Mitigating the Complexities of Security Management
by Craig Rode - Senior Director of Product Management at Symantec - Wednesday, 17 March 2004.
In 2001, we were introduced to blended threats, including Code Red and Nimda, and since then we've witnessed the impact of others like Bugbear, Klez and Slammer. What differentiates these sophisticated threats from other Internet worms is that they use multiple methods to attack or propagate. If nothing else, these threats have taught us that a "one threat, one cure" approach is outdated. Defending your enterprise from blended threats requires protection on all parts of the network, and an ability to respond on the gateway, server, and client levels. Typically, blended threats exploit known vulnerabilities such as buffer overflows, HTTP input validation vulnerabilities, known default passwords, etc., all of which can be mitigated with existing operating system and application security patches. How do you ensure that all of your systems are up-to-date with the latest security patches?

Getting the most out of your security staff

Managing enterprise security today is a difficult process, delivered through a combination of disparate commercial products from different vendors lacking integration and interoperability. The result is a high degree of complexity and increased operational costs. Your administrators may be spending a lot of time focusing on redundant tasks that are required to manage the complex security infrastructure of your network. In this economic climate, there is increased pressure to do more with less from both a financial and resources viewpoint. Think of the possibilities-if you could free up your staff to focus on higher value activities, it would mean improved and more proactive security for your enterprise.

A Disciplined Approach

Given the above challenges, the complexities of today's security challenges require a holistic approach within the following four security disciplines:

Alert. Alert systems must be implemented to provide early warnings of threats-before operations can be infected.

Protect. Protection requires the integration and deployment of security solutions at every tier of the network.

Respond. A response infrastructure should be in place to immediately address threats that materialize.

Manage. A management system will enable corporations to see their security posture and ensure the effectiveness of their investments.

Early Warning Alerts

Symantec's Internet Security Threat Report-an analysis of more than 30 terabytes of attack data gathered in real-time from the world's most extensive network of intrusion detections systems (IDSs) and firewalls-found the average size enterprise is being attacked 32 times per week, up from 25 times per week last year and a 28 percent increase from the previous six months. Annualized, this represents 64 percent growth rate in attacks on organizations. While it is clear that security threats are on the rise, consider the complex revelation of the following analysis of one of Symantec's mid-sized customers:

9.5 million log entries and alerts were generated each month by the firewalls and intrusion detection devices across the customer's enterprise. After correlating the data from various sources, 620 security events were identified for further investigation. After removing false positives, 55 events were determined to constitute security threats to the enterprise. Further analysis showed that just two threats posed a risk critical enough to require immediate action.

The fraction of legitimate critical security risks to events is miniscule-two out of millions-but imagine the time, resources, and expertise necessary to arrive at such a determination.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th