The evolving network demands improved security.
However, as organizations recognized the business benefits of extending network access to customers, partners and vendors, