Mitigating the Complexities of Security Management
by Craig Rode - Senior Director of Product Management at Symantec - Wednesday, 17 March 2004.
Securing your enterprise IT infrastructure can be a complex task. If your computing environment is like most, it is heterogeneous and contains a number of security products from many vendors. You may have diverse intrusion detection systems, VPNs, firewalls, antivirus software, and modems allowing remote users to dial into your network, along with offices in different geographic locations. Potential problems with this scenario aren't hard to find. Without a holistic view of the current security structure, how do you go about managing security? Security tools may work well on their own, but how do they work together to protect your network, and how do you monitor their performance?

With today's organizations becoming more global, connected, and dynamic in nature, the idea and practice of information security has never been more complex.

Consider the following challenges IT faces in protecting the corporate networking environment:
  • Each week, 60 new software vulnerabilities and 100 new viruses are identified.
  • Customers and stakeholders continue to demand greater levels of services via online systems.
  • Organizations face significant time, budgetary, and personnel constraints.
Traditionally, organizations have relied on a point-product approach to address these issues. However, this has led to a new and seemingly impossible challenge: How to effectively and efficiently manage and mitigate the complexities of this security environment.

Enforcing security policies and regulations

Enterprises need to establish security policies, standards, and procedures to enforce information security in a structured way. Conducting a risk assessment will help you to identify and manage the vulnerabilities in your environment. From there, you will be able to develop a proper policy framework and standards, and begin constructing a set of policies tailored for your enterprise.

ISO 17799 is one of many government and industry based regulations and standards that enterprises are incorporating into their security policies. Your enterprise may also be subject to industry-specific security regulations such as HIPAA and GLBA. These outside policies need to be enforced, in addition to your own in-house policies. Establishing a security policy is one thing - effectively managing and enforcing them is quite another. Keeping access controls, authentication, and authorization measures up-to-date on all levels of your network is critical for a security policy to be effective. Any gaps in this information can increase your exposure to threats. Companies may have information security policies in place to protect critical assets and sensitive data, but they rarely have the means to effectively monitor compliance in accordance with that policy.

Great security software, but tough to manage

It can be difficult to get real-time information concerning what is happening across your enterprise network. If you have deployed various security devices on your network, you know it takes time to sort through the data coming in carrying thousands or even millions of events -- and finding the most important incidents in time to take action is a challenge. What's more, you need to have qualified employees who possess the expertise to interpret the data, regardless of whether performing a trend analysis or simply deciphering the important from the non-important series of events.

It is a common problem: you have installed separate security components, and each comes equipped with their own management console. But time is of the essence: you know that security incidents won't wait for your team to discover them. Without a single view of events occurring in the network, security threats such as attempts to crack into your corporate server or a blended threat crossing into your network could happen right under your nose.

Controlling blended threats


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th