|
As threats on corporate networks increase in volume and become more sophisticated, enterprises must search for comprehensive security solutions that can ensure business continuity, maintain security compliance, and protect corporate intellectual property. However, with the explosion of discrete security appliances, the challenge and expense of managing security on a global scale has become increasingly difficult, and many enterprises do not have the budget or the expertise to effectively manage the risk.
Managed security services from traditional carriers, Managed Security Service Providers (MSSPs), and other solutions have helped address some of the cost and resources issues inherent within a Do-It-Yourself (DIY) approach. But many enterprises are beginning to realize they need more. In a typical environment, individual security devices report independently to a central site without a mechanism to correlate information from all sites or to identify and address network-wide events in real time.
The complexity of today’s global networks requires a managed security solution that addresses multiple dimensions within the network to provide defense against risks ranging from spam, email-borne viruses, and spyware to loss of confidential information and intellectual property. Such defense in depth solutions must be multidimensional to apply security across multiple layers of a network—within the customers’ premises, in and across the backbone, and extending to each remote and corporate partners’ office. Security, in other words, is provided to all parts of the network, wherever connectivity is extended.
Many still consider security as protection against Internet threats; a multidimensional approach, however, recognizes there are many different untrusted networks and that enterprises do not necessarily know what all employees are doing or where they are taking their resources. The multidimensional approach looks at all connectivity and protects any method of access through any channel, even down to the individual user.
Layers of Protection for Defense in Depth
Effective multidimensional solutions include several layers of protection to enable the appropriate defense in depth for various network resources. Small remote offices may be adequately protected through an access control list on a router, while larger offices might want to provide another layer of protection with a separate firewall and intrusion prevention sensors. This not only prevents attacks from untrusted networks but can keep infected internal systems from perpetrating attacks. The next layer of protection can be applied to resources; critical web, mail, file, database, and other servers should be directly monitored against compromised by the rare attack that can make it through all the other layers of protection.
Finding the Right Provider
Using several layers of protection in multiple dimensions of a network is necessary because threats can come from anywhere. Yet service providers focus on protection of the perimeter and Wide Area Network (WAN) while MSSPs focus on the perimeter and Local Area Network (LAN). Neither looks effectively at all the dimensions required to enable business connectivity. The most complete solutions provide security across the entire business network, inclusive of each individual remote user, all remote offices, every partner connection, and all primary links. Missing a single piece can lead to exposure of the entire network.
Virtual Network Operators (VNOs), such as Virtela, can offer a full suite of managed security services and deliver them across the networks of the hundreds of carriers and providers with which they have relationships. Due to economies of scale, these VNOs are able to employ the best-in-class technology and expertise that might be difficult for a single enterprise to afford. And the enterprise receives a tailor-made network and security solution; VNOs work closely with their customers on network design and deployment, since the proper placement of security devices within the network is critical to success.
Determining the Level of Risk
Enterprises cannot apply the appropriate level of security to their networks if they are unaware of their risk—and the level varies depending on the enterprise. Customers can determine risk by performing a risk analysis, either directly or through an external assessment. An analysis will assign value to resources based on multiple criteria, such as the number of applications on a resource, the frequency of use, and the potential impact of downtime. Systems that serve multiple applications to thousands of users will likely have a significant impact if unavailable and therefore represent considerable risk if unprotected.
Risk analysis includes an assessment of the current network design, including the number of resources available to different customers. It also recommends where security devices such as firewalls and IPSes should be placed or added for protection. The analysis can also take federal, state, and industry regulations into consideration. For example, an analysis can note where applications subject to Sarbanes-Oxley (SOX) compliance are located and inform the enterprise if it needs to add risk prevention aligned with SOX requirements. Good assessments arm an enterprise with the hard data it needs to meet regulatory requirements.
Eliminating Tunnel Vision
Key to a true multidimensional, in-depth managed security solution is the ability to tightly integrate managed security services with a Security Information Management (SIM) infrastructure. SIM tools enable correlational analysis across multiple hardware platforms in all layers of the network and across all security devices, enabling a complete and holistic view of the security posture of every managed device. This eliminates the tunnel vision associated with looking at the output of just one device and enables a much deeper and broader view of all security events across the entire business network. The reports generated by the SIM can also be tailored to present ongoing compliance data for regulatory audits such as SOX and Health Insurance Portability Accountability Act.
The End Result: Comprehensive Security
VNOs with a SIM infrastructure can provide the most comprehensive view of the network, correlate events among a wide array of network devices, and identify and address security events on a global scale in a matter of minutes. Enterprises of any size can receive immediate data on security vulnerabilities across the entire network, down to the individual user. And these enterprises know their extended network is receiving the broadest, deepest protection possible.
About the Author:
Rob Pfrogner is Security Services Product Manager for Virtela Communications, Inc.
Go Back
|
