The Path to Integrated Network Security (Part I of II)
By Mitchell Ashley, CTO and VP Customer Experience, StillSecure
Network security is rapidly evolving. The numerous technologies that fall within the network security domain—such as firewalls, intrusion prevention systems, vulnerability assessment systems, antivirus, and endpoint compliance solutions—are beginning to share data and reporting functions, and security management is being centralized and consolidated. This is an important development. Previously, single-function, vertical security tools and products were only able to do part of the job in a true layered-security environment. Today, integrated, cooperative security technologies that can leverage each other’s security information and enforcement capabilities are on the forefront of innovation in the security marketplace.
The move toward integration has evolved in response to a number of factors: the continually escalating threat environment; the enactment and enforcement of data security regulations; the calamitous costs associated with compromised data and network downtime, and shortage of security staffing resources in what is becoming an ever increasing manual security management process.
In an attempt to get an enterprise view of security information, many organizations have turned to Security Information Managers (SIMs) as a way to collect and correlate data from multiple security tools. While helpful, this approach requires even more staff resources to correlate information from disparate security systems. In the end, only limited value is achieved as staff are still required to manually act upon the correlated data.
Organizations are seeking proactive, correlated, comprehensive security management that provides a view into their security posture and automates appropriate responses to identified threats. This integrated approach goes beyond the event log correlation provided by SIMs because it automates the appropriate actions that mitigate the threats.
Relevant information is correlated among multiple security systems.
Automated, protective actions are triggered in real time based on correlated data.
Threats are identified, isolated, and acted on quickly, minimizing exposure to risk.
Security is administered with maximum efficiency.
This paper examines the trend toward security integration and illustrates how a real-world threat could be isolated and defended against in an integrated environment.
The emergence of the Internet in the early 1990s created the need for a disciplined approach to network security. Connectivity was a boon to the speed and efficiency with which business is transacted, yet it came at the price of exposing private network assets and proprietary data to the world at large. The first wave of security technologies— primarily firewalls and anti-virus (AV)—quickly emerged to lock down the network perimeter and afford some protection to network endpoints.
While no network would be considered secure without a firewall and AV, today they are insufficient to protect the network by themselves. An analogy would be the business owner located in a high-crime area who only installs locks on his doors. It’s a good start, but without an alarm system, camera surveillance, guard dogs, and regularly scheduled police patrols, his investment is inadequately protected.
By 2000, additional security technologies were making inroads into the market. Recognizing that there was no silver bullet to secure the network, organizations began implementing a ‘layered’ approach, installing additional solutions beyond the firewall and AV. The effective mix of solutions depends on the organization’s size, culture, and business flows. Technologies in the layered security mix include virtual private networks (VPN), intrusion detection/prevention systems (IDS/IPS), identity management and authentication, patch management systems, vulnerability assessment tools, endpoint compliance solutions, and others.
While the layered approach represents a dramatic improvement in the level of security, it comes with a number of administrative drawbacks. Security technologies are point solutions, which collectively introduce a number of operational inefficiencies:
They are typically independent, standalone, vertical technologies that must be individually managed.
Prioritizing security work activities and allocating resources is difficult as there in no relative weighting of criticality among events generated by differing security systems.
Relevant information is locked within each product—information that could be acted upon by other systems were it readily available and discernable.
Such drawbacks prohibit the layered security approach from reaching its true potential. The key that unlocks the potential of a layered security architecture is integration. By bringing network security systems together, the organization immediately realizes considerable synergistic benefits. Integrated security systems can be managed and monitored centrally, yet authority for local actions can be dispersed as needed throughout the enterprise. Responses to security threats can be immediate, not just at the network perimeter but at the desktop device, or even the place of entry into the network. Security issues can be automatically elevated, follow-up tasks can be assigned to the appropriate administrator, and security enforcement systems can take action to limit the exposure posed from an offending device.
About the Author
Mitchell Ashley serves as Chief Technology Officer (CTO) and VP of Customer Experience at StillSecure. As CTO, Mr. Ashley is responsible for the product strategy and development of the StillSecure suite of network security products. As VP of Customer Experience, Mr. Ashley leads StillSecure in providing a 'best-in-class' experience throughout all customer interactions. The creator of StillSecure's endpoint security and vulnerability management products, Mr. Ashley has more than 20 years of industry experience.
StillSecure was founded in June of 2000 by an experienced management team that saw the need for affordable, scalable, and high-performance security solutions. The team recognized the market was saturated with complex products that were difficult to use and expensive to implement. They saw an opportunity to make effective security accessible and affordable for enterprises of all sizes.