COMMENT ON THIS ARTICLE
There’s chaos brewing within the IT security infrastructure and it’s something that can potentially render various security initiatives inadequate, should order fail to triumph.
Years of worms and virus threats and the never-ending attempts by hackers to bring down corporate IT systems or steal confidential corporate data have left the enterprise constantly on the defensive: patching vulnerable areas of the network, placing intrusion detection systems at the gateway, installing antivirus, anti-spam, anti-phishing and anti-spyware tools across the network.
This protective approach has resulted in a security environment that’s typically disconnected and operating as different silos within the enterprise, despite the common objectives of securing the IT infrastructure and the information that is held within it.
In addition, these disparate systems generate increasing amounts of data that can collectively burden the system if not managed properly. On the other hand, these sets of data can also potentially provide insights into an organization’s security and compliance initiatives in particular, and the business operation in general.
The good news is that organizations are already starting to recognize this reality and many are doing something about it. A survey by market research firm IDC conducted last June showed that one of the top security challenges facing organizations today is the increasing complexity of network security, according to Joe Greene, vice-president for IT security research at IDC Canada.
This is driving organizations towards multifunction security appliances that incorporate various security tasks, such as antivirus, anti-spam, firewall, and intrusion detection, into a single device that is easier to manage, said Greene. These tools also allow IT to easily manage security across the enterprise, he added.
“You really need to have a grip on what is happening within your infrastructure; you need to know if the device is working properly, if they are working together. You need to be able to get access to the information that will allow you to improve your security posture if necessary,” explained Greene.
A UNIFIED EFFORT
The need for having a consolidated handle on all security devices across the enterprise — from endpoint to perimeter to Internet security — is driving the adoption of unified management technologies such as unified threat management and security information management. The goal is to maintain an IT security infrastructure that’s centrally managed and providing real-time views of all activities across the network.
A unified security management system is ideally two-tiered, said Greene. One layer would be managing all security systems installed across the network, including logging reports of activity on each device and all installed updates and patches. This provides the IT manager a single view of the activities of all deployed security devices.
A second tier of management tools would be focused on the policy enforcement side, which means having centralized logs of things like access privileges and other internal and external control policies, Greene said.
Unified security management allows devices to be essentially connected to one another so if a threat is detected in one of the devices, the others can be alerted in real time and the necessary steps for protection can be undertaken, explained James Quin, senior research analyst at Info-Tech Research Group in London, Ont. Quin has recommended that IT managers use consolidated solutions “as much as possible,” noting that while endpoint security tools may offer effective protection “[they] can be an administrative nightmare.”
Unified threat management tools, for example, allow enterprises to manage their anti-malware devices from the same common management interface as their firewall, intrusion detection and protection, and other security tools. A consolidated security infrastructure simplifies management and leads to a higher overall level of security, explained Quin.
Forrester Research in Cambridge, Mass. is finding that enterprises are looking to get more out of their security management devices. In a recent survey of technology decision-makers in North America, Forrester found that almost two-thirds of the respondents are looking to purchase a security information management (SIM) system for reasons other than for attack detection and alerting.
“[Technology decision-makers] state a primary interest in SIM to help with a variety of issues, including incident response, compliance and measuring security effectiveness,” wrote Paul Stamp in his research paper entitled, Security Information Management is Much More Than Just a Fancy IDS.
SIM tools help security teams collect data and correlate threats and policy violations across disparate systems, as well as identify the source of incidents and get the right information to take the necessary action to resolve the problem.
Increasingly, information security officers are also turning to SIM technology to gain a high-level view of where their IT environments are lacking in terms of legislative or regulatory mandates, explained Stamp. Despite its capability to enhance security management, Forrester reports that organizations still find SIM tools difficult to deploy.
“SIM, like identity and access management, is by its very nature a heterogeneous problem, and thus, SIM rollouts involve complex technical integrations and political negotiations,” said Stamp.
The most critical part in a SIM implementation project is the change management processes for existing monitored devices, the Forrester analyst added. “Even if a solution doesn’t require an installed agent to get information from a system, it still usually requires a configuration change or privileged account to get the data it needs — and system owners aren’t likely to let that happen without good reason.”