|
Today's enterprise network faces increasingly diverse threats. The new reality is that these threats now come from desktops inside the network more often than from the outside world. With the growth of VPN connections, extranets, and partner/guest connectivity, the enterprise network has many more entry points than just the Internet.
To date, the enterprise security strategy has primarily focused on protecting the network from the "outside world". Organizations have installed firewalls between themselves and the Internet, established VPN access, and are filtering web traffic and e-mail at the gateway. However, networks continue to be affected by ever increasing and more complex worms, viruses, and spy ware/malware that are able to attack vulnerable computers in multiple ways ? including attacking devices connected to desktops themselves. The sheer number of entry points (i.e. ports on the inside of the network) to the network makes it difficult to apply contemporary perimeter technologies to solve the problem of internal attacks.
A more recent countermeasure for preventing internal attacks to the network is to restrict vulnerable computers from accessing the network. This "access control" method is accomplished by proactively verifying computer compliance before permitting access. It also requires loading a security agent on every computer and combining it with network authentication to control network access. In the event of a non-compliant desktop, this measure involves some form of quarantine, such as isolating vulnerable machines in a quarantine VLAN.
The "security agent" method is a good proactive measure, but has some significant weak points. First, it puts all the security control on the client, which is not always reliable. Most viruses first action after gaining access to the computer is to disable all security and anti-virus software. More importantly, not all computers in the new expanded enterprise network are under the management of the IT department. This leaves unmanaged workstations as a large threat. Finally, not all desktops are "desktops". More and more devices on the network are not personal computers, but PDAs, VOIP phones, and IP video hardware, medical devices, and even printers/copiers. These devices often run on generally available operating systems, such as Microsoft Windows XP, but cannot easily have protection software loaded and are not able to authenticate themselves.
Today's network security architecture creates two points of protection: the perimeter defenses for protecting the enterprise from the Internet and agent software that keeps some non-compliant computers off the network. While both are important, they do not address the increasing larger problem ? what is protecting the network from the attacks that come from within the enterprise?
Analysts agree that in a number of years switches themselves may eventually incorporate increased security intelligence. However, there are very large investments already made today in traditional switching technology that is non-security aware.
One of the greatest problems today is how to secure many switch ports, diverse user communities, and a complex mix of endpoint hardware. In contrast to a few WAN connections, an enterprise LAN may have thousands of ports. These could be distributed over multiple buildings, campuses, states, or countries. Preventing the misuse of, or access to, every port is a difficult task. A single perimeter device cannot provide the necessary level of protection at all these locations. Institutions, such as universities, hospitals, and consulting companies are acutely aware of nonmanaged devices that can wreak havoc on internal networks. In addition, non PC devices such as copiers, medical diagnostic hardware, and VOIP systems are being infected and causing network congestion and downtime.
NitroSecurity's Active Network Response (ANR) is a new security model that delivers network protection closer to the users at the network edge ? stopping attacks before they can propagate throughout the network. With ANR, NitroSecurity complements its existing IPS products with the ability to locate and remediate the root cause of attacks. The NitroSecurity Enterprise Security System(ESS) takes the information from any security event and identifies the exact physical port from where the event originated. Then, based on the functionality of the local switch, it takes action to disable or reroute the end station to a quarantine state. As a result, the security administrator is able to gain visibility into and control of the incident and can rapidly respond with an appropriate action.
|
