Mitigating the Complexities of Security Management
by Craig Rode - Senior Director of Product Management at Symantec - Wednesday, 17 March 2004.
To eliminate the complexities of such a task, organizations require an alerting system that provides early warnings about threats that exist in the computing environment, along with possible tools to prevent those threats from impacting the network. In order for security threat information to be accurate and credible, early warning systems should literally include thousands of global touch-points backed by sound statistical analysis and methodologies. Alerts should be delivered quickly through a variety of media, and mitigation steps such as patches and countermeasures must be provided immediately.

Integrated Security Protection

Business critical information resides at each level of the network-gateway, server and client-and as security threats continue to increase, each of these tiers are viable targets for the entrance of malicious code and exploitation of vulnerabilities.

In the past, organizations have addressed this issue through a collection of point-products, each working independently. Because each product must be purchased, installed, deployed, managed, and updated separately, this approach has proven to be an inefficient use of IT staff and a costly remedy to the complexities of security.

In contrast, integrated security solutions eliminate these inefficiencies at each tier of the network by combining key technologies-antivirus, firewall, VPN, intrusion detection, content filtering, and vulnerability assessment-to offer more comprehensive protection while reducing the complexity and cost of securing enterprises.

Rapid Response

Ask any IT administrator what their mission is and it is highly likely the answer will come back, "To ensure business and service continuity." It is critical that organizations utilize a rapid response infrastructure that leverages both technology and expertise to address new and emerging threats. It is not enough to just detect threats as they appear, but definitions and signatures must also be made available quickly and easily, and mission-critical security products also need to be supported 24 X 7.

Organizations also need to be aware of the breadth of their security provider's response offerings. An ideal response infrastructure will broaden its offerings beyond product and support, to encompass other beneficial services like analysis, threat management and managed security services.

360 Management

Early warning systems, integrated security and expert response mechanisms are all parts of the complex security equation, but their synergy is most effective when tied together under an open, comprehensive, and standards-based management system that spans all the network tiers and runs on multi-platforms.

Organizations must have a way to sift through the hundreds of simple security events that are generated every minute by their disparate security products, view them together to discover whether they represent a true incident, gauge the relative business impact of the incident, and then take steps to appropriately allocate the resources necessary to address the problem. Further, they must follow each incident to closure in order to eliminate possible recurrence of the problem. And since closure often requires the application of patches or changes in security policy, the verification of these changes must be assured. Without such a system, the process of aggregating and normalizing security event data will remain inefficient and difficult.

Making security manageable

An optimal security posture, and one that eliminates the complexities of security management, is one that takes into account each of these four security disciplines. Adherence to best practices within these four fronts will reduce the costs of enterprise protection and lower risks while enhancing security resource allocation and inefficiencies.

First of all, organizations need an early-alerting system. Because ideally, you want to be alerted before threats damage your business. Next and most fundamentally, you want to protect your business. You need a variety of security solutions at all tiers of the network.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th