Great security software, but

By Craig Rode  |  Posted 2003-04-29 Print this article Print

tough to manage"> Great security software, but tough to manage
It can be difficult to get real-time information concerning what is happening across your enterprise network. If you have deployed various security devices on your network, you know it takes time to sort through the data coming in carrying thousands or even millions of events—and finding the most important incidents in time to take action is a challenge. Whats more, you need to have qualified employees who possess the expertise to interpret the data, regardless of whether they are performing a trend analysis or simply deciphering the important from the non-important series of events.

It is a common problem: you have installed separate security components, and each comes equipped with their own management console. But time is of the essence: You know that security incidents wont wait for your team to discover them. Without a single view of events occurring in the network, security threats such as attempts to crack into your corporate server or a blended threat crossing into your network could happen right under your nose.

Controlling blended threats
In 2001, we were introduced to blended threats, including Code Red and Nimda, and since then weve witnessed the impact of others like Bugbear, Klez and Slammer. What differentiates these sophisticated threats from other Internet worms is that they use multiple methods to attack or propagate. If nothing else, these threats have taught us that a "one threat, one cure" approach is outdated. Defending your enterprise from blended threats requires protection on all parts of the network, and an ability to respond on the gateway, server, and client levels. Typically, blended threats exploit known vulnerabilities such as buffer overflows, HTTP input validation vulnerabilities, known default passwords and so on, all of which can be mitigated with existing operating system and application security patches. How do you ensure that all of your systems are up-to-date with the latest security patches?

Getting the most out of your security staff
Managing enterprise security today is a difficult process, delivered through a combination of disparate commercial products from different vendors that lack integration and interoperability. The result is a high degree of complexity and increased operational costs. Your administrators may be spending a lot of time focusing on redundant tasks that are required to manage the complex security infrastructure of your network. In this economic climate, there is increased pressure to do more with less from both a financial and resources viewpoint. Think of the possibilities—if you could free up your staff to focus on higher value activities, it would mean improved and more proactive security for your enterprise.

A disciplined approach
Given the above challenges, the complexities of todays security challenges require a holistic approach within the following four security disciplines:

Alert. Alert systems must be implemented to provide early warnings of threats—before operations can be infected.

Protect. Protection requires the integration and deployment of security solutions at every tier of the network.

Respond. A response infrastructure should be in place immediately to address threats that materialize.

Manage. A management system will enable corporations to see their security posture and ensure the effectiveness of their investments.

Continued on Next Page


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel