Holistic Strategy

By John Thompson  |  Posted 2004-04-08 Print this article Print

Protecting cyber space calls for a holistic security strategy that includes four critical elements. First, an alert system must provide early warning against new and emerging threats. Second, the right technologies must be implemented across all tiers to protect critical application data and devices. Third, a plan must be set in place to respond when the inevitable attack occurs. And fourth, a comprehensive system must be established to manage the ongoing process of securing the infrastructure.

The best way to protect a network against any threat is to know about the threat and the vulnerability it exploits before an attack is launched. A cyber alert system should provide an early warning against emerging attacks. It should also provide actionable information on how to protect the environment against the impending attack. Moreover, this information must be customized so it is relevant to the environment and prioritized so it can be acted upon immediately.

Once an early warning system is in place, organizations then must make sure to protect their key assets. Organizations have traditionally addressed protection by implementing a number of point products that all work independently. However, with this approach, each product must be installed and updated individually as well, creating an unmanageable nightmare.

Although no single technology can adequately protect against todays complex threats, an integrated approach to security can help eliminate the challenges of point products and deliver a more comprehensive solution. Such an approach focuses less on the individual protection technologies and more on the tiers of the systems architecture. This means the focus shifts to the gateway, application server, and client levels versus picking a firewall or an intrusion sensor. Doing so creates a "defense-in-depth" solution that allows us to manage the total environment, not the individual security applications.

Because of the dynamic nature of todays threats, organizations must be prepared to respond when an attack penetrates their defenses. An effective response plan starts with intelligence about the attack as well as countermeasures to address it and details on how to clean up any damage. Also essential is 24x7 support on mission-critical security products, which includes automatic updates to firewall rules, virus definitions, and intrusion signatures.

With all of the intelligence being generated by security solutions throughout an organization, businesses must have a way to effectively manage their security infrastructure. This means quickly correlating information, simplifying it, and prioritizing any necessary action. Management can become particularly challenging in environments hosting disparate products from multiple vendors, where each device generates its own overflow of data. In the average-sized company, millions of log entries and alerts are produced each month by firewalls and intrusion detection sensors installed across the enterprise. Yet, very few of these represent security threats requiring analysis, and fewer yet pose a risk critical enough to demand immediate action.

The strength of this four-point security methodology is its holistic approach to covering all important security criteria. It surpasses narrow viewpoints centered on one particular aspect of protection such as firewalls or perimeter defense and focuses instead on the core competencies required to block todays increasingly sophisticated threats.

Next page: Emerging Threats and Solutions


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel