Proactive Security Management - Large Enterprise Business - HP
Proactive Security Management - Large Enterprise Business - HP
Proactive Security Management - Large Enterprise Business - HP
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
3–4<br />
Protecting Against Increasing Threats<br />
The threat environment is increasingly complex and rapidly evolving. Reports of security incidents are<br />
rising, viruses and other attacks are spreading at faster rates, the complexity of attacks is ever more<br />
sophisticated, and relatively sophisticated tools for unsophisticated attackers (so-called "script kiddies")<br />
are widely available. This environment leads to a number of security management challenges.<br />
As the number and type of incidents increases, distinct protection<br />
technologies to prevent new attacks are deployed—for<br />
example, firewalls, anti-virus tools, and intrusion detection systems<br />
(IDSs). Each new protection technology or component<br />
introduces additional complexity in the organization. Each<br />
new component must be managed and integrated with the<br />
other security protection technologies deployed in the environment.<br />
This complexity represents a threat to the security of<br />
the organization.<br />
The increasing speed of attacks drives the need for a well-developed incident management program.<br />
When attacks operate at computer speed rather than human-scale speed—that is, milliseconds rather<br />
than hours—it is necessary to automate responses rather than contemplate actions. This move to a<br />
proactive posture of security management also applies to underlying security enforcement technologies;<br />
they must evolve to take proactive steps to protect against new, imminent attacks.<br />
To balance security technology, people and processes must not be overlooked. Awareness and training are<br />
essential. The more end users can learn about the actions they can and must take to mitigate threats,<br />
the more secure the enterprise will become. And the more that the enterprise can capture, learn from,<br />
and reuse (as appropriate) best practices in response to threats and attacks, the more efficient the process<br />
will become. Unknowing actions can undermine the best-managed security infrastructure.<br />
Enabling Changing Trust Models<br />
The opening of business and organizational boundaries has changed old security models. With any<br />
combination of partnerships, mergers, dynamic supply chains, online customer services, federations, and<br />
changing user populations, it is very difficult to draw a line showing where an organization's intranet<br />
stops and the Internet begins. The old concepts of inside (people inside the organization–employees or<br />
contractors) and outside (everyone else) no longer hold. The reports of incidents involving insiders show<br />
that this old, single–wall model of security is not adequate. <strong>Proactive</strong> security management must now<br />
protect a larger set of users that change over time, including a changing set of privileges based on<br />
roles, and a set of resources that can expand and contract. This protection must match the speed of the<br />
changes. For example, when an employee is hired or fired, access to resources must be disabled in a<br />
reasonably short time.<br />
Combating Increased Process Complexity and Expense<br />
When attacks operate at computer<br />
speed rather than human-scale<br />
speed—that is, milliseconds rather than<br />
hours—it is necessary to automate<br />
responses rather than contemplate<br />
actions.<br />
New types of attacks cause companies to deploy a growing number of security technologies. For<br />
example, a corporate perimeter might use firewalls, routers, and gateways—each with a complex<br />
set of rules to create and modify. Behind that might be some bastion hosts, which are server class<br />
machines that provide Internet services. Other components of a company's IT infrastructure might<br />
include an IDS, an anti-virus program, and a security patch management system.<br />
From this quick example, the complexity of managing security technologies becomes apparent.<br />
Correlating alarms and alerts, consolidating control, centralizing the reporting and management of<br />
the entire security operation, and developing in-house expertise for each of these components are<br />
significant challenges. <strong>Proactive</strong> security management solutions and services can simplify or completely<br />
offload (if outsourced) the burden of this complexity.