|
 |
|
General Information
|
Add To My Personal Library |
October 6, 2006
• Vol.28 Issue 40
Page(s) 1 in print issue
|
Defense In-Depth
Exercise Best Practices & A Tiered Security Defense To Protect Your Internal Network
|
Internal network security is now mission-imperative as SMEs face an ever-changing threat landscape and business drivers such as compliance programs. Intrusions and breaches will occur, and even the best prevention measures will eventually fail, resulting in threats on the internal network. Attack sophistication is also on the increase as organized crime gets into computer hacking.
Defense in-depth is a rising network security strategy combining best practices, policies, and a tiered network security defense. “No single technology makes an effective security strategy for any enterprise. Accordingly, enterprises must adopt a defense in-depth strategy that combines preventive solutions (firewalls, antivirus, etc.) with response solutions (network behavioral analysis [NBA]/signature IDS) for threats missed by primary defenses,” according to Steve O’Brian, vice president of product management and marketing for GraniteEdge Networks (www.graniteedgenetworks.com), the maker of the GraniteEdge ESP 2.0.
Internal networks require specialized defenses because they hold the most valued corporate assets and have different architectures than perimeter. Typically, they are flat networks with no single point of control, meaning many attack vectors and threats are difficult to shut down before compromising corporate data.
 Reduce The Exposure Window
Reducing the exposure window of an attack can be especially challenging for an SME.
“Because SMEs don’t have a command center and may not necessarily have security expertise, they need more automated security checks and balances,” according to O’Brian.
Taking the chance of human error out of the equation is a proactive step for SMEs to reduce the exposure window of an attack.
Mitchell Ashley, CTO of StillSecure (www.stillsecure.com), the maker of SafeAccess, recommends a multilayer security model starting with a baseline of a firewall, VPN, and antivirus for the directing of network traffic. Antivirus software should be deployed on the desktop, at the firewall level, and on the email gateway. His vision for the next tier of security is intrusion prevention and detection software.
O’Brian also recommends the automation of the first-line security tasks: “Accordingly, such enterprises should deploy solutions that do the heavy lifting, reducing the amount of manual analysis required. This applies to threat prevention and response solutions.”
Both Ashley and O’Brian recommend the implementation of NAC (Network Access Control) systems, a relatively new security technology that has gained a foothold this year and is due to grow into next year. NAC systems are software solutions designed to protect the networks and provide access control to all devices on the network, regardless of whether they reside behind the firewall or are remote users. The ability to assess and continually reassess network policies is integral to remediation efforts if an intrusion does occur and your network perimeter is compromised.
Another step SMEs can take to reduce the exposure window is to implement rigorous patching plans both at the server and desktop levels, including auto updating of browsers, office suites, and operating systems.
Narrow Your Focus
“Practically speaking, enterprises cannot protect every asset within the enterprise to the level desired. So they need to focus their attention on high-risk, high-value areas within the network,” according to O’Brian. He further states, “In some cases, these may be servers containing customer records in a database. In other cases, these may be core business processes such as their transaction network. For SMEs, losing a critical resource may put the company out of business. Accordingly, these assets, including the supporting infrastructure, must not be compromised.”
Ross Ortega, president of GraniteEdge Networks advises, “Focus on what’s important, what is business-critical infrastructure, and then draw an envelope around it.”
Ensure Policies & Configurations Work As Planned
Under defense in-depth, Ashley emphasizes the importance of putting policies in place that protect end points such as laptops and desktops, which is a step away from the traditional network defense models. “Take a guilty until proven innocent approach,” he says for devices accessing your network.
User security education is integral to the defense in-depth security model. StillSecure’s Ashley says, “Focus security training on actions an end user can do on their systems.” This practical approach to security training should also use real-life examples
O’Brian states, “Many damaging security incidents start from humble beginnings—such as being careless with sensitive data or employees not staying current with the latest patches. This extends beyond just ‘Joe Employee’ and into the IT team—where patch management, configuration management are tedious jobs that can easily go awry. Solid policy that is regularly communicated and enforced will reduce a company’s exposure to incidents arising out of simple mistakes.”
After user education comes monitoring, and O’Brian says, “Though education helps, it does not cure the issue of human error. Accordingly, enterprises must monitor user behavior and must establish automated checks and balances to ensure network configurations and security policy is being followed. This extends to regulatory compliance as well. Regular monitoring and proactive testing will expose minor problems before they turn into major incidents.”
Validate The Extent Of Threat Reach
When a network security threat infiltrates your network perimeter, it’s imperative to validate the extent of the threat in short order. O’Brian of GraniteEdge Networks emphasizes the importance of behavioral approaches, which go beyond typical signature-based security solutions that have been the traditional first line of network defense.
Implementing defense in-depth strategies to protect your SME’s network infrastructure requires a new approach to network defenses, additional best practices, and a focus on your SME’s most critical network assets. 
by Will Kelly
Defense In-Depth Best Practices
• Reduce risk to high-value assets by reducing the exposure window and targeting the response.
• Increase security team effectiveness by reducing data needing to be assessed by a factor of 100.
• Improve overall security posture through ensuring policies and configurations work as planned.
• Decrease response time from hours and days to minutes through visualization process and the ability to connect the dots, pinpointing resources and internal patient zero.
• Bolster compliance by validating the extent of threat reach in network and through policy checks and balances. |
Sponsored Links
Barracuda Networks Web Filter 310
Blocks access to Web sites and Internet applications that are not related to business; eliminates spyware and other forms of malware from your organization
www.Processor.com/Barracuda310
Ebiz Datacom
We can design a system based on the defense in-depth model, offering layers of protection, simultaneously meeting the best practices standards of the industry
www.Processor.com/Ebiz4
Metavize EdgeGuard Gateway Security Appliance
We offer a number of tools, including AntiVirus Scanner, SpamGuard, Spyware Blocker, PhishNet, Web Content Control, and Rogue Protocol Control
www.Processor.com/Metavize |
|
|
