Its a safe bet that fire safety has been around since just after our early ancestors first discovered fire. Over time, society has made smart investments in this discipline, to the point where we now feel protected and confident in our ability to fight fires – and the emphasis now is on prevention.
Compare this to network security, which is evolving rapidly, but relatively speaking, still in its infancy. As fire safety experts have been doing for more than a century, companies today are facing a growing need to make strategic investments in proactive technologies that will enable them to reduce threats before they can be exploited.
Addressing the Security Threat: Reactive Technologies
The growth of network security has been driven by a nearly overnight shift of business networks from private, proprietary technologies to the Internet. This transition has happened on a large scale during the past six to eight years.
As organizations connected to the Internet, thinking about security – which previously focused on internal security concerns – was turned inside out. Needing to protect their networks from external attack, companies started to look for new technologies.
The first technologies they turned to were largely reactive in nature, such as the firewall. The firewall was designed to prevent unauthorized access to networks, but some traffic still had to be allowed in, which in turn created opportunities for attackers. To remedy this, companies added new technology such as intrusion detection systems (IDS). Unlike firewalls, intrusion detection systems can actually detect when an attack is taking place on the network.
The challenge with IDS is that although the system can let you know when “break-ins,” are occurring, large networks experience hundreds or even thousands of such attempts each day. That many alarms can be overwhelming to IT personnel who must figure out which attacks are truly a serious threat – and which are false alarms or of low risk.
Next page: The Next Step: Intrusion Prevention Systems
The Next Step
: Intrusion Prevention Systems”>
Intrusion prevention systems (IPS) were developed to alleviate this. IPS technology takes IDS one step further by not only letting you know when there is an attack, but also attempts to redirect the attack away from vital network assets.
Although firewalls, IDS, IPS and even anti-virus tools perform an important security function on the network, they require an incident to occur before they jump into action. Look at them as the firefighters of network security – when the fire starts, youll definitely want to have them around.
However, by taking a reactive approach only, it is very easy to become overwhelmed. Take the Great Chicago Fire of 1871; most of the city burned down because firefighters simply could not handle the magnitude of the fire. In much the same way, if you use only reactive technologies, you run the risk of not being able to respond either fast enough or comprehensively to all the threats to your network.
Prevention is the Key
With the evolution of network security, new approaches have emerged which focus on prevention. Much like with the proven model of fire safety, being proactive is the key. Vulnerability management (VM) and vulnerability assessment (VA) are focused on providing organizations with the intelligence required to stop attacks before they even start. While VA technology identifies threats by scanning the network, VM takes this one step further by also managing the process of eliminating the threats.
The approach used in VA and VM technology is particularly effective as the majority of attacks are preventable. In fact, the CERT® Coordination Center (CERT/CC) reports that 99 percent of attacks target vulnerabilities for which there are known countermeasures. VA and VM technologies automate the discovery and elimination of these vulnerabilities – effectively reducing the risk of successful attack by 90 percent or more.
The primary benefit of these proactive technologies is that they enable your organization to mitigate risks to network security in a controlled and measured way. Much like fire inspections where investments are made upfront to ensure buildings are up to code, proactive security technologies such as vulnerability management enable you to identify your risks and predictably eliminate them. There is a clear financial benefit from this approach – proactive security is predictable and easily budgeted for; reactive approaches alone leave you open to major and unpleasant surprises.
One of the biggest challenges with VA and VM, as well as the other security solutions discussed earlier, is that most products are standalone. This means that while you may have all the right technology, it can be difficult to fully understand the big picture.
The good news is that the network security industry is moving towards making the concept of integrated and intelligent security architecture a reality. Already, we are seeing VM systems being used to correlate data from other systems, extending the intelligence of IDS, IPS and firewall offerings.
Next page: Integrated Products Are Better
Integrated Products Are Better
Making the Right Decision
Security is all about timely, continuous intelligence. Without the necessary intelligence, eliminating security risk is little more than guesswork. As you make new security investments you should be looking for ways to better integrate the existing products in your environment. Without integration, the collected intelligence from your security systems will be greatly diminished.
In making any security technology investments, you need to do your homework so you can avoid purchasing what vendors or industry analysts may be hyping as the “must-have” for the current year. It is critical that you assess the specific needs of your enterprise and have a full understanding of what your network environment requires when it comes to things such as deployment and accuracy.
Also, dont underestimate the human factor. Any technology purchases you make must be supported by a security policy. Your policies must be both understood and enforced enterprise-wide. However, ensuring security policy compliance can be a full-time job that your IT team probably doesnt have time for. When you are making security investments, look for ways you can use security technology to both automate and ensure compliance.
Finally, keep in mind that the network security industry is just arriving at the maturity of other security disciplines where the focus is on proactive elimination of vulnerability and risk. By taking a proactive approach to network security, you will be ensuring your organization is protected from assaults it may face in coming months and years.
Abe Kleinfeld is president and CEO of nCircle, a provider of enterprise-class vulnerability management solutions. He can be reached at akleinfeld@ncircle.com.