|
 |
|
General Information
|
Add To My Personal Library |
September 11, 2009
• Vol.31 Issue 23
Page(s) 30-31 in print issue
|
Prevent & Detect Security Breaches
What Should You Do To Protect Your Enterprise?
|
| Key Points
• You should first analyze your environment, infrastructure, and assets to understand the kinds of precautions you will need to take. • Invest in security software and firewalls only after having a good understanding of what you need to protect and how sensitive each server’s data is. • Costs will include the security software and also the upgrades required for servers, networks, and end users’ computers. | | The first steps you take in protecting your company from a security breach are often the hardest. How do you know where to start? And what do you do to protect networks, servers, data, and your employees from hackers, malware, data theft, and other breaches? As with any complex process, starting is difficult, but as most security analysts agree, the hardest part of prevention and detection might be developing an airtight policy, installing safeguards that can be easily updated, and following through to make sure your company is truly protected. This overview will explain the appropriate steps to take while also uncovering the most comprehensive approach.
 Analyze Your Assets
It doesn’t make sense to start purchasing security software until you know what you need to protect. According to Ralph Spencer Poore, an IT security consultant, the initiative inside a company to determine which assets need to be protected should not be a one-time step but should instead be regarded as a continual part of the process and one that is revisited often. Poore says assets should be identified using labels that help managers determine their sensitivity, such as critical or noncritical. Then, once assets are known, evaluate all current security systems in place and determine the impact on the business if these assets were compromised.
“The SME then has documentation of its information assets, a high-level understanding of what needs protection, an understanding of what protection is in place, an understanding of what is unprotected, and a general understanding of what the inside and outside threats are to these assets,” he says.
Evaluate The Tools & Products Available
After analyzing assets, it’s important to survey what is available in terms of security products. This step involves matching your assets and vulnerabilities to the tools available. Don Gray, chief security strategist at managed security services provider Solutionary (www.solutionary.com), says there are several key security tools for preventing and detecting breaches. The most obvious is a firewall, which is the most critical security prevention method. A firewall, he says, can segregate and protect assets by reducing the amount of access that is available to employees and those outside the company.
He also mentions several additional points of protection. Some tools are designed to block malicious attacks, while others protect against malware. Beyond that, tools become more targeted to particular kinds of attacks. “There are tools to perform data discovery and exfiltration protection; encryption tools to protect data in transit and at rest; vulnerability and discovery tools to detect new vulnerabilities, provide visibility into open services, and verify configurations; and robust logging and monitoring tools to ensure an accurate and timely discovery of a breach,” says Gray.
“Pick continually updated products if you are introducing security systems in-house,” adds Ron Culler, CTO of Secure Designs (www.securedesigns.com). “Note that you will have different requirements for securing various elements of your network: Latency/slow access is a problem in Web interfaces and network gateways, whereas with email systems, users tolerate a certain level of delay in download. Pick a firewall with excellent monitoring and management capabilities so you can track what’s happening on your network without being overwhelmed by irrelevant data. If you don’t have the resources in-house, consider outsourcing.”
Costs Involved In Prevention & Detection
As with almost any IT endeavor, the costs associated with prevention and detection go hand in hand with the risks involved. Preventing breaches that would cost a company hundreds of thousands of dollars can themselves cost north of several thousand dollars, especially if you hire an outside vulnerability assessment firm. Other expenses include those related to employee time spent on research and asset analysis, equipment and software upgrades, and quality-control measures. A DIY approach where you add low-cost security tools and a firewall can cost about $1,000.
“If you don’t have the resources in-house, consider outsourcing,” says Doug Pollack, a spokesperson for ID Experts (www.idexpertscorp.com). “This would include the development of a data breach incident response plan, which is critical for an organization’s preparedness. It is also recommended that an organization develop a relationship with a data breach response partner so that they are prepared to respond swiftly if an incident occurs.”
“If a potential incident has been discovered, the forensic analysis works to determine whether the incident constitutes a ‘data breach’ for the purpose of triggering notification requirements based on the HITECH Act if in the healthcare sector and/or relevant state notification laws. Such an effort can be quite costly, often running in the hundreds of thousands of dollars, typically unbudgeted,” Pollack says.
The costs may be high for a security assessment, but the benefits for an SME are great—especially when it comes to avoiding the high costs and entanglements that occur with a breach. And Chris Sousa, manager of managed services at Dataprise (www.dataprise.com), a security consulting firm, says that there are benefits in avoiding the lengthy legal process that can occur with a security breach. “The biggest benefit is increased uptime and productivity.”
Follow Through On Security Steps
One critical part of the security prevention and detection process is to follow through on all plans, as the process is not just something an SME should do for a week or a month by installing software to protect data and networks and then leaving the system alone in hopes that a breach does not occur. Follow-through means continually monitoring the possibility of a breach as well as the protection mechanisms themselves to make sure they are working correctly and updated appropriately.
“Keeping up with security can easily be a full-time job,” says Sousa. “Something that would help is having regularly scheduled security probes, which should be monthly, quarterly, or yearly, depending on your size, the complexity of your data center, and the sensitivity of the data.”
In the end, following a set plan to analyze company assets, installing security protection, weighing the benefits, and then continually monitoring the security measures you instituted will help reduce any doubt about incoming threats and attacks—the process may take time, but the benefits are in knowing that data is safe and your IT staff can concentrate on more important activities. 
by John Brandon
Top Tips
• During the asset analysis phase, an SME should be aware of which assets are highly sensitive to breaches and which are not as sensitive. This can help when analyzing the security offerings available. For example, an enterprise-class firewall might not be necessary if certain kinds of data do not need to be as secure as other parts of the network. • Costs associated with preventing security breaches and detecting intrusions might include the cost of software, employee research and analysis time, and upgrades to existing equipment. • Most of the benefits for an SME in instituting a security prevention measure are in the uptime for the company itself and for IT staff, who can work on other tasks instead of dealing with breaches. |
|
|
