Search
Advertisement

Business

Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Threat Intelligence / Preparedness

Integrated Protection and Today's Security Threats

By Tom Schmidt

Think how much your business has changed in 10 years. Chances are, you're using the Internet in ways that were undreamed of back in 1994. It's also a pretty safe bet that, over the course of the last 10 years, you've come to depend on an assortment of information security point products and informal processes to protect your valuable business data against attacks. This article examines how such a security infrastructure leaves your organization increasingly at risk, and why you need to make the necessary change from a reactive security posture to a proactive one.

Of course, any discussion of the current cyber landscape must also take into account the dramatic evolution of those doing the attacking. Call it the new face of online fraud. Where hackers once sought notoriety for defacing or crippling a popular Web site, today they are motivated by a more lucrative principle: profit. And, increasingly, they're finding the funding to carry out their scams. Criminals are tailoring increasingly sophisticated scams to take advantage of some businesses' perceived weaknesses.

Consider, for example, the skyrocketing number of phishing cases. These attacks use "spoofed" emails and fraudulent Web sites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, and social security numbers. Gartner Research estimates that phishing schemes alone have so far cost banks $1.3 billion. In October, there were 6,597 new, unique phishing email messages reported to the Anti-Phishing Working Group. This was over three times the number of unique reports received in August (2,158) and represents an average monthly growth rate of 36 percent since July (2,625). Even more disturbing is that the most recent scams capture online banking details automatically without people clicking on any links.

Point products can't do the job

But even as threats and vulnerabilities climb, enterprises continue to demand more and better ways to exploit the value of the Internet. New applications for e-commerce, CRM, and supply chain management improve productivity, but they also require more servers and place mission-critical information at risk.

At the same time, today's enterprises are under unprecedented regulatory pressure -- the governance requirements of Sarbanes-Oxley, the privacy requirements of HIPAA, the homeland defense measures of The USA Patriot Act, the European Data Protection Act, the Basel II Accord, the new e-commerce laws passed in over 40 countries around the world, not to mention FISMA, GLBA, and NERC. This regulatory climate requires enterprises to implement policy, process management, monitoring, audit, documentation, and reporting solutions that can ensure accountability, transparency, and compliance. Failure to comply can result in lost business and customer confidence, in addition to financial and legal liability.

To help them detect, prevent, and respond to security events, organizations have traditionally implemented a number of point products that all work independently. However, with this approach, each product must be installed and updated individually as well, creating a management nightmare. After all, the more vendors that are involved, the longer your potential downtime becomes, since you only recover from disruptions as quickly as your slowest vendor reacts.

Today, when an enterprise's information must be always secure and always available, a security approach that relies on a combination of point products, public domain information, loosely defined controls, and manual processes is risky at best.

Integrated protection

So, given what we know about today's cyber security landscape, what sort of security model is needed? Enterprises need to adopt a proactive, integrated model that includes:

  • Early warning against emerging attacks A cyber alert system should provide actionable information on how to protect the environment against an impending attack. This information must be customized so it is relevant to the environment and prioritized so it can be acted upon immediately.

  • Protection of key assets Although no single technology can adequately protect against today's complex threats, an integrated approach to security can help eliminate the challenges of point products and deliver a more comprehensive solution. Such an approach focuses less on the individual protection technologies and more on the tiers of the systems architecture. This means the focus shifts to the gateway, application server, and client levels versus picking a firewall or an intrusion sensor. Doing so creates "defense-in-depth."

  • A plan to respond when the inevitable attack occurs Organizations must be prepared to respond when an attack penetrates their defenses. An effective response plan starts with intelligence about the attack as well as countermeasures to address it and details on how to clean up any damage. Also essential is 24x7 support on mission-critical security products, which includes automatic updates to firewall rules, virus definitions, and intrusion signatures.

  • The ability to test, monitor, and measure This means quickly correlating information, simplifying it, and prioritizing any necessary action. Management can become particularly challenging in environments hosting disparate products from multiple vendors, where each device generates its own overflow of data. Security processes must measure metrics such as Mean Time Between Failure (MTBF), Mean Time To Repair (MTTR), and Time To Respond (TTR).

Conclusion

In today's Internet-connected global business world, security-related downtime can mean millions of dollars in lost revenue, compliance violations, liability issues, and a PR disaster. That's why an integrated approach to information security is more important now than ever before. Reliance on information security point products and informal processes leaves too many security holes open.

The strength of an integrated approach to security lies in its ability to detect and block new attacks on the fly at the host, network, and application layers. Given today's increasingly sophisticated threats, it's an approach that makes sense to begin adopting right away.

Tom Schmidt writes frequently about information security topics. He has more than 15 years' experience as a writer and editor in high-tech publishing.

CIO Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Spam and Viruses
Preparedness
Strategies
Related Content

Features

View More


Metrics

View More

Fast Fact

"The most recent scams capture online banking details automatically without having people click on any links."
Sponsor Tools

Resources

White Papers

View More


Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


Preparing for a Disaster
Playtime: 8 min 07 sec



Download | Subscribe

Copyright © 2009 Studio One Networks. All rights reserved.

© MMIX, CBS Broadcasting Inc. All Rights Reserved.