The Cyber Edge Home Page

Sponsored: Navy Enterprise Modernization–New Security Risks, New Opportunities

July 21, 2020

Enterprise modernization of the Navy's networks and systems is finally underway. Set to impact hundreds of thousands of uniformed and civilian users, it will consolidate many outsourced network service delivery mechanisms across the entire Department of the Navy (DON). The initiative aims to transform how services are delivered, provide a dramatically improved end user experience, and enable critical innovations long needed to accelerate the DON’s mission.

The consolidation of multiple networks, each supporting a large number of users, compels standing up a centralized security operations center (SOC) to manage the diverse and massive set of systems in play. Security is, in fact, one of the overarching tenets of the Next Generation Enterprise Network (NGEN) program. Each of its eight technical focus areas for modernization—cloud, mobility, data and more—has a significant security impact. The best way to safely reach the modernized end state is unifying all of the focus areas’ security capabilities and requirements into a SOC that will drive aggregation, monitoring and management, enabled through an enterprise-wide integrated dashboard (the colloquial single pane of glass).

This is also a way to enforce uniform security requirements across the Navy’s range of functional areas, from personnel and training to acquisition, intelligence, legal and beyond. That’s especially important because the program is launching into a very different environment than existed when it was conceived, given the recent shift to remote work and the associated escalation of cyberthreats.

Security orchestration, automation and response (SOAR) platforms will be integral to meeting those new remote work and cyberthreat demands, which, left to the status quo, could have significant negative implications. SOAR will streamline security processes, connect disparate security tools and technologies, and maintain the right balance of machine-powered automation and human intervention to strengthen the DON’s organizational security posture. Whether for legacy networks or those yet to be developed, SOAR is poised to change the game across a breadth of NGEN requirements.

One example is the quantum improvement in incident and response (IR) management that can be achieved by leveraging machine learning—which can link raw data and cases over time to find similarities and identify commonalities. Armed with a playbook for how a problem was previously solved in one or several locations, analysts can accelerate resolution of a similar problem elsewhere, greatly improving both the mean time to detect (MTTD) and mean time to respond (MTTR). The ready matching to the rich information housed in past case notes also helps train and upskill analysts in real time.

Securing cloud computing is another requirement. One of the eight technical focus areas, NGEN cloud adoption will include a multicloud deployment model of on-premises (private) cloud and off-premises (public, DOD and government) cloud environments. A core design requirement is to standardize security approaches across that full range. Yet cloud security data and processes are often isolated from traditional security measures, requiring multiple consoles for overall management and response. SOAR platforms can combine and coordinate on-premises and cloud IR workflows, provide keyless role-based access, and automate tasks like health checks and maintenance of cloud environments on a schedule that meets the Navy’s needs.

Mobility is yet another critical consideration. Naval Enterprise Network users have long maintained multiple accounts and run multiple devices, many of which are mobile. If we look across the range of classified and unclassified networks, from ONE-NET, NMCI, Consolidated Afloat and coalition partner networks, there are likely over 800,000 devices in use. Making SOAR integral to NGEN will help simplify security for that complex environment, correlating alerts from disparate devices, automating tasks, and enabling far more rapid IR across the variety of devices and platforms as well as individual applications to be managed.

There are multiple other use cases where SOAR can help: automating operational processes of security operations, unifying threat intelligence management, automating enrichment and context addition for vulnerabilities before hand-off to analysts for manual remediation, and aligning operational technology and IT security processes that will keep the Navy’s vast infrastructure running.

It’s a tall order. Cortex™ XSOAR, the industry-leading SOAR platform from Palo Alto Networks, is ideally suited to fill it. Cortex SOAR can automate up to 95% of all response actions that would normally require human review. That allows overloaded Navy security teams to focus on actions that truly require their attention.

Cortex XSOAR orchestration enables security teams to ingest alerts across sources and execute standardized, automatable playbooks for accelerated incident response. Already integrated with over 400 existing security tools, the platform will not require DON IT teams to “rip and replace” current infrastructure until they may be ready to do so as part of their NGEN consolidation efforts. Cortex XSOAR also operates in and unifies cloud and on-premises security implementations into a common environment. Importantly, the predictable pricing model is based on number of licensed seats, not consumption, aiding short- and long-term cost modeling and budget planning.

Palo Alto Networks stands ready to help as the Navy embarks on its unprecedented NGEN voyage.

For more information, please visit

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.


Share Your Thoughts: