Armature Systems Resources
![](https://www.armaturesystems.com/wp-content/uploads/2024/12/abstract_glass-1024x660-1.webp)
February 03, 2021
ASSESSING THE SECURITY CONFIGURATION OF A GLOBAL NETWORK FOOTPRINT
Our Key Challenge
Deciding on the best-unstructured data model to allow large scale configuration data ingestion across different networking manufacturers (Cisco, Juniper, Arista, etc.)
There are only a few tools that can identify security vulnerabilities in select vendor platforms but no tools exist for cross-platform configuration analysis. We used our expertise in data analysis and leveraged technologies like MongoDB to ingest, parse, and store the configuration data for analysis.
We worked with security teams across APAC, EMEA, and the Americas to develop configuration benchmarks for each region, vendor, and device role.
Our Pathway to a Solution
Step 1
Armature Systems used a homegrown custom assessment tool to aid in efficiently analyzing large sets of configuration data. We built a tailored data model along with scripts in order to have a better idea of how all of these devices were configured.
Step 2
We used our tools to test their network devices against two criteria:
- What the customer expected their configuration to look like based on their configuration standards
- Our recommended best practices from our experience in the different operating systems and industry best practices.
Step 3
Through these tests, we created a benchmark and built a configuration of what it’s supposed to look like in an ideal world, and compared it to the ingested data. Leveraging MongoDB, we were able to parse and store our data model while analyzing the data at scale. This process allowed us to attain key details as-well-as see live results about which devices were or weren’t properly configured.
Step 4
The customer was provided actionable data to easily and quickly remediate the issues found in the device configurations.
This was a unique situation as using MongoDB is usually reserved for big web applications.
Creating a Custom Solution
Best Practice Recommendations
We provided a benchmark that allowed them to prioritize where they needed to focus in order to get their network configurations to be secure.
Custom Assessment Tool
We built a custom data model to ingest the configurations of thousands of devices and ran an analysis that could identify which devices had proper configurations and which didn’t.