD-WAN. This will permit companies to consolidate network functions into fewer appliances.

Third is the fact that enterprise IT teams are often loath to replace tried and true systems with new options that may not be as capable.

"What enterprises want -- what they would pay for but will likely never get -- is an environment of deep management integration across multiple vendor products which could ultimately reduce operational overhead, unlock more efficient workflows, and generate significant operational cost savings along with way," Fratto said. "Here's where managed service providers have a unique advantage, provided they dedicate the resources to creating a portal that integrates the management functions across vendor products," he added.

Explore more of Fratto's ideas on SD-WAN as a stand-alone product.

Dig Deeper on Network management and monitoring