As the way organisations use the internet continues to evolve, their security infrastructure must adapt, says Andrew Philpott.
The explosive growth of the internet has changed the very nature ofbusiness communication. As enterprises invest ever-increasing time andresources into ensuring network availability and performance, theopportunity for catastrophic failures due to security holes becomes moreprevalent.
The changing face of enterprise security
Initially, hackers were interested in notoriety. Today the motivation isprofit. The result is attacks that stay out of the news but not out ofthe data stream: while it took 20 minutes for an unprotected computerattached to the internet to be infected in 2004, in 2007 it takes just60 seconds.
Internet-enabled applications and corporate intranets and extranets arenow mission-critical business processes, while the bad guys have becomemore sophisticated. Blended attacks like spam and phishing have grownrapidly, while insertion of malware on internal networks and theconversion of corporate desktops into zombie computers give intrudersunfettered access to the most critical elements of yourinfrastructure.
Given the rapid changes in corporate IT environments, security on thegateway must have:
- Proactive anticipation of threats to catch them before they causedamage
- Integration across devices and protocols to provide broadprotection
- Bi-directional inspection of incoming and outgoing traffic
- Real-time global intelligence with mutual sharing of securityintelligence
- Multi-layered defence that incorporates multiple securitytechniques
Current approaches to gateway security
The core problem for organisations today is that most existing gatewaysecurity approaches suffer from one or more of the followingshortcomings:
- Protection only against a known universe of problems, which isineffective against evolving and blended threats
- Disparate point products for various protocols - With the growth ofvarious technologies for communication over the web, companies have beenforced to deploy standalone products that perform limited functions
- Protection is limited to the data stream and lower-level protocol
Imperatives for enterprise gateway security
A comprehensive enterprise gateway security infrastructure shouldhave:
- Appliance-based delivery
- Application and content awareness - The gateway needs a deep knowledgeof the underlying communication, an understanding of its context and theability to interpret the content
- Centralised policy, management and reporting
- Bi-directional protection - The security gateway needs to scrutiniseinbound traffic in order to block bad traffic while simultaneouslyperforming deep inspection of outbound content to protect against leaksof confidential information or intellectual property
- Proactive protection - With the rapid increase in polymorphic threats,the ability to know immediately what could be dangerous isimperative
- User management and education
- Performance - As traffic volumes increase, the gateways must be ableto keep up and scale for performance
- Resiliency - Security gateways should not introduce points of failuresto the mission at hand.