|
 |
|
General Information
|
Add To My Personal Library |
November 7, 2008
• Vol.30 Issue 45
Page(s) 12 in print issue
|
Preventing Security Breaches
SMEs Must Fight To Keep The Lid On The Data Center
|
| Key Points
• Most security threats used to happen from the outside in, but now security systems are keeping an eye on the enterprise insider, as well.
• A good security breach prevention plan gives specific users the authority to access company-related information and applications.
• Exploits and breaches must be detected, mitigated, and reported in real time. | | A security breach is the last thing you want to have to deal with in any enterprise. If sensitive company data leaked outside, you’d already be past worrying about hardening firewalls and strengthening perimeters—by then it’s too late.
According to Michael Rothschild, senior manager of enterprise solutions at Juniper Networks (www.juniper.net), “outside-in” attacks have been eclipsed by insider threats this year, which opens up a whole new attack vector (bypassing the perimeter security strategy). Rothschild says today’s hackers go far beyond hacking to attain notoriety and hack for profit instead. This puts corporate data, customer data, applications, and, indeed, the organization at risk.
 Swift & Comprehensive
 To avoid this kind of risk, what should small to midsized enterprises be aware of when it comes to security breaches? Robert Grapes, chief technologist at Cloakware (www.cloakware.com), says that for starters, organizations must respond to a breach swiftly, including the notification of the proper authorities and the affected individuals. "If you think of a data breach, for example, an organization should have documented procedures to follow. The days of sweeping a breach under the covers are gone. Upon notification, you should take nothing for granted and start tracking purchases, monitoring statements, replacing affected documents, and taking responsibility of personal information rather than relying solely on companies to do it for you,” Grapes says.
According to Rothschild, gone are the days of rearview mirror security. “It is no longer acceptable to wait weeks to months in order to ascertain that a breach has occurred. The ability to detect, mitigate, and report on exploits and breaches must be in real time,” he explains. “This means having the various deployed security elements work together and collaborate in rooting out those attacks that are stealthy, sophisticated, and built to evade traditional security point products. It also means automating the tedious process of log correlation, which is still largely done on an ad-hoc or manual basis.”
Visibility and control must be comprehensive, Rothschild says. “It is impossible to find or report on security without a single and comprehensive view of the network both from a real-time and [a] historical perspective.” He also says not every violation requires a complete shutdown: “Blocking traffic every time a suspicious incident occurs simply does not address the requirements of today’s high-performance business. Rather, be able to select the appropriate response based on the violation that has occurred.”
Preventive Measures
Grapes says that a security breach can be the result of a failure in the design and implementation of an organization’s systems or procedures and that breach prevention should be the goal of any organization and is the basis of data security standards. “An organization can tackle the issue from the inside-out or from the data out to the user (or the reverse), but successfully dealing with the issue requires a systemic view and likely will require the involvement and commitment of many groups and teams within an organization,” Grapes says. “Beyond the technical aspects, there is a significant education and awareness effort that organizations must undertake with their employees, contractors, outsourcing partners, and hosting providers.”
Rothschild says preventive measures include ensuring that the right people have access to the right information and applications. He says, “The heterogeneous audience demands that granular access control ensures that authorized personnel get access to the resources they require and nothing more. Locking down everything else helps limit exposure and is a good start to securing the network.” Rothschild says it is essential that permissions and access rights are fluid and change as the employee’s role within the organization changes. “Furthermore, it is important to verify the identity and role of the individual before allowing access. Challenging the employee helps ensure that the user is, in fact, the stated individual.”
Moreover, Rothschild says reporting information must be complete, easily accessible, and simple to understand. He says this will provide the virtual paper trail necessary to quickly react to any potential breach both from a security and compliance perspective. He adds, “Some of the biggest insider breaches are a result of an infected endpoint contaminating the network. Starting clean helps ensure your network stays clean, and this is done through ensuring that endpoint devices are clear of infection from malware, key logging, Trojans, [or] worms.”
Problematic Future?
Rothschild says years ago, security was deployed with the paradigm that the evil trying to access your network was always on the outside trying to get in. Today, however, he says there is an increased danger of the insider threat consisting of two unique audiences.
The first is good employees unknowingly doing bad things. “In this case,” Rothschild says, “an employee commits an act that unknowingly and unintentionally exposes a network to risk. This includes actions such as internal errors, abuses, sloppy use, and ignoring security safeguards.” The second audience is bad employees exhibiting bad behavior. “Disgruntled employees and employees looking to inflict harm to the organization are amongst the biggest security threats because they know the network, know what security is in place, and know how to best fly below the radar and avoid deployed security.”
Perimeter protection in the form of firewalls, host intrusion detection, and Web access controls have been the focus for several years, which is good, but according to Grapes, the future will see an increase in the number of published insider attacks and more papers on how to solve the insider threat. 
by Chris A. MacKinnon
Biggest Problem: Loss Of Valuable Data
According to Robert Grapes, chief technologist at Cloakware (www.cloakware.com), it's all about the data. He says times have changed recently with the introduction of breach and disclosure laws. He notes, "In the past, it was possible for data breaches to go undisclosed and thus minimize the impacts to any organization suffering a breach. Now, it is a punishable offense not to disclose a data breach. . . . While the threat of exposure remains the same, the associated risk has increased tremendously.”
Grapes says a data breach in today's environment can mean the collapse of an enterprise. Customer loyalty to a company can be destroyed by a single incident. The fines associated with a data breach can be enormous. The cost of recovery from a breach can also be enormous. He notes, “In certain industries, individuals may be facing time in jail for failing to provide the appropriate controls over their data. For the individual whose data has been stolen, there can be a long ripple effect and recovery effort from the data abuse, especially with credit card or personally identifying information.” |
|
|
