Integrated Security: A New Network Approach Part Two: The Shift Toward Integration

  • Written By: Eric Winsborrow
  • Published: December 10 2002

Integrated Security: A New Network Approach
Part Two: The Shift Toward Integration

Featured Author - Eric Winsborrow - December 10, 2002

The Shift Toward Integration

According to Computer Economics, the worldwide financial impact of malicious code was $13.2 Billion in 2001 alone. With nearly 400 computer security vendors offering solutions spanning the spectrum from antivirus to firewalls, content filtering to intrusion detection, we're led to ask, "Why?" The problem lies in the old world strategy of "one threat, one cure." Companies finding themselves marauded by the onslaught of attacks have simply added more single-cure security point product after another, and dealt with the cost and difficulties of trying to manage them with limited resources, finding out in the end that their security posture was marginally improved (if not ultimately decreased due to the complexity). It's outdated. The blended threats Code Red and Nimda crushed that approach employing new combinations of offenses against IT infrastructures.

If companies wish to successfully deal with blended threats that integrate methods of attack and propagation, they'll need a similar approach with the cure - integrated security. The market has recognized a need to move from a "best of breed" product mentality to a "best of breed" solution mentality. In the past, IT organizations purchased in silos when it came to security products, but no longer can security decisions be made in isolation by technical managers. Security plans should be developed and approved in the boardroom by the executives held accountable to shareholders, customers and employees.

Corporate approach to computer security must be comprehensive. It is now necessary to protect all parts of the network and to respond on the gateway, server and client levels. Comprehensive includes the ability to secure these tiers as well as the ability to synergistically apply complementary security.

This is Part Two of a two-part article on Network Security.

Part One provided an overview of the key drivers behind the shift toward integrated security, including the growing sophistication of network attacks; and summarized the business impact of attacks on networks that are not employing integrated security.

Current Security Solutions

Current security solutions typically consist of multiple point products. These are products that must be purchased, installed, deployed, managed, and updated separately. With this approach, IT managers need to address problems related to the lack of interoperability between each of the products. Protection is usually not comprehensive because cross-vendor interoperability issues often allow threats to slip through the cracks, compromising security. The issue would still remain even if the same vendor were used for multiple security products, because those technologies typically are not designed to integrate and interoperate. What's more, when an outbreak occurs, the "fixes" that each vendor provides must be tested and verified across the various technologies. This can slow response to attacks, potentially increasing the costs that are incurred. Independent point products can also degrade network performance; since the products were not designed to work together, thus they present more of a performance hit.

The implications of current security solutions include inefficiencies, disappointing results (e.g., lower than anticipated risk mitigation and loss of customer and market trust), and a higher cost of ownership. In addition to providing inadequate protection against blended threats, current products require labor-intensive implementation and configuration. These products are part of an enterprise security posture that may be difficult to understand and which provide little insight into security planning and performance.

The Logical Solution: Integrated Security

Integrated security provides a comprehensive, holistic security system that addresses the challenges and opportunities of today's networked enterprises. This security method integrates multiple security technologies and combines them with policy compliance, management, customer service and support, and advanced research, for more complete protection. It uses the principles of defense in depth and employs complementary security functions at multiple levels within the IT infrastructure.

By combining multiple security functions, integrated security can more efficiently protect against a variety of threats at each tier to minimize the effects of network attacks. Key security technologies that can be integrated include:

  • Firewalls. Control all network traffic by screening the information entering and leaving a network (or portion of a network) to help ensure that no unauthorized access to computers and/or the network occurs. Firewalls are not only required at the network perimeter, but at the client level, perhaps the most vulnerable and common point of entry and launch for attacks.

  • Intrusion Detection. Detects unauthorized access and provides alerts and reports that can be analyzed for patterns and planning.

  • Content Filtering. Identifies and eliminates unwanted content traffic, whether that be in message headers, text, attachments, URLs or other sources.

  • Virtual Private Networks (VPNs). Secure connections beyond the perimeter, enabling organizations to safely communicate with other networks across the Internet.

  • Vulnerability Assessment. Enables assessments of a network's security position by uncovering security gaps and suggesting improvements.

  • Virus Protection. Helps protect against viruses, worms, and Trojan Horses.

As an aggregate, these security technologies can be time consuming to install and independently would be difficult and expensive to manage and update. When integrated into a single solution, however, they offer more comprehensive protection while reducing complexity and cost. In most enterprises, a variety of individual security products from different vendors have probably been implemented as network security has evolved. Enterprises are thus likely to gradually migrate to an integrated security solution, to ensure the interoperability and integration of competing security products at each network tier. Such a phased approach will initially involve the integration of a subset of security functions.

Benefits of Integrated Security

Increased Security Posture

Security technologies that are integrated will ultimately interoperate, providing an enhanced security posture over their standalone counterparts. Intrusion detection technology could identify a potential threat and encourage a higher firewall posture, or the firewall technology could initiate a virus scan of a suspicious transmission. This reduces the risk of a technology becoming the "weakest link" in the security chain, and increases the potential for capture and containment of blended threats.

Operational Efficiency of Security Functions

Integrated security reduces the need to purchase, install, update, and manage multiple security products or address interoperability issues between various products at each network tier. Such a solution enables reallocation of IT personnel to other strategic projects while maximizing the productivity of the often overburdened IT department, improving security manageability overall.

Minimized Impact of Attacks on Business

Since an integrated security solution can be implemented at all network tiers, it offers greater protection of proprietary assets. Integrated security better allows for uninterrupted business operations, promotes employee productivity, maximizes revenues, and minimizes the possibility of litigation.

Features of Integrated Security

Due to the rapid evolution of threats, security is a constantly moving target. As a result, security is only as effective as the most recent update of a virus definition, firewall rule, intrusion signature, or other content updates. By applying a uniform approach to systems and devices that contain business-critical and sensitive information assets, organizations can ensure the integrated and timely updating of their security content and other critical aspects of a security system.

Technology alone does not address security issues. An integrated security solution works best when built upon strong policies and procedures and supplemented by appropriate personnel and physical security measures. Solid security policy and standards define what needs to be protected, who is granted access, and the reason access is required. Executive-level support in the organization for the security policy, as well as employee awareness, helps ensure successful policy adoption.

An integrated security strategy improves the overall security posture of the network in a way not possible via implementation of individual products. Whether security is handled in-house or outsourced, ensuring that all of these capabilities are in place is vital to maintaining a secure critical infrastructure.

The Future of Integrated Security

Organizations can now benefit from integrated security in a variety of ways, including improved efficiency of security functions, minimized business impact of attacks, and an improved overall security posture. In fact, companies that adopt an integrated security strategy today will be in the best position to take advantage of the next stage of integrated security, whereby all network tiers will be integrated and centrally managed. Through this enterprise-wide integration of security, administrator resources will be optimized, as installation, reporting, and updates will be possible from a single console. This management capability will further improve protection, while reducing the administrative, support, and ownership costs typically associated with enterprise security.

About the Author

Eric Winsborrow is the Senior Director of Product Management at Symantec Corporation. His team is responsible for Symantec Client Security, released in August 2002, which integrates antivirus, client firewall and intrusion detection technologies. Some other solutions managed within his organization include the popular Symantec Antivirus Corporate Edition, Symantec Antivirus/Filtering for MicroSoft Exchange, Symantec Antivirus/Filtering for Domino and the Symantec Security Management System.

comments powered by Disqus