Integrated Security: A New Network Approach

  • Written By:
  • Published:

Executive Summary

As organizations become more dependent on their networks for business transactions, external data sharing, and simple day-to-day communications, the need increases for these networks to be more accessible and operational. But as accessibility to the network becomes easier, so does gaining access to the critical data they are storing. The challenge is to ensure that the right people gain access and the wrong people do not, making the role of information security even more critical to enabling today's businesses. Yet, current security solutions are typically comprised of multiple point products designed for an isolated task (such as detecting a virus or preventing an intrusion). This results in a lack of interoperability, manageability, and a higher cost of ownership.

Integrated security is emerging as an effective approach to address the new challenges facing e-businesses. This method integrates multiple security technologies (such as antivirus, firewall, intrusion detection), and combines them with policy compliance, management, service and support, and advanced research for more complete protection. By adopting a comprehensive strategy that holistically addresses security at each tier of the network (i.e., client, server and gateway), organizations are able to reduce costs, improve manageability, enhance performance, tighten security, and reduce risk of exposure. An integrated security approach offers the most effective security posture at the optimal cost-benefit ratio, compared to multiple point product security implementations.

This article, Part One of a two-part article, provides an overview of the key drivers behind this shift toward integrated security, including the growing sophistication of network attacks; and summarizes the business impact of attacks on networks that are not employing integrated security.

Part two describes the key elements and benefits of an integrated security solution in comparison to current security solutions.

Evolving IT and Business Environments

The ability to have open communications and collaborations amongst company stakeholders, including customers, employees, suppliers, partners, contractors, and telecommuters is required in an enterprise network environment.

The gateway, server, and client layers of the network are interconnected to meet the needs of the hyper-connected firm. This means that business-critical information resides at multiple levels in the internal network, each of which requires comprehensive protection. While IT personnel have traditionally focused on centralized security at the data-center level, they now have to address the ever-expanding definition of the network reach and corresponding security requirements.

Although information security is not a core competency of most organizations, it is clearly a requirement for transacting online business. Security thus becomes a key business enabler, not simply an IT option. For this reason, information security is receiving a growing amount of scrutiny from higher-level executives, such as CIOs, who are interested in how security will assist the enterprise in achieving business goals, not necessarily how the technology works. From a security standpoint, executive goals include the following:

  • Implementing solutions that ensure openly robust, yet secure network infrastructures to protect information assets and to ensure business continuity

  • Keeping pace with the changing requirements of e-business (e.g., high network availability, data integrity, and privacy) and the corresponding security threats

  • Meeting logging, reporting, auditing, and compliance requirements

  • Facing these challenges with limited resources at lower cost

  • Selecting solutions that maximize employee productivity, including that of the IT department (e.g., ease of security solution administration and management)

The Growing Threat

The number of email-borne viruses continues to rise each year. According to the Computer Security Institute's annual "Computer Crime and Security Survey," 94% of the respondents say they detected computer viruses in 2001 (compared to 85% in 2000).

Compounding the virus threat is the potential for malicious code to spread quickly and infect an organization's network before detection. This malicious code can seep into a network in a number of ways:

  • It can accompany mobile code on Web pages, Web-based mail, and HTTP and FTP file downloads.

  • Attachments to Web-based email programs;

  • Mobile code such as Java, JavaScript, and ActiveX used to execute simple graphics or animation programs on Web pages;

  • Documents or software downloaded via FTP or HTTP.

These Web-based attacks are both clandestine and worrisome because an Internet user in an enterprise may download a program or visit a Web page that seems harmless, but unbeknownst to them it could contain malicious code, such as a Trojan Horse, which would expose the entire network to hackers.

At the same time, threats to the network have become increasingly sophisticated, with attack techniques that employ multiple methods to discover and exploit network vulnerabilities becoming more commonplace. For instance, the viruses, worms and Trojan Horses that often hide within files or programming code are able to self-replicate and self-propagate, allowing them to be spread easily by unknowing computer users. And, the new "blended threats" like CodeRed and Nimda are taking the worst characteristics of viruses, worms and Trojan Horses, and combining them with server and Internet vulnerabilities in order to initiate, transmit and spread an attack.

