|
Security requirements have undergone constant growth during the past decade, as the threat universe continues to develop new forms of attack with ever-increasing levels of sophistication. At the same time, regulatory and general business requirements are broadening the territory that must be secured. Hacker exploits have joined with viruses, Trojans and an increasing array of malware to create hybrid threats and attacks from multiple anonymous machines. Yet compliance with regulations has meant that an increased amount of data must be accessible, secure and available online. In addition, networks are becoming increasingly complex, with multiple servers handling different tasks-some even existing together within the same system, through virtualization.
Another important aspect of the current situation is increased concern over issues of data privacy and confidentiality. Loss of data to competitors or to hackers can result in serious damage and, in some cases (such as unintended release of credit card information), ruinous lawsuits. As intruders become more sophisticated and evolve from simple intrusion toward financial gain, the threats and targets are becoming increasingly serious.
These issues have brought increased attention to security requirements and caused companies to invest in a wide array of protective devices and software. But security needs are not satisfied by simply installing the tools. It is essential that the right tools are installed; that they are linked to provide a uniform security blanket; and that they are managed to ensure that all areas are covered, all systems are functional and all threats receive an adequate response.
The State of the Art
Security products have often been added to networks in an ad-hoc fashion, as the need arose, resulting in a profusion of hardware and software protection components that may not always work well together. Infrastructure consolidations and corporate mergers often add to the confusion. All of these components-firewalls, virus screening devices, anti-virus software, IP filters and the like-represent an investment that may be going to waste. What is more, conflicts and incompatibilities between devices can result in serious protection gaps.
To make adequate use of existing devices and ensure that they are operating efficiently together, there needs to be some form of centralized management that permits an operator to view the entire security profile. Such a system should be able to recover costs by providing more secure and more efficient operation without necessarily entailing the purchase of additional equipment.
Integrated and centralized security management yields other benefits besides optimizing efficiency. An important driver of extended security requirements has been increased concern over regulatory compliance. Notably, SOX has made it mandatory to be able to demonstrate secure and tamper-proof storage of financial information and communications. But a host of other regulations are also specifying secure and auditable storage of the increasingly digitized corporate data set (Figure 1).
To satisfy regulatory requirements, measurement of the performance, scope and effectiveness of security policies and controls is needed, including log analysis, incident response and proper access controls. There is a need to provide easily understood information on the status of protection that permits executives to drill down to any level and ensure that valuable assets are compliant, secure and performing.
Within the evolving security umbrella, protective measures are growing in sophistication to meet an increasingly aggressive and complex threat environment. Where once simple measures such as a firewall implemented on a server facing the demilitarized zone (DMZ) were sufficient, it is now apparent that individual devices and systems also require their own protection. This includes operating systems, databases, applications and individual workstations. These elements also need to operate harmoniously within the existing security environment, interoperate with legacy devices and be linked into the centrally managed security core.
What This Paper Addresses
This paper is not designed to be a comprehensive guide to security integration. It does, however, address some of the most important issues creating impediments to a comprehensive solution. These issues are:
- Misunderstanding of products and functions
- Challenges for enterprise-level monitoring
- The convergence of IT security and IT operations to increase efficiency
With an ever-growing variety of security products, the differences between them, potential overlaps and specific protections offered are becoming difficult to discern. Users need to know more about the options available to make an informed selection.
|
