Respond. A response infrastructure should be in place to immediately address threats that materialize.
Manage. A management system will enable corporations to see their security posture and ensure the effectiveness of their investments.
Early Warning Alerts
Symantec's Internet Security Threat Report-an analysis of more than 30 terabytes of attack data gathered in real-time from the world's most extensive network of intrusion detections systems (IDSs) and firewalls-found the average size enterprise is being attacked 32 times per week, up from 25 times per week last year and a 28 percent increase from the previous six months. Annualized, this represents 64 percent growth rate in attacks on organizations. While it is clear that security threats are on the rise, consider the complex revelation of the following analysis of one of Symantec's mid-sized customers:
9.5 million log entries and alerts were generated each month by the firewalls and intrusion detection devices across the customer's enterprise. After correlating the data from various sources, 620 security events were identified for further investigation. After removing false positives, 55 events were determined to constitute security threats to the enterprise. Further analysis showed that just two threats posed a risk critical enough to require immediate action.
The fraction of legitimate critical security risks to events is miniscule-two out of millions-but imagine the time, resources, and expertise necessary to arrive at such a determination.
To eliminate the complexities of such a task, organizations require an alerting system that provides early warnings about threats that exist in the computing environment, along with possible tools to prevent those threats from impacting the network. In order for security threat information to be accurate and credible, early warning systems should literally include thousands of global touch-points backed by sound statistical analysis and methodologies. Alerts should be delivered quickly through a variety of media, and mitigation steps such as patches and countermeasures must be provided immediately.
Integrated Security Protection
Business critical information resides at each level of the network-gateway, server and client-and as security threats continue to increase, each of these tiers are viable targets for the entrance of malicious code and exploitation of vulnerabilities.
In the past, organizations have addressed this issue through a collection of point-products, each working independently. Because each product must be purchased, installed, deployed, managed, and updated separately, this approach has proven to be an inefficient use of IT staff and a costly remedy to the complexities of security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.