Types of Network Attacks

Many types of network attacks exist, each with its own varying degree of impact. Common types of threats include:

  • Malicious Code Attacks. These types of attacks, capable of damaging or compromising the security of individual computers as well as entire networks, are usually viruses, worms, and Trojan Horses that hide within files or programming code only to self-replicate, self-propagate, or be spread by unknowing computer users.

  • Denial-of-Service (DoS) Attacks. Capable of disabling a single computer or entire networks, DoS attacks are explicit hacker attempts with the sole intention of keeping legitimate users of a network from using that service and/or to disrupt normal business operations. Examples include attempts to "flood" a network, thereby blocking legitimate network traffic, and attempts to disrupt connections between two machines, thus preventing access to a service.

  • Unauthorized Access: Internal and External Hacking. A hacker is someone who is able to gain access and control over computers, information, and technology without proper authority. By exploiting security vulnerabilities in an organization's network, a hacker can gain access to important network or data resources for purposes of removal, duplication, or even destruction of proprietary assets. Whether the culprit is a disgruntled employee, contractor, or anonymous outsider, the invasion can lead to company downtime, cleanup costs, and/or the often unrecoverable cost of stolen proprietary data

  • Blended Threats. These threats combine the characteristics of viruses, worms, Trojan Horses, and/or malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack. By utilizing multiple methods of attack and self-propagation, blended threats can spread rapidly and cause widespread damage. Blended threats are particularly voracious because they are designed to exploit the vulnerabilities of independently deployed and operated security technologies.

The Impact of Network Attacks on Business

Network attacks range from easy-to-quantify consequences such as interrupted business operations, to losses that are difficult to calculate (e.g. damaged brand equity). Some consequences of network attacks include:

  • Interruption of Business Operations. Downtime due to an attack results in lost productivity and revenues, and the costs associated with restoring a hacked network can increase the overall financial impact of such an attack. Once attacked, an organization typically deploys a cleanup team to enable customers, employees, and partners to resume business operations as soon as possible. Not only is much of the business brought to a halt until a fix is implemented, but the cleanup team is pulled away from its daily duties, compounding productivity loss.

  • Legal Liability and Potential Litigation. Organizations that have been hacked may find themselves in court as a defendant or key witness. Companies required to comply with privacy and security regulations, such as health care organizations and financial institutions, may need to demonstrate their due diligence in minimizing their exposure to network attacks. This process is a drain on both employee productivity and company cash flow, and publicity around litigation could damage a company's reputation even if exonerated of the initial charge.

  • Reduced Ability to Compete. Information is often considered a company's most valuable asset. The loss or theft of such data can pose serious consequences, even rendering the company's market position untenable. According to the 2002 CSI/FBI Computer Crime and Security Survey, the most serious financial losses due to security breaches included theft of proprietary information (26 respondents reported total losses over $170,000,000).

  • Damage to Brand Equity. Damage to a company's brand may assume various forms, each of them capable of degrading a company's position in the marketplace. For example, companies that have had customer data (such as credit card information) stolen and publicly displayed on other web sites have a hard time restoring customer confidence in their brand.

This concludes Part One of a two-part article on Network Security.

Part Two describes the key elements and benefits of an integrated security solution in comparison to current security solutions.

About the Author

Eric Winsborrow is the Senior Director of Product Management at Symantec Corporation. His team is responsible for Symantec Client Security, released in August 2002, which integrates antivirus, client firewall and intrusion detection technologies. Some other solutions managed within his organization include the popular Symantec Antivirus Corporate Edition, Symantec Antivirus/Filtering for MicroSoft Exchange, Symantec Antivirus/Filtering for Domino and the Symantec Security Management System.

comments powered by Disqus