A Holistic Approach to Securing the Enterprise
by Don Kleinschnit - Vice President Of Product Delivery At Symantec’s Enterprise Administration Business Unit - Friday, 2 July 2004.
During the act phase the infrastructure must respond to the disruption in a way that restores it to a normal or “safe” state. Act phase activities include many of the same tasks that are undertaken during the normal state but with an increased focus on the speed and reliability in which they occur. As an example, security patches must be deployed quickly without disruption whereas the normal process of upgrading operating systems and applications are typically done as a normal course of change management. While security patches are being planned and deployed the enterprise is vulnerable to damage.

Systems and data recovery is another example of similar processes being executed in the normal and disrupted state. Traditional backup systems back up data during normal operations but they very seldom focus on processes that will allow a recovery within the window required by most disruptive events. Since many normal and disruptive state management tasks are similar, it is logical to conclude that if we architect for the disruptive state we will also realize improvements in the responsiveness of the normal state management tasks.

It is important to recognize the enterprise-wide scope of managing in the normal and disrupted state. During the transition phase the management software must be capable of connecting to and managing the entire computing environment. This environment includes servers, network devices, desktops, laptops and handheld devices in both wired and wireless environments.

Consider three key pain points often highlighted during CIO discussions.


The challenge of migrating and building systems at the rate of arrival of new operating systems has become so difficult that some CIOs see it as a career-threatening event. The process involves determining, first of all, what is exactly on every machine in the enterprise, setting the standards for a new operating environment, preparing that environment for deployment and then finally deploying the change. The whole process takes significant manual activity and expertise and can be so difficult that many organizations still have yet to migrate to Windows XP while a new Windows environment is already inevitable with Microsoft’s Longhorn. Provisioning is traditionally a normal state management task but it is a good example of an area that needs significant improvement through automation.

Patch Remediation

The ability to completely patch and configure machines presents a large problem—primarily because the threat landscape evolves more quickly than the patch process can update the software. Viruses such as Sasser and Blaster are proof that virus writers will continue to exploit vulnerabilities—Sasser was released into the wild less than three weeks after Microsoft announced the vulnerability it exploited. The window of opportunity in which IT can react to vulnerabilities continues to decrease. Patch Management is mostly a disruptive state application but as stated previously it can be thought of as a highly responsive component of normal state provisioning.

Protection & Recovery

It goes without saying that generally data should be protected but organizations should also have a backup and disaster recovery plan that will help them recover in the event of a successful attack. Data recovery has become a heightened concern because the rate of attack is increasing, so the probability of having to recover is higher. Additionally, having an infrastructure where the accuracy of financial reporting, the privacy of personal information, security and other process certifications is becoming the personal responsibility of executives. This level of infrastructure accountability is driven by regulations, such as Sarbanes-Oxley, HIPAA and FISMA. The scope of recovery solutions must include desktops, PDAs, servers, and laptops and must have recovery times that are measured in minutes.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th