Categories
- Arts & Entertainment
- Business
- Communications
- Computers
- Culture & Society
- Disease & Illness
- Fashion
- Finance
- Food & Beverage
- Health & Fitness
- Hobbies
- Home & Family
- Home Based Business
- Internet Business
- Legal
- Pets & Animals
- Politics
- Product Reviews
- Recreation & Sports
- Reference & Education
- Religion
- Self Improvement
- Shopping
- Travel & Leisure
- Vehicles
- Writing & Speaking
Information
Enterprise Network Management: TRUE DEFENSE IN DEPTH
Managed security services from traditional carriers, Managed Security Service Providers (MSSPs), and other solutions have helped address some of the cost and resources issues inherent within a Do-It-Yourself (DIY) approach. But many enterprises are beginning to realize they need more. In a typical environment, individual security devices report independently to a central site without a mechanism to correlate information from all sites or to identify and address network-wide events in real time.
The complexity of today’s global networks requires a managed security solution that addresses multiple dimensions within the network to provide defense against risks ranging from spam, email-borne viruses, and spyware to loss of confidential information and intellectual property. Such defense in depth solutions must be multidimensional to apply security across multiple layers of a network—within the customers’ premises, in and across the backbone, and extending to each remote and corporate partners’ office. Security, in other words, is provided to all parts of the network, wherever connectivity is extended.
Many still consider security as protection against Internet threats; a multidimensional approach, however, recognizes there are many different untrusted networks and that enterprises do not necessarily know what all employees are doing or where they are taking their resources. The multidimensional approach looks at all connectivity and protects any method of access through any channel, even down to the individual user.
Layers of Protection for Defense in Depth
Effective multidimensional solutions include several layers of protection to enable the appropriate defense in depth for various network resources. Small remote offices may be adequately protected through an access control list on a router, while larger offices might want to provide another layer of protection with a separate firewall and intrusion prevention sensors. This not only prevents attacks from untrusted networks but can keep infected internal systems from perpetrating attacks. The next layer of protection can be applied to resources; critical web, mail, file, database, and other servers should be directly monitored against compromised by the rare attack that can make it through all the other layers of protection.
Finding the Right Provider
Using several layers of protection in multiple dimensions of a network is necessary because threats can come from anywhere. Yet service providers focus on protection of the perimeter and Wide Area Network (WAN) while MSSPs focus on the perimeter and Local Area Network (LAN). Neither looks effectively at all the dimensions required to enable business connectivity. The most complete solutions provide security across the entire business network, inclusive of each individual remote user, all remote offices, every partner connection, and all primary links. Missing a single piece can lead to exposure of the entire network.
Virtual Network Operators (VNOs), such as Virtela, can offer a full suite of managed security services and deliver them across the networks of the hundreds of carriers and providers with which they have relationships. Due to economies of scale, these VNOs are able to employ the best-in-class technology and expertise that might be difficult for a single enterprise to afford. And the enterprise receives a tailor-made network and security solution; VNOs work closely with their customers on network design and deployment, since the proper placement of security devices within the network is critical to success.
Determining the Level of Risk
Enterprises cannot apply the appropriate level of security to their networks if they are unaware of their risk—and the level varies depending on the enterprise. Customers can determine risk by performing a risk analysis, either directly or through an external assessment. An analysis will assign value to resources based on multiple criteria, such as the number of applications on a resource, the frequency of use, and the potential impact of downtime. Systems that serve multiple applications to thousands of users will likely have a significant impact if unavailable and therefore represent considerable risk if unprotected.
Risk analysis includes an assessment of the current network design, including the number of resources available to different customers. It also recommends where security devices such as firewalls and IPSes should be placed or added for protection. The analysis can also take federal, state, and industry regulations into consideration. For example, an analysis can note where applications subject to Sarbanes-Oxley (SOX) compliance are located and inform the enterprise if it needs to add risk prevention aligned with SOX requirements. Good assessments arm an enterprise with the hard data it needs to meet regulatory requirements.
Eliminating Tunnel Vision
Key to a true multidimensional, in-depth managed security solution is the ability to tightly integrate managed security services with a Security Information Management (SIM) infrastructure. SIM tools enable correlational analysis across multiple hardware platforms in all layers of the network and across all security devices, enabling a complete and holistic view of the security posture of every managed device. This eliminates the tunnel vision associated with looking at the output of just one device and enables a much deeper and broader view of all security events across the entire business network. The reports generated by the SIM can also be tailored to present ongoing compliance data for regulatory audits such as SOX and Health Insurance Portability Accountability Act.
