Getting the most out of your security staff
Managing enterprise security today is a difficult process, delivered through a combination of disparate commercial products from different vendors lacking integration and interoperability. The result is a high degree of complexity and increased operational costs. Your administrators may be spending a lot of time focusing on redundant tasks that are required to manage the complex security infrastructure of your network. In this economic climate, there is increased pressure to do more with less from both a financial and resources viewpoint. Think of the possibilities-if you could free up your staff to focus on higher value activities, it would mean improved and more proactive security for your enterprise.
A Disciplined Approach
Given the above challenges, the complexities of today's security challenges require a holistic approach within the following four security disciplines:
Alert. Alert systems must be implemented to provide early warnings of threats-before operations can be infected.
Protect. Protection requires the integration and deployment of security solutions at every tier of the network.
Respond. A response infrastructure should be in place to immediately address threats that materialize.
Manage. A management system will enable corporations to see their security posture and ensure the effectiveness of their investments.
Early Warning Alerts
Symantec's Internet Security Threat Report-an analysis of more than 30 terabytes of attack data gathered in real-time from the world's most extensive network of intrusion detections systems (IDSs) and firewalls-found the average size enterprise is being attacked 32 times per week, up from 25 times per week last year and a 28 percent increase from the previous six months. Annualized, this represents 64 percent growth rate in attacks on organizations. While it is clear that security threats are on the rise, consider the complex revelation of the following analysis of one of Symantec's mid-sized customers:
9.5 million log entries and alerts were generated each month by the firewalls and intrusion detection devices across the customer's enterprise. After correlating the data from various sources, 620 security events were identified for further investigation. After removing false positives, 55 events were determined to constitute security threats to the enterprise. Further analysis showed that just two threats posed a risk critical enough to require immediate action.
The fraction of legitimate critical security risks to events is miniscule-two out of millions-but imagine the time, resources, and expertise necessary to arrive at such a determination.