As the security professional at your company, you need to know what exactly you are protecting and how it moves throughout your systems. I like to compare it to a king’s castle, you are the knight protecting the exterior of castle made with stone walls and surrounded by water (firewall). Inside the castle is all the gold, But you don’t have any idea how much gold, if it’s gold or silver and how that gold moves around the castle. This is where your network topology and data flow diagram comes into play. Being able to map out all of your network resources and show all the integrations, endpoints and encryption levels of this moving data is a key part of a security professional’s job.
When starting out, try drawing out the diagram manually first. This allows you to go around to your company and ask the hard questions. This is a lengthy process but it will give you great knowledge and understanding of how your network is pieced together. Once you have a firm understanding of how many servers you have, where they are located in correspondence with your firewalls and also who has access to these servers, you can begin mapping out the dataflow between all of your connection points. Getting a rough copy of your infrastructure is the hardest step because it is a very manual process.
The next step will be to find a Network topology mapper to run on your network. This will be phase two of the project. Since you won’t have the time or resources to manually update this diagram when some little detail changes, you will need a tool to automatically do it for you. Several companies like Solar winds, Net-Brian and Graphical layout, offer very intensive tools that map out the diagram for you (so you can see if you missed anything) they show you the exact dataflow and even update it when there is a change in your systems. All these tools are customizable in a way that allows you to utilize full functions like setting of alerts when a firewall is brought down or maybe there is no encryption at all around an integration path. Network mappers also allow for easy printing out to Microsoft word, Visio, excel and PDF formats for use in audits (which they will also scrub the sensitive information for you if needed).
Lastly phase 3 is really finding someone on your team to really own the tool and master all aspects of it. Automate the tool as much as possible for easy reporting and quick reaction times if a situation were to occur. Overall the key aspect here is awareness, having that information available to see where you are strongest and weakest at in your network. Information security is awareness and reaction to any situations that may arise. Most of the mappers available offer free trails and demos of their product so there is no hurt in testing the waters. Protect what is your, do not let your gold slip out the back door of the castle.