Bridging the Gap Between NetOps and SecOps

“Building the relationship between networking and security teams is the first hurdle I had to navigate…9 months later, I’m still trying.” 

— A newly appointed CISO

“If you want any transformation initiative to be successful – be it digital transformation, network transformation, security transformation, the key is to get the NetOps and SecOps to work together.”

— A veteran CTO

“The networking team and security team were not on the same page….”

— An exasperated CIO
 

If you work in IT, you know the age-old struggle: NetOps and SecOps locked in an epic battle that feels as ancient as the first network cable or the day someone nervously declared, "We should probably secure this!" It’s been a saga of clashing priorities and siloed workflows ever since. Luckily, Zscaler has been rewriting the tale, turning this "oil and water" relationship into a perfect blend through better tools and seamless collaboration. And now, with Zscaler Internet Access (ZIA) stepping up its game even more, the gap is closing, and it’s no longer “us vs. them”—just pure IT harmony (and maybe even a joint team outing?).
 

Differing Operational Priorities

Traditionally, NetOps (Network Operations) and SecOps (Security Operations) have been perceived as two distinct and somewhat siloed entities within the larger IT ecosystem, each with its own distinct mandates and operational priorities. While both are critical to the organization’s functionality and security, they have historically approached their responsibilities with differing—and at times seemingly conflicting—objectives that have made collaboration challenging.

The primary focus of NetOps is rooted in ensuring the organization’s network infrastructure operates with maximum speed, efficiency, and reliability. The team’s mission is to maintain a robust, reliable network that allows seamless access to devices, applications, and information. Their ultimate goal is to optimize performance and enable uninterrupted communication and data flow across the organization. They achieve this through network monitoring, troubleshooting, performance tuning, and leveraging technologies such as software-defined networking or frameworks like Secure Access Service Edge (SASE) to enhance agility.

In contrast, SecOps is dedicated to safeguarding the organization’s digital assets through stringent security measures. Their focus is on preventing unauthorized access, detecting and mitigating threats, and maintaining the integrity of sensitive data. This involves implementing multi-layered security infrastructures, such as firewalls, intrusion detection and prevention systems (IDS/IPS), endpoint protection platforms, and real-time threat intelligence. Additionally, they are tasked with modernizing incident response protocols, minimizing lateral movement across the network during breaches, and ensuring compliance with industry or regional regulations like HIPAA, GDPR, or CCPA.

Siloed Tools and Technologies

While NetOps strives to enable connectivity and ensure accessibility across devices and tools, SecOps aims to limit access and create compartmentalized environments to reduce the risk of breaches. For instance, while NetOps seeks open pathways for optimization, SecOps might advocate for restrictions to minimize vulnerabilities. Unfortunately, this divergence in priorities can lead to significant operational challenges.

One of the main issues arises from the use of disparate tools and technologies by the two teams. NetOps often relies on tools designed for performance monitoring or traffic analysis, while SecOps utilizes security solutions focused on endpoint protection, anomaly detection, and compliance oversight. The lack of integration or common platforms between these tools can create dangerous blind spots—areas within the network that neither team has full visibility into or control over. Frameworks like SASE can help, if implemented cohesively on the foundation of Zero Trust principles. But more often than not, they are point solutions stitched under the banner of SASE, failing to deliver seamless integration. And these gaps are prime targets for malicious actors, paving the way for them to move across the network unchecked, leading to a heightened risk of advanced persistent threats, ransomware attacks, or insider threats.

Compounding the problem is the lack of streamlined communication and collaboration between the two teams. In many organizations, processes for exchanging information between NetOps and SecOps are inefficient, incomplete, or, in some cases, entirely non-existent. For example, when NetOps detects an abnormal surge in traffic, they may lack the means or protocols to alert SecOps in real-time for further investigation due to complexity of current tools. Conversely, SecOps may identify indicators of compromise (IOCs), such as unusual login attempts, but have to navigate a cumbersome process to relay those insights to NetOps to help isolate and mitigate potential network anomalies. These breakdowns in information sharing not only slow down response times but also allow attackers to exploit the disjointed operations.

