The challenge of securing global networks has changed a great deal in the past five years and it is now bidirectional. In the past, we worked mainly to prevent hackers from infiltrating our network and stealing information. A threat of equal magnitude exists today in the potential for insiders (employees) to leak their companies’ confidential information and open the door to cybercriminals. Organizations must now protect themselves from both internal and external threats.
But it is overwhelming. There are hundreds of vendors offering a plethora of network security products, but the narrow focus and limited functionality of each prohibits them from being true solutions. “Hit-or-miss” security solutions are just not good enough. For most organizations – especially SMEs – outsourcing is not a viable option. What’s more, the solution does not have to be turning the problem over to others.
Despite increasing network complexity, today’s security administrators must develop a holistic approach to their network security management programs. They must leverage the appropriate tools, up-to-date policies and a well-trained staff for optimal security.
Finding available tools is easy, because there is a steady proliferation of network security devices. Companies that, for example, previously had three firewalls and one IDS to protect their network now have hundreds of security devices of a dozen different kinds.
Additional functionality is built in to these devices, making them more complex. There are also newer variants of network security devices, such as identity-based firewalls, that try to straddle that bidirectional security challenge.
We continue to throw more, better, different security devices at the network thinking that more devices will deliver better security. Yet we discover that more security devices merely generate more data. What we do with it – how we analyze it and how we use it – becomes the pertinent question.
This explains the emergence of the Security Event Management (SEM) market and its role in providing an integrated solution. Until recently, network security administrators were sadly destined to sift through piles of logs generated by all those security devices to find the virtual needle in the haystack – the five or ten percent of the logs that might be significant.
SEM aims to collect device data streams from across the network, analyze their data and, through an intelligent approach to correlation, make sense of it all. Rather than installing yet more devices to generate yet more data, SEM solutions aim to make sense of the data by presenting correlation results in a meaningful way and in real time.
Intelligent correlation of the device data is half of the SEM solution. The other half is the ability to present the results of the correlation analysis in a meaningful way and in real time, so that significant anomalies are highlighted.
The emergence of SEM tools plays an important role in managing network security, but it is only one part of the solution. Another is creating policy-based security management – remember, security devices are only as effective as the policy around them.
Many companies do an excellent initial job of defining a good network security policy, but it cannot stop there. Companies must also determine how often the policies should be updated, who should oversee them, and any other procedures that can help manage the network security devices.
A key challenge in network security management is the breadth of the problem, its underlying complex technology and the difficulty of putting together sound processes to resolve it. Policy servers now enable multi-vendor policy-based security management. Some support NAT, VPN and firewalls in the same package with enough feature- depth to enable short implementation timeframes and the flexibility to respond to changing process needs.
Policy servers now enable large enterprises to implement and manage security policies consistently across complex, geographically dispersed networks of firewalls and VPNs.
Policy servers can improve network security without the changing of chosen technology and with minimal migration effort. The ROI is significant, in terms of network and security operation resources, as well as infrastructure cost savings, according to Better Management for Network Security, a white paper published by SolSoft last year.
Human resource issues can also impede good network security. The IT field is becoming known for its staffing shortages, including network professionals and security analysts. Once you have hired worthy staff, do everything in your power to keep your people current and competitive. Provide them with every opportunity to advance their knowledge through the wide array of security training certifications that are offered by CheckPoint, Cisco, CISSP, CERT, Microsoft, Oracle, and SANS.
This will not only help security administrators to hone their professional skills, but will make them confident that they personally are on the leading edge of technical savvy thanks to you, their employer.
To ensure that network security measures and tools are kept in good working order, a complete, periodic network security assessment should include the following checks: n Firewall security assessment; n Enforcement of network security policies; n Router security checks; n Review of remote authentication servers; n Review of network security policies; n Review of vendor security updates; n Complete vulnerability assessment; n Password strength checking.
Securing an enterprise network is more challenging today than ever before. While security devices are critical components of any well-managed network security program, they must be used with other tools; appropriate, current policies; and regular audits by a well-trained staff. Only a holistic approach to network security can result in an effective network management program and a secure network.