Beware of grand schemes: integrated security consoles sound like a good idea--but history has taught us caution. (The Bottom Line).There's some buzz around the industry about a new generation of enterprise security management systems. The theory behind this new breed of system is that today's fragmented assortment of "point" security tools can't provide effective protection against threats that take so many forms--from Internet worms (networking, security) Internet Worm - The November 1988 worm perpetrated by Robert T. Morris. The worm was a program which took advantage of bugs in the Sun Unix sendmail program, Vax programs, and other security loopholes to distribute itself to over 6000 computers on the to targeted server cracking cracking - cracker . There are also concerns among infosec professionals about how much work it takes to administer all the tools we use to secure our various locations, technologies and devices. The enterprise security management system is supposed to address these concerns in two ways. First, it will act as an event collector and manager. All the alerts and information generated by firewalls, intrusion-detection systems (IDS) and the like will be gathered into a single console. This console will theoretically give infosec managers a 360-degree view of security conditions across the enterprise, which, in turn, should help them make smarter, faster decisions about defenses and countermeasures That form of military science that, by the employment of devices and/or techniques, has as its objective the impairment of the operational effectiveness of enemy activity. See also electronic warfare. . Second, the enterprise security management system will act as a policy implementation and enforcement engine. Infosec managers will supposedly be able to define policies, and then have the system automatically implement them across every point security tool. This approach promises to simplify administration and eliminate the exposures that result from sloppy slop·py adj. slop·pi·er, slop·pi·est 1. Marked by a lack of neatness or order; untidy: a sloppy room. 2. security housekeeping A set of instructions that are executed at the beginning of a program. It sets all counters and flags to their starting values and generally readies the program for execution. . If you've been in the networking business any length of time, this pitch should sound familiar. It bears a striking resemblance Resemblance may refer to:
What actually happened, however, is that we spent millions of dollars on software and complex integration projects that never quite delivered what they promised. In many cases, the volume of alerts that arrived at our integrated consoles was so great that we spent more time clearing them than we did solving the underlying problems. Meanwhile, the real find-and-fix work continued to be done using our component--and product-specific tools. My concern is that the same scenario will play out with enterprise security management. Network managers hardly have time to read their firewall logs as it is. How will they manage to pore pore (por) a small opening or empty space. alveolar pores openings between adjacent pulmonary alveoli that permit passage of air from one to another. through a report that combines firewall, IDS and e-mail filter events? And what kind of policy engine will really be capable of replicating rules across our diverse security tools? I'm not sure that we need a new class of applications to enforce policy, anyway. After all, you can use application programming interfaces and other techniques to get one tool to talk to the other. If your IDS identifies a malicious Involving malice; characterized by wicked or mischievous motives or intentions. An act done maliciously is one that is wrongful and performed willfully or intentionally, and without legal justification. DESERTION, MALICIOUS. host and you want your e-mail server See mail server. to reject messages from that host, you can set that up fairly easily yourself. In addition to fearing unnecessary technical complexity, I'm also skeptical about technology that doesn't jibe with how organizations are actually structured. Security responsibilities are currently distributed across IT's various functional groups: network techs, systems administrators, and website managers. Which of these groups is going to be in charge of the enterprise security console? Will that group be able to adequately understand events outside its bailiwick BAILIWICK. The district over which a sheriff has jurisdiction; it signifies also the same as county, the sheriff's bailiwick extending over the county. 2. ? And will it be able to effectively exercise authority over other groups that have historically operated with total independence? I'm sure enterprise security processes could be coordinated better, and I'm sure many organizations need to make technological changes to implement those improved processes. I'm just a little nervous about anyone who promises that his grand scheme will solve those problems. Ultimately, enterprise management consoles A terminal or workstation used to monitor and control a network. See Microsoft Management Console. turned out to be a vendor strategy for account control, rather than a panacea Some antidote or remedy that completely solves a problem. Most so-called panaceas in this industry, if they survive at all, wind up sitting alongside and working with the products they were supposed to replace. for infrastructure health. I suspect that enterprise security consoles are no different. Liebmann is an independent consultant specializing in the application of networking technologies to strategic business challenges. Send comments for publication to liebmann@comnews.com. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion