Bringing a DevOps approach to network device compliance
Enterprises are under increasing pressure to demonstrate to auditors the security and compliance of their entire IT infrastructure. This includes critical network equipment such as switches, routers, and firewalls. Yet the physical network device layer has been one in which the level of automation is low: Gartner estimates that only 10% of network infrastructure has been automated today. Lack of automation around change management and security of network equipment configurations is both a business and security risk.
Enter InSpec and the newly-announced integration with Cisco IOS devices. Without changing your workflow for change management of IOS configurations, you can use the InSpec language to ensure both running and saved configs are correct. You can test for and enforce common controls like making sure unused ports are shutdown, VTY users are using SSH, and that system logs are being kept. InSpec’s easy-to-use syntax requires no prior programming experience and helps you communicate your compliance level to IT security and audit groups.
Join our speakers to learn:
- What InSpec is and how it can be used by network administrators for compliance
- Syntax in the InSpec language specific to making assertions about Cisco network device configurations
- How to use Chef Automate and the CIS Benchmark for Cisco IOS to accelerate the compliance of your Cisco network equipment