A House Divided: Bridging the Gap Between Network and Security Team

Challenges in Network Team-Cybersecurity Team collaboration & how to overcome them, featuring Matthew Devost & ELEVI Associates, LLC founder Phil Puccio

Dark blue brick wall with deep vertical crack symbolizing division between network and security teams
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.

The article discusses the common disconnect between network teams and security teams regarding DNS information access, outlining how security needs to search DNS for anomalies while network teams resist allowing change rights that could affect uptime. It explains the real-world operational impact of this divide—reduced visibility for security, potential misconfigurations or downtime if changes are made without coordination, and slower incident response. The piece concludes by describing approaches to bridge the gap so teams can collaborate without compromising network stability or security monitoring effectiveness.

Why do network teams and security teams disagree about access to DNS information?

Network teams prioritize network uptime and stability, so they are cautious about granting others the ability to change DNS records or configurations that could inadvertently impact services. Security teams, on the other hand, need access to DNS data to search for anomalies and patterns that indicate threats. This difference in priorities—operational continuity versus investigative visibility—creates tension because each team views control over DNS as essential to their primary responsibilities.

What negative impacts does the divide between these teams cause on networks?

The divide reduces security visibility into DNS-based indicators of compromise and slows detection and investigation because analysts lack direct access to records and recent changes. Conversely, if security personnel make uncoordinated changes to DNS, it risks misconfigurations that can cause service outages and undermine network uptime. Overall, the lack of a collaborative model increases operational friction, prolongs incident response, and can lead to preventable downtime or missed security signals.

What can organizations do to reconcile the needs of both teams regarding DNS?

Organizations can implement controlled access models that provide security teams with visibility into DNS data without granting unrestricted change rights—enabling searches for anomalies while preserving network team control over modifications. Establishing clear processes and role-based permissions, combined with logging and change review workflows, allows security to investigate and correlate DNS information safely. This collaborative approach maintains uptime while improving threat detection and reducing inter-team conflict.

Network teams and security teams don’t always see eye to eye. Security teams want access to DNS information so they can search for anomalies and patterns. Network teams don’t want the security team making changes which would impact network uptime. In this video, we run through the negative impact this divide has on networks, and what you can do about it.

📣  Now live: Explore BlueCat Horizon, our SaaS-first Intelligent NetOps platform.