As organizations become more dependent on their networks for business transactions, external data sharing, and simple day-to-day communications, the need increases for these networks to be more accessible and operational. But as accessibility to the network becomes easier, so does gaining access to the critical data they are storing. The challenge is to ensure that the right people gain access and the wrong people do not, making the role of information security even more critical to enabling today's businesses. Yet, current security solutions are typically comprised of multiple point products designed for an isolated task (such as detecting a virus or preventing an intrusion). This results in a lack of interoperability, manageability, and a higher cost of ownership.
Integrated security is emerging as an effective approach to address the new challenges facing e-businesses. This method integrates multiple security technologies (such as antivirus, firewall, intrusion detection), and combines them with policy compliance, management, service and support, and advanced research for more complete protection. By adopting a comprehensive strategy that holistically addresses security at each tier of the network (i.e., client, server and gateway), organizations are able to reduce costs, improve manageability, enhance performance, tighten security, and reduce risk of exposure. An integrated security approach offers the most effective security posture at the optimal cost-benefit ratio, compared to multiple point product security implementations.
article, Part One of a two-part article, provides an overview of the key drivers
behind this shift toward integrated security, including the growing sophistication
of network attacks; and summarizes the business impact of attacks on networks
that are not employing integrated security.
two describes the key elements and benefits of an integrated security solution
in comparison to current security solutions.
Evolving IT and Business Environments
The ability to have open communications and collaborations amongst company stakeholders, including customers, employees, suppliers, partners, contractors, and telecommuters is required in an enterprise network environment.
The gateway, server, and client layers of the network are interconnected to meet the needs of the hyper-connected firm. This means that business-critical information resides at multiple levels in the internal network, each of which requires comprehensive protection. While IT personnel have traditionally focused on centralized security at the data-center level, they now have to address the ever-expanding definition of the network reach and corresponding security requirements.
Although information security is not a core competency of most organizations, it is clearly a requirement for transacting online business. Security thus becomes a key business enabler, not simply an IT option. For this reason, information security is receiving a growing amount of scrutiny from higher-level executives, such as CIOs, who are interested in how security will assist the enterprise in achieving business goals, not necessarily how the technology works. From a security standpoint, executive goals include the following:
Implementing solutions that ensure openly robust, yet secure network infrastructures
to protect information assets and to ensure business continuity
- Keeping pace
with the changing requirements of e-business (e.g., high network availability,
data integrity, and privacy) and the corresponding security threats
- Meeting logging,
reporting, auditing, and compliance requirements
- Facing these
challenges with limited resources at lower cost
- Selecting solutions
that maximize employee productivity, including that of the IT department (e.g.,
ease of security solution administration and management)
The Growing Threat
The number of email-borne viruses continues to rise each year. According to the Computer Security Institute's annual "Computer Crime and Security Survey," 94% of the respondents say they detected computer viruses in 2001 (compared to 85% in 2000).
Compounding the virus threat is the potential for malicious code to spread quickly and infect an organization's network before detection. This malicious code can seep into a network in a number of ways:
It can accompany mobile code on Web pages, Web-based mail, and HTTP and FTP
Attachments to Web-based email programs;
or animation programs on Web pages;
Documents or software downloaded via FTP or HTTP.
These Web-based attacks are both clandestine and worrisome because an Internet user in an enterprise may download a program or visit a Web page that seems harmless, but unbeknownst to them it could contain malicious code, such as a Trojan Horse, which would expose the entire network to hackers.
At the same time, threats to the network have become increasingly sophisticated, with attack techniques that employ multiple methods to discover and exploit network vulnerabilities becoming more commonplace. For instance, the viruses, worms and Trojan Horses that often hide within files or programming code are able to self-replicate and self-propagate, allowing them to be spread easily by unknowing computer users. And, the new "blended threats" like CodeRed and Nimda are taking the worst characteristics of viruses, worms and Trojan Horses, and combining them with server and Internet vulnerabilities in order to initiate, transmit and spread an attack.
Types of Network Attacks
Many types of network attacks exist, each with its own varying degree of impact. Common types of threats include:
Malicious Code Attacks. These types of attacks, capable of
damaging or compromising the security of individual computers as well as entire
networks, are usually viruses, worms, and Trojan Horses that hide within files
or programming code only to self-replicate, self-propagate, or be spread by
unknowing computer users.
(DoS) Attacks. Capable of disabling a single computer or entire networks,
DoS attacks are explicit hacker attempts with the sole intention of keeping
legitimate users of a network from using that service and/or to disrupt normal
business operations. Examples include attempts to "flood" a network, thereby
blocking legitimate network traffic, and attempts to disrupt connections between
two machines, thus preventing access to a service.
Access: Internal and External Hacking. A hacker is someone who is
able to gain access and control over computers, information, and technology
without proper authority. By exploiting security vulnerabilities in an organization's
network, a hacker can gain access to important network or data resources for
purposes of removal, duplication, or even destruction of proprietary assets.
Whether the culprit is a disgruntled employee, contractor, or anonymous outsider,
the invasion can lead to company downtime, cleanup costs, and/or the often
unrecoverable cost of stolen proprietary data
Threats. These threats combine the characteristics of viruses, worms,
Trojan Horses, and/or malicious code with server and Internet vulnerabilities
to initiate, transmit, and spread an attack. By utilizing multiple methods
of attack and self-propagation, blended threats can spread rapidly and cause
widespread damage. Blended threats are particularly voracious because they
are designed to exploit the vulnerabilities of independently deployed and
operated security technologies.
The Impact of Network Attacks on Business
Network attacks range from easy-to-quantify consequences such as interrupted business operations, to losses that are difficult to calculate (e.g. damaged brand equity). Some consequences of network attacks include:
Interruption of Business Operations. Downtime due to an attack
results in lost productivity and revenues, and the costs associated with restoring
a hacked network can increase the overall financial impact of such an attack.
Once attacked, an organization typically deploys a cleanup team to enable
customers, employees, and partners to resume business operations as soon as
possible. Not only is much of the business brought to a halt until a fix is
implemented, but the cleanup team is pulled away from its daily duties, compounding
Liability and Potential Litigation. Organizations that have been
hacked may find themselves in court as a defendant or key witness. Companies
required to comply with privacy and security regulations, such as health care
organizations and financial institutions, may need to demonstrate their due
diligence in minimizing their exposure to network attacks. This process is
a drain on both employee productivity and company cash flow, and publicity
around litigation could damage a company's reputation even if exonerated of
the initial charge.
Ability to Compete. Information is often considered a company's most
valuable asset. The loss or theft of such data can pose serious consequences,
even rendering the company's market position untenable. According to the 2002
CSI/FBI Computer Crime and Security Survey, the most serious financial losses
due to security breaches included theft of proprietary information (26 respondents
reported total losses over $170,000,000).
to Brand Equity. Damage to a company's brand may assume various forms,
each of them capable of degrading a company's position in the marketplace.
For example, companies that have had customer data (such as credit card information)
stolen and publicly displayed on other web sites have a hard time restoring
customer confidence in their brand.
concludes Part One of a two-part article on Network Security.
Two describes the key elements and benefits of an integrated security solution
in comparison to current security solutions.
Winsborrow is the Senior Director of Product Management at Symantec
Corporation. His team is responsible for Symantec Client Security,
released in August 2002, which integrates antivirus, client firewall and intrusion
detection technologies. Some other solutions managed within his organization
include the popular Symantec Antivirus Corporate Edition, Symantec
Antivirus/Filtering for MicroSoft Exchange, Symantec Antivirus/Filtering
for Domino and the Symantec Security Management System.