The End Result: Comprehensive Security
VNOs with a SIM infrastructure can provide the most comprehensive view of the network, correlate events among a wide array of network devices, and identify and address security events on a global scale in a matter of minutes. Enterprises of any size can receive immediate data on security vulnerabilities across the entire network, down to the individual user. And these enterprises know their extended network is receiving the broadest, deepest protection possible.
Rob Pfrogner is Security Services Product Manager for Virtela Communications, Inc.Article source: Expert Articles
Most Recent Articles in Security category
- Protection Software Or Reversing Damage - About Developer Revenues - By: Jose Sogiros
All native x64 programs can be packed (compressed) and shielded by lARP64Pro. Although the protection software is principally produced for programmers, it was also a particular concern to supply an unproblematic tool in its manipulation. - Network Support And IT Support London - By: Jim Damon
Lost production, lost revenue and lost customers are all potential consequences of a poorly implemented and poorly maintained disaster recovery solution. - CyberSecurity: One Rogue Program That May Not Increase Your Security - By: Wayne Davis
What is a rogue antivirus program? What does it do? There are a lot of questions surrounding these programs, and it is essential you have the answers you need. How do you know if you have a rogue program, like CyberSecurity, installed in your system? Find your answers here so you can better protect your computer. - Malware Defender 2009: Discover What's Hidden In Your System - By: Wayne Davis
Everyone wants to protect their computer and data, but no one needs the aggravation of dealing with a rogue antivirus program. These use tactics such as flooding your system with pop-ups and false scan results in order to encourage you to buy their full software. Unfortunately, this software is ineffective and expensive. Learn how to recognize these programs so you can keep your computer in top running shape. - Doctor, Doctor, What's Ailing Me? It Might Be Malware Doctor! - By: Wayne Davis
Lots of people are worried about computer security today, but there are several programs out there that suggest they can provide the security you need, yet aren't able to live up to their claims. Malware Doctor is one of those programs, and if you find it is installed on your computer, your best bet is delete it as soon as possible. - How to protect your PC against Malware - By: Wayne Davis
Almost as long as people have been using the internet, they've encountered malware problems. Malware is the combination of the words 'malicious' and 'software,' and in most cases, it is able to enter a user's computer even without their knowledge or consent. Unfortunately, it can have quite a few consequences on your computer, so there are several things you may want to do to protect your PC against Malware. - How To Protect Your PC Against Rogue Antispyware - By: Wayne Davis
An increasingly common problem, rogue antispyware programs use a computer user's vulnerabilities and fear of hackers gaining access to their computer to sell their products. They claim to offer protection when in reality their software has entered your computer at the very moment you thought you were being protected. The word "spyware" automatically brings visions of espionage and intrigue to mind, so it strikes a measure of fear with good reason. There are always those unscrupulous types of people who are forever trying to dig their way into your informational database to "spy" on your activities and steal your valuable data. It would only be reasonable to assume that "anti" spyware often completely necessary. Unfortunately, because of rogue antispyware programs, this isn't always true. - How to Protect your PC against Hackers - By: Wayne Davis
Within the world of computing, there are those who study systems, networks, and programming extensively to further the field of computer science. Unfortunately, there are those who study those same areas to take advantage of other computer users. Dubbed 'hackers,' these individuals can create problem programs, take control of networks, and cause all sorts of difficulties for users. Fortunately, there are a number of things you can do to protect you PC against hackers. - Who Can Be Trusted with Your Internet Privacy? - By: Tino Bruno
Most Internet users know that protecting their Internet privacy is the most important key to safe browsing. While most users can agree on the subject, they still find it difficult to judge which companies or products are genuinely there to protect them and which are in it for themselves. It is easy for an average surfer to be tricked into thinking that a company is trying to protect them, but instead has ulterior motives. - What to Know About ISPs - By: Tino Bruno
ISPs offer advanced security and data storage features to give users more features than just a gateway to the Internet. While Internet Service Providers try to go above and beyond the bare minimum, potential customers must do their homework before picking an ISP.