|
ITD: How can the analyses of network and security information help enterprises anticipate, prevent and remediate threats to the network?
Bird: Enterprise-wide security management and incident response initiatives need to see the converging network security fabric in one place. The goal is to put the services transported across the network in the context of the infrastructure’s overall security and vulnerability posture. To achieve this goal, one must combine the historical building blocks of the security management and the network management worlds.
Without first-hand network knowledge, security management initiatives fly blind for three reasons:
1 Threats are completely missed. Threats that cause subtle changes in network behavior slip unnoticed past traditional event management products– increasing downtime
2 Visibility is sorely lacking. A security management tool with little network knowledge leaves a gaping hole in surveillance. IT staff attempting to track down violations are often completely in the dark.
3 Response is limited. Network awareness unleashes a whole range of threat remediation options not available to tools that only understand second-hand events.
ITD: How can IT departments better align their network security strategy with the business goals of executives?
Bird: It’s not enough to know that a worm has hit your network or an employee is downloading music files. IT departments must be able to answer the following question: “In the context of current network and application activity, how severe is this security event?”
This question can only be answered with holistic network and security data that profiles business assets and prioritizes information according to its business impact. Executives also need reports that speak to their priorities in their language. Demonstrating how IT supports business processes and understands business needs make it easier to show how security it to running the business efficiently.
ITD: Enterprises have traditionally managed networking and security in two separate and distinct silos. What factors have caused them to converge?
Bird: Challenged by the need to see and control activity across their diffuse network and security infrastructures, corporations, governments and universities are facing an inflection point. Not only do more threats hit enterprise networks each year; those threats are growing both more innovative and more dangerous. The task of enforcing internal security policies compounds the problem as does demonstrating compliance with a growing array of government-mandated audit and regulatory requirements.
The traditionally separate arenas of security and networking have responded by converging at multiple levels. Networking groups now control operationally mature security products like firewalls and IDS. Security products and services are delivered in a unified footprint (e.g. a switch or router). The network infrastructure is being used as a security element in enterprise security initiatives like admission control or identity management.
This evolution benefits IT organizations because it consolidates the functions of many products into one. Consolidation makes it faster, simpler and more effective to locate the source of a problem, prioritize the hazard, and fix it. Consolidation also reduces the costs of purchase, maintenance and support for the products and frees up IT staff for more strategic programs. The implementation models for enterprise security management have high maintenance costs due to complex deployments, DBAs, professional services, and complex rule configurations – and that’s just to get the tools up and running.
ITD: What roadblocks have previously impeded the process of combining network and security information?
Bird: There are two main factors. First is that products evolved to defend against specific security threats, purchasing separate products for different types of malware or attacks. These products, which focused on blocking and stopping, worked independently of one another, unable to communicate or share data. At the same time, network management evolved to manage network performance. It was focused on open network access, keeping applications running smoothly, and making bandwidth available for business processes. Network management and security were often in different organizations, had separate goals, and conflicting mindsets. They did not communicate well and the products they used did not communicate at all. The “common wisdom” was of product and organizational silos that demanded more and more products just to maintain the status quo.
ITD: Are there any particular industries where the convergence of network and security management will have the most impact?
Bird: Convergence affects all industries concerned about defending the network, improving the management of their infrastructure, protecting confidential data, and demonstrating compliance with government regulations. The benefits of converging the management of the network and security fabrics are most easily seen in those companies that are already deploying converged network and security devices (like access routers) or in companies who place the responsibility for both areas with a single IT group.
Some industries are governed by very specific regulations, such as HIPAA for healthcare and FISMA for federal government. In these cases the benefit of not only a security audit trail but also security events with important network context and knowledge of network assets is critical for demonstrating compliance.
ITD: Can this comprehensive understanding of network and security help enterprises achieve compliance with government regulations?
Bird: IT organizations are continually asked whether corporate policies are being followed and whether the business in compliance with regulations. Answering those questions is a complicated and time-consuming task unless you have a unified view of and control over both the network and security. This integration provides custom views of key assets, an archive of security event and network activity, and application-level policy enforcement.
Go Back
|
