A Holistic Approach to Securing the Enterprise
by Don Kleinschnit - Vice President Of Product Delivery At Symantecís Enterprise Administration Business Unit - Friday, 2 July 2004.
The continuance of malicious computer attacks has made security a front page topic in almost every board room and IT oversight committee. Most IT departments accept that routine updates to software operating environments are a necessary part of managing systems.

Itís also not hard to convince the IT professional that the protection of data assets forms the foundation of recovering from a disruptive event. But very seldom do we think of security, systems and storage management as part of a seamless and holistic approach to securing the enterprise. Considering the rate at which vulnerabilities show up in our computing environment and the speed at which they can be exploited, we need to rethink how these three management environments should be leveraged after all; "The only truly secure infrastructure is a managed infrastructure!"

As the list below suggests, the administrative job of managing and securing the enterprise is complex and convoluted with loosely integrated software which attempts to automate the normal operations of the enterprise.
  • Firewall management
  • Virus definition updates
  • Data backup
  • Applications update
  • Software licensing compliance
  • Vulnerability assessment
  • Disaster recovery
  • Storage provisioning
  • OS upgrade & provisioning
  • Archive policy
  • File recovery
  • Asset inventory & reporting
  • Repurposing
  • Common operating environment policy
  • Patch installation
However, in todayís heavily exploited environment we must ensure that the security, systems and storage management elements of the infrastructure can not only manage during normal conditions, but also manage effectively through the disruption of an exploit. Stated differently, security, systems and storage management systems must effectively manage during normal state and disruptive state conditions. Clearly the disruptive case is the more difficult state to manage.

What is a Disruptive State?

When an enterprise has entered a disruptive state it is a serious change in status, evidenced by the number of IT executives that suddenly are visible in meetings, phone calls and triage sessions. The entire enterprise enters a lockdown as the IT departments identify the threat, determine the vulnerabilities, plan corrections and wait for an exploit. The entire enterprise is holding its breath. The IT organization works long hours to secure servers, desktops, laptops and most recently handheld mobile devices. Often the more controlled process and management automations succumb to the deployment of individual experts to manually correct known problems and hunt for leaks in the infrastructure. The frequency, duration and damage that occurs during disruptive states gives rise to new challenges faced by IT management products.

Managing in the disruptive case requires that the management software be capable of managing through three basic transitional phases: understanding the disruption, controlling the transition and finally acting in a way that returns the system to the normal state. This Proactive Security System must rely on the underlying infrastructure to take action and remediate the disruption; therein lies the critical connection between security, systems and storage.

Understanding Phase

The system must understand and articulate the origin and nature of the disruption. Security sensors provide the knowledge and understanding necessary to warn enterprises of impending disruptive states.

Control Phase

Once the management state is recognized as "disrupted," action must be taken in a controlled fashion with the goal of returning the system to its normal state. The control phase provides the rules of execution and the instructional intelligence that the infrastructure must follow during the act phase.

Act Phase


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th