Proactive Security Management - Large Enterprise Business - HP

More documents

Recommendations

Info

3–4 Protecting Against Increasing Threats The threat environment is increasingly complex and rapidly evolving. Reports of security incidents are rising, viruses and other attacks are spreading at faster rates, the complexity of attacks is ever more sophisticated, and relatively sophisticated tools for unsophisticated attackers (so-called "script kiddies") are widely available. This environment leads to a number of security management challenges. As the number and type of incidents increases, distinct protection technologies to prevent new attacks are deployed—for example, firewalls, anti-virus tools, and intrusion detection systems (IDSs). Each new protection technology or component introduces additional complexity in the organization. Each new component must be managed and integrated with the other security protection technologies deployed in the environment. This complexity represents a threat to the security of the organization. The increasing speed of attacks drives the need for a well-developed incident management program. When attacks operate at computer speed rather than human-scale speed—that is, milliseconds rather than hours—it is necessary to automate responses rather than contemplate actions. This move to a proactive posture of security management also applies to underlying security enforcement technologies; they must evolve to take proactive steps to protect against new, imminent attacks. To balance security technology, people and processes must not be overlooked. Awareness and training are essential. The more end users can learn about the actions they can and must take to mitigate threats, the more secure the enterprise will become. And the more that the enterprise can capture, learn from, and reuse (as appropriate) best practices in response to threats and attacks, the more efficient the process will become. Unknowing actions can undermine the best-managed security infrastructure. Enabling Changing Trust Models The opening of business and organizational boundaries has changed old security models. With any combination of partnerships, mergers, dynamic supply chains, online customer services, federations, and changing user populations, it is very difficult to draw a line showing where an organization's intranet stops and the Internet begins. The old concepts of inside (people inside the organization–employees or contractors) and outside (everyone else) no longer hold. The reports of incidents involving insiders show that this old, single–wall model of security is not adequate. Proactive security management must now protect a larger set of users that change over time, including a changing set of privileges based on roles, and a set of resources that can expand and contract. This protection must match the speed of the changes. For example, when an employee is hired or fired, access to resources must be disabled in a reasonably short time. Combating Increased Process Complexity and Expense When attacks operate at computer speed rather than human-scale speed—that is, milliseconds rather than hours—it is necessary to automate responses rather than contemplate actions. New types of attacks cause companies to deploy a growing number of security technologies. For example, a corporate perimeter might use firewalls, routers, and gateways—each with a complex set of rules to create and modify. Behind that might be some bastion hosts, which are server class machines that provide Internet services. Other components of a company's IT infrastructure might include an IDS, an anti-virus program, and a security patch management system. From this quick example, the complexity of managing security technologies becomes apparent. Correlating alarms and alerts, consolidating control, centralizing the reporting and management of the entire security operation, and developing in-house expertise for each of these components are significant challenges. Proactive security management solutions and services can simplify or completely offload (if outsourced) the burden of this complexity.
Complying With Changing Regulations Problems with privacy and lack of security have had enough press and public attention to induce widespread and far-reaching changes in the way we interact with governments, businesses, and organizations. Legislative organizations, standards bodies, and industry-specific groups have created laws, standards, and certifications to guide or mandate how we create, store, use, and communicate information. In the U.S., for example, the Sarbanes-Oxley regulation requires public companies to show that they preserve the integrity of corporate financial information and take steps to protect that information from unauthorized access. Another U.S. example is the Health Insurance Portability and Accountability Act (HIPAA), which requires enterprises to take meaningful steps to preserve the confidentiality of customer/patient information. Controls such as these drive the functionality of the security infrastructure and require proof of compliance by methods of auditing and event logs. Proactive Security Management Framework Proactive security management is comprised of three subcategories: • Security management processes • Security management tools • Enabling technologies Security Management Processes Simply having technology and tools does not ensure proactive security management. A combination of people, procedures, and technologies is required to fully implement a proactive security management system. Although most companies recognize the importance of preventing and managing information security incidents, many have limited knowledge of how to do this effectively. And few companies have designed and implemented incident prevention and management processes. This results in companies responding reactively to incidents and losing millions of dollars each year in cleanup efforts. Awareness and training are important security tools. Capturing and documenting best practices helps to continually improve capabilities and avoid security incidents—or at least respond effectively to them. Security Management Tools Certain tools make proactive security management more effective, more efficient, and less complex. Critical tasks for these tools include gathering and correlating security events; coordinating and automating responses to attacks; monitoring, testing, and managing patch and update status; prioritizing vulnerabilities and responses based on the scale of the threat; and linking to business objectives. Gathering and Correlating Security Events Although most companies recognize the importance of preventing and managing information security incidents, many have limited knowledge of how to do this effectively. Ideally, management tools collect and report faults from a wide range of subsystems in a centralized fashion. Effective reporting, however, can generate a lot of information. Event filtering tools help system administrators focus on the critical issues. To be most effective, the tools not only report on specific incidents, but also on broader usage and trends. For example, information from several devices may not reach the alarm threshold for each device, but the information might expose a blended attack or an attack that is trying to remain undetected. Correlating information from different devices assists administrators with finding root causes, determining effects, and making efficient decisions. Proactive Security Management 3–5
Page 1 and 2: Chapter 3 Proactive Security Manage
Page 3: methods, technologies, and services
Page 7 and 8: Figure 3-2 Overview of HP Proactive
Page 9 and 10: • Security incidents that are pro
Page 11 and 12: To support the Security Incident Ma
Page 13 and 14: • Manage the SEM system from a hi
Page 15 and 16: HP's Partners and HP OpenView Curre
Page 17 and 18: list, the Federal Computer Incident
Page 19 and 20: program identifies and prioritizes
Page 21 and 22: Information Sharing and Analysis Ce

Proactive Security Management - Large Enterprise Business - HP

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?