The Zscaler Approach

In the face of today’s increasingly sophisticated threat landscape, the traditional separation of these two critical functions is no longer sustainable as attackers exploit vulnerabilities across complex infrastructure. Modern organizations need to foster greater collaboration between NetOps and SecOps by adopting a shared culture, shared objectives, and integrated technologies. 

Zscaler Internet Access (ZIA), part of the Zscaler Zero Trust Exchange platform, continues to lead the charge in simplifying and amplifying collaboration between SecOps and NetOps. By unifying tools, providing deep visibility, enhancing workflows, and enabling shared accountability, ZIA bridges traditional operational silos and creates a unified framework for securing and optimizing enterprise networks. At the same time, ZIA adheres to zero trust principles, ensuring no compromises between performance and security.

1) Full-Packet Visibility and Network Detection and Response (NDR) Integrations

ZIA delivers comprehensive packet capture (PCAP), essential for security incident investigations, forensics, and threat detection. Currently, ZIA Traffic Capture was event-triggered based on “block” or “signature hit” events, enabling admins to capture decrypted traffic via specific criteria in Zscaler policy engines. With the upcoming release, admins will have more flexibility to incorporate exclusion decisions spanning user criteria, network services and application groups, source IP, and destination IP. 

Furthermore, as organizations transition away from traditional on-premises firewalls due to their inherent security risks, ZIA addresses a key challenge by integrating seamlessly with NDR solutions. Unlike legacy setups where NDR solutions relied on a firewall’s Test Access Point (TAP) traffic, ZIA provides easy access to raw, decrypted traffic for efficient security forensics—eliminating the need for additional appliances and simplifying workflows.

These capabilities empower both SecOps and NetOps teams to collaborate effectively during incident response workflows. For example:

• SecOps can pinpoint threats or lateral movement via flow-level analysis and share actionable insights with NetOps.
• NetOps can successfully isolate compromised assets, reroute traffic dynamically, and ensure uninterrupted operations during mitigation activities.

Such visibility and precision reduce the time from detection to remediation, enabling enterprises to address potential risks before they escalate into incidents.

2) Deep Endpoint Visibility

Organizations are increasingly targeted by advanced threats—such as malicious applications, trojanized versions of unsigned installers, and living-off-the-land (LOTL) attacks—that exploit legitimate tools and processes to evade detection. These threats establish command-and-control (C2) channels or exfiltrate data, often hiding within encrypted traffic, making detection even more difficult. To combat these tactics, organizations need unified insights that connect endpoint behaviors with network and cloud activity for real-time detection and mitigation.

Achieving this level of integration is challenging. NetOps and SecOps often operate in silos, with NetOps lacking visibility into endpoint activity and SecOps missing the broader network context. This disconnect creates blind spots, delays response, and leaves organizations vulnerable to sophisticated threats.

ZIA solves these gaps by unifying endpoint telemetry, network and cloud visibility, and encrypted traffic inspection within the Zscaler Zero Trust Exchange (ZTE) platform. By correlating activity across these domains, ZIA enables NetOps and SecOps to collaborate seamlessly, eliminate blind spots, reduce false positives, and proactively stop threats before they spread.

New Features Enhancing ZIA’s Endpoint Visibility:

ZIA introduces powerful enhancements, including endpoint application inventory and context mapping, detection and alerting for malicious processes such as executables (EXEs) and DLLs, and application code signing validation to identify tampered or untrusted code.

These features provide advanced threat detection by identifying suspicious activity, improving threat correlation, and securing endpoint activity with unparalleled precision. By seamlessly integrating endpoint-level insights with network and cloud intelligence, ZIA delivers holistic security and real-time detection, empowering organizations to stay ahead of evolving threats.

3) Cloud Custom IPS: Policies for Granular Control

While IPS provides robust protection against known and emerging attacks, some organizations require more granular control to address targeted, environment-specific attacks. ZIA’s Cloud Custom IPS gives security teams the ability to define and deploy custom signatures tailored to their organization’s unique threat landscape - helping them stay ahead of sophisticated adversaries. 

Previously, ZIA’s custom IPS capability was only available on Zscaler Private and Virtual Service Edges, limiting access to organizations running hybrid deployments. But now, that changes.

Custom IPS functionality now extends across all ZIA Public Service Edges, enabling customers to create and deploy custom IPS rules globally through Zscaler’s cloud infrastructure.

ZIA Cloud Custom IPS empowers SecOps and NetOps teams to operate in lockstep:

• SecOps teams gain precise control over threats across web and non-web traffic, including HTTP, HTTPS, SSH, RDP, SMB, DNS, Telnet and more.
• NetOps teams ensure those signatures don’t introduce latency or degrade performance. With visibility into signature behavior, they can make proactive traffic decisions.

4) Advanced Role-Based Access Controls (RBAC) for Collaborative Governance

ZIA implements Advanced Role-Based Access Controls (RBAC) to provide granular and tailored permissions for operational teams, ensuring alignment with their specific roles and responsibilities. While SecOps focuses on ensuring strict security enforcement, NetOps prioritizes network optimization—potentially leading to conflicts without appropriate access controls.

With ZIA’s RBAC framework, Super Administrators can define roles that define access specific to NetOps and SecOps staff job scope while also enabling information sharing that drives faster outcomes:

• NetOps Teams can manage network routing, performance monitoring, and operational configurations without inadvertently altering security policies.
• SecOps Teams retain complete access to threat intelligence data, security policy configurations, and IPS rule enforcement without interfering with routing workflows.
• Data Protection/DLP team can ensure protection with Data Protection regulations and compliance and make Data Protection Policies and controls to ensure your organization’s Data Protection needs are met
• Organizations can deploy tiered governance models, such as separating configuration rights, monitoring privileges, and incident response roles, ensuring that access permissions are strictly aligned with job functions.

RBAC also enhances auditing and traceability, which is critical for regulatory compliance. ZIA enables detailed logging and reporting of all administrative actions, whether network adjustments by NetOps or security policy changes by SecOps, ensuring better governance, accountability, and smooth cross-team collaboration.

5) Custom HTTP Headers for Granular Policy Control and Collaboration

ZIA leverages custom HTTP headers to enforce precise policy controls, allowing both NetOps and SecOps to streamline traffic management while bolstering security. By enabling control over attributes like origin headers, referrer URLs, user-agent profiles, and tenant restrictions, ZIA empowers organizations to block, allow, or isolate traffic based on granular rules.

Key capabilities include: origin header filtering to block or allow traffic based on domains, referrer-based policies to manage access based on referring URLs or SaaS apps, and granular user-agent control to enforce restrictions based on browser versions or email clients. These features address nuanced use cases such as restricting YouTube access to requests from a school’s learning platform or isolating traffic from newly registered domains.

Custom HTTP header policies can be integrated with ZIA’s URL filtering framework to automate policy enforcement with visibility into web activity. For example:

• SecOps can block traffic from uncategorized websites or suspicious domains using HTTP header rules.

• NetOps can optimize access to SaaS apps through tenant-based header controls, improving traffic flow for authorized users.

  

  With ZIA’s header-based enforcement, organizations achieve granular control over web traffic, enabling seamless collaboration between NetOps and SecOps while maintaining robust security and operational efficiency.

The Last Word

The divide between NetOps and SecOps is as legendary in IT as the question, “Have you tried turning it off and on again?”. For years, these teams have grappled with clashing priorities, often working at cross purposes despite shared goals. Zscaler Internet Access (ZIA) has been rewriting and will continue to rewrite the narrative with innovative solutions that close the gap, fostering seamless collaboration and alignment. ZIA proves that effective teamwork between NetOps and SecOps isn’t just wishful thinking—it’s a reality where both sides can finally work together toward a common goal of secure, efficient operations. And don’t forget to tag us on social media when NetOps and SecOps finally team up for that long-overdue team outing—no silos, just laughs (and maybe a debate over access controls)!

We’re tackling how to bridge the gap between NetOps and SecOps head-on (and more) in the Zscaler Internet Access Innovations Launch webinar! Don’t miss your chance to dive into ZIA’s latest product upgrades—reserve your spot now.