Security: A New Network Approach
Author - Eric
- December 10, 2002
Part Two: The Shift Toward Integration
The Shift Toward Integration
According to Computer Economics, the worldwide financial impact of malicious code was $13.2 Billion in 2001 alone. With nearly 400 computer security vendors offering solutions spanning the spectrum from antivirus to firewalls, content filtering to intrusion detection, we're led to ask, "Why?" The problem lies in the old world strategy of "one threat, one cure." Companies finding themselves marauded by the onslaught of attacks have simply added more single-cure security point product after another, and dealt with the cost and difficulties of trying to manage them with limited resources, finding out in the end that their security posture was marginally improved (if not ultimately decreased due to the complexity). It's outdated. The blended threats Code Red and Nimda crushed that approach employing new combinations of offenses against IT infrastructures.
companies wish to successfully deal with blended threats that integrate methods
of attack and propagation, they'll need a similar approach with the cure - integrated
security. The market has recognized a need to move from a "best of
breed" product mentality to a "best of breed" solution mentality. In the past,
IT organizations purchased in silos when it came to security products, but no
longer can security decisions be made in isolation by technical managers. Security
plans should be developed and approved in the boardroom by the executives held
accountable to shareholders, customers and employees.
Corporate approach to computer security must be comprehensive. It is now necessary to protect all parts of the network and to respond on the gateway, server and client levels. Comprehensive includes the ability to secure these tiers as well as the ability to synergistically apply complementary security.
is Part Two of a two-part article on Network Security.
One provided an overview of the key drivers behind the shift toward integrated
security, including the growing sophistication of network attacks; and summarized
the business impact of attacks on networks that are not employing integrated
Current Security Solutions
Current security solutions typically consist of multiple point products. These are products that must be purchased, installed, deployed, managed, and updated separately. With this approach, IT managers need to address problems related to the lack of interoperability between each of the products. Protection is usually not comprehensive because cross-vendor interoperability issues often allow threats to slip through the cracks, compromising security. The issue would still remain even if the same vendor were used for multiple security products, because those technologies typically are not designed to integrate and interoperate. What's more, when an outbreak occurs, the "fixes" that each vendor provides must be tested and verified across the various technologies. This can slow response to attacks, potentially increasing the costs that are incurred. Independent point products can also degrade network performance; since the products were not designed to work together, thus they present more of a performance hit.
The implications of current security solutions include inefficiencies, disappointing results (e.g., lower than anticipated risk mitigation and loss of customer and market trust), and a higher cost of ownership. In addition to providing inadequate protection against blended threats, current products require labor-intensive implementation and configuration. These products are part of an enterprise security posture that may be difficult to understand and which provide little insight into security planning and performance.
The Logical Solution: Integrated Security
Integrated security provides a comprehensive, holistic security system that addresses the challenges and opportunities of today's networked enterprises. This security method integrates multiple security technologies and combines them with policy compliance, management, customer service and support, and advanced research, for more complete protection. It uses the principles of defense in depth and employs complementary security functions at multiple levels within the IT infrastructure.
By combining multiple security functions, integrated security can more efficiently protect against a variety of threats at each tier to minimize the effects of network attacks. Key security technologies that can be integrated include:
Firewalls. Control all network traffic by screening the information
entering and leaving a network (or portion of a network) to help ensure that
no unauthorized access to computers and/or the network occurs. Firewalls are
not only required at the network perimeter, but at the client level, perhaps
the most vulnerable and common point of entry and launch for attacks.
Detection. Detects unauthorized access and provides alerts and reports
that can be analyzed for patterns and planning.
Filtering. Identifies and eliminates unwanted content traffic, whether
that be in message headers, text, attachments, URLs or other sources.
Private Networks (VPNs). Secure connections beyond the perimeter,
enabling organizations to safely communicate with other networks across the
Assessment. Enables assessments of a network's security position
by uncovering security gaps and suggesting improvements.
Protection. Helps protect against viruses, worms, and Trojan Horses.
As an aggregate, these security technologies can be time consuming to install and independently would be difficult and expensive to manage and update. When integrated into a single solution, however, they offer more comprehensive protection while reducing complexity and cost.
In most enterprises, a variety of individual security products from different vendors have probably been implemented as network security has evolved. Enterprises are thus likely to gradually migrate to an integrated security solution, to ensure the interoperability and integration of competing security products at each network tier. Such a phased approach will initially involve the integration of a subset of security functions.
Benefits of Integrated Security
technologies that are integrated will ultimately interoperate, providing an
enhanced security posture over their standalone counterparts. Intrusion detection
technology could identify a potential threat and encourage a higher firewall
posture, or the firewall technology could initiate a virus scan of a suspicious
transmission. This reduces the risk of a technology becoming the "weakest link"
in the security chain, and increases the potential for capture and containment
of blended threats.
Efficiency of Security Functions
security reduces the need to purchase, install, update, and manage multiple
security products or address interoperability issues between various products
at each network tier. Such a solution enables reallocation of IT personnel to
other strategic projects while maximizing the productivity of the often overburdened
IT department, improving security manageability overall.
Impact of Attacks on Business
an integrated security solution can be implemented at all network tiers, it
offers greater protection of proprietary assets. Integrated security better
allows for uninterrupted business operations, promotes employee productivity,
maximizes revenues, and minimizes the possibility of litigation.
Features of Integrated Security
Due to the rapid evolution of threats, security is a constantly moving target. As a result, security is only as effective as the most recent update of a virus definition, firewall rule, intrusion signature, or other content updates. By applying a uniform approach to systems and devices that contain business-critical and sensitive information assets, organizations can ensure the integrated and timely updating of their security content and other critical aspects of a security system.
Technology alone does not address security issues. An integrated security solution works best when built upon strong policies and procedures and supplemented by appropriate personnel and physical security measures. Solid security policy and standards define what needs to be protected, who is granted access, and the reason access is required. Executive-level support in the organization for the security policy, as well as employee awareness, helps ensure successful policy adoption.
An integrated security strategy improves the overall security posture of the network in a way not possible via implementation of individual products. Whether security is handled in-house or outsourced, ensuring that all of these capabilities are in place is vital to maintaining a secure critical infrastructure.
The Future of Integrated Security
Organizations can now benefit from integrated security in a variety of ways, including improved efficiency of security functions, minimized business impact of attacks, and an improved overall security posture. In fact, companies that adopt an integrated security strategy today will be in the best position to take advantage of the next stage of integrated security, whereby all network tiers will be integrated and centrally managed. Through this enterprise-wide integration of security, administrator resources will be optimized, as installation, reporting, and updates will be possible from a single console. This management capability will further improve protection, while reducing the administrative, support, and ownership costs typically associated with enterprise security.
Winsborrow is the Senior Director of Product Management at Symantec
Corporation. His team is responsible for Symantec Client Security,
released in August 2002, which integrates antivirus, client firewall and intrusion
detection technologies. Some other solutions managed within his organization
include the popular Symantec Antivirus Corporate Edition, Symantec
Antivirus/Filtering for MicroSoft Exchange, Symantec Antivirus/Filtering
for Domino and the Symantec Security Management System.