It can be difficult to get real-time information concerning what is happening across your enterprise network. If you have deployed various security devices on your network, you know it takes time to sort through the data coming in carrying thousands or even millions of events -- and finding the most important incidents in time to take action is a challenge. What's more, you need to have qualified employees who possess the expertise to interpret the data, regardless of whether performing a trend analysis or simply deciphering the important from the non-important series of events.

It is a common problem: you have installed separate security components, and each comes equipped with their own management console. But time is of the essence: you know that security incidents won't wait for your team to discover them. Without a single view of events occurring in the network, security threats such as attempts to crack into your corporate server or a blended threat crossing into your network could happen right under your nose.

Controlling blended threats

In 2001, we were introduced to blended threats, including Code Red and Nimda, and since then we've witnessed the impact of others like Bugbear, Klez and Slammer. What differentiates these sophisticated threats from other Internet worms is that they use multiple methods to attack or propagate. If nothing else, these threats have taught us that a "one threat, one cure" approach is outdated. Defending your enterprise from blended threats requires protection on all parts of the network, and an ability to respond on the gateway, server, and client levels. Typically, blended threats exploit known vulnerabilities such as buffer overflows, HTTP input validation vulnerabilities, known default passwords, etc., all of which can be mitigated with existing operating system and application security patches. How do you ensure that all of your systems are up-to-date with the latest security patches?

Getting the most out of your security staff


Managing enterprise security today is a difficult process, delivered through a combination of disparate commercial products from different vendors lacking integration and interoperability. The result is a high degree of complexity and increased operational costs. Your administrators may be spending a lot of time focusing on redundant tasks that are required to manage the complex security infrastructure of your network. In this economic climate, there is increased pressure to do more with less from both a financial and resources viewpoint. Think of the possibilities-if you could free up your staff to focus on higher value activities, it would mean improved and more proactive security for your enterprise.

A Disciplined Approach

Given the above challenges, the complexities of today's security challenges require a holistic approach within the following four security disciplines:

Alert. Alert systems must be implemented to provide early warnings of threats-before operations can be infected.