Network security -- it continues to be one of the biggest concerns of almost every company the world over. Companies are spending millions of dollars and thousands of hours recovering from the latest network attack. These companies are betting their businesses on the integrity and security of their network, and they can no longer continue to live in a world where one attack can be catastrophic.
With this mind, companies need to look at network security with a long-term view, and realize that it is always going to be a battle against increasingly sophisticated criminals. Like crime, network security attacks will never be eliminated as long as people see a challenge in outwitting the system or can make a profit from it. The onus will increasingly be on the company to be diligent and vigilant, always staying one step ahead.
Technology has a key role to play, but there will not be a major breakthrough any time soon to overcome these challenges. Software and hardware vendors that provide
But while the industry continues to take steps to reduce the number of vulnerabilities found in products, software applications are not getting any simpler. As customers continue to demand more and more features, software will interact with more applications and work over increasingly complex networks. This creates even greater complexity, introducing even more vulnerabilities that will need to be addressed. The bottom line is that there are always going to be risks when deploying new solutions. Instead of blaming vendors, the best insurance for companies is to discover and address vulnerabilities within their network before they become a target for attacks.
For many companies, the solution is to invest in security technology. But the reality is that most existing solutions are largely reactive in nature and fail to address the bigger picture.
Take for instance, a widely deployed security technology such as intrusion detection systems (IDS). These systems address a specific security issue-- the need to know when someone is breaking into your network. With this approach, however, you are waiting for a break-in to occur and reacting to each occurrence. If an organization is constantly in reaction mode when it comes to network security, the predictability and safety it is meant to provide are seriously degraded.
Another current failing of most network security offerings is that the majority are standalone offerings. So while you may have all the right technology deployed, you only have information -- not real intelligence -- as each product is only identifying one part of the problem. This means your IT staff is left with the time-consuming task of analyzing all this information and then using guesswork to piece together an overall picture of the health of the network. Without intelligence, security is little more than guesswork.
Taking responsibility for securing the enterprise
Companies need to be responsible for their own protection. For long-term success, companies must take decisive action to quickly change existing thinking and processes to be more proactive. An intelligence-based approach that addresses all aspects of network security will empower companies to make informed, strategic decisions before attacks occur. In taking responsibility for security, there are a few best practices every company should adopt when making investments in technology. Most importantly, solutions must be assessed based on their ability to provide a truly proactive approach to network security and how they will fit within a corporate security culture centered on prevention.
In order to change how your company thinks about security, it's important to ensure that purchasing decisions are made based on actual need and not hype. You need to assess any new solutions with an in-depth understanding of your company's network environment and look at key factors such as deployment, accuracy and manageability.
It's also important to keep in mind the critical role of intelligence in ensuring the overall security of your network. To derive the intelligence you need to be truly proactive, integration is important. Adding another standalone security solution will only add to the headache of figuring out where vulnerabilities really are and how to fix them.
The good news is that the network security industry is moving toward greater integration. Already, vulnerability management systems are being used to correlate data from other systems and extend the intelligence of IDS, IPS and firewall offerings.
Moving beyond technology, companies need to have a clear and concise security policy that is strictly enforced. While it is easy to commit a set of directives to paper, the true challenge is compliance. Without actively ensuring compliance, your employees can unwittingly be a threat to the overall security of the network.
By making the necessary financial and time investments ahead of the curve, corporations can plan and measure the success of their security program in a predictable and controlled way, instead of waiting to clean up after an attack.
About the author:
Abe Kleinfeld is president and CEO of nCircle, a provider of enterprise-class vulnerability management solutions. He can be reached firstname.lastname@example.org.
This was first published in July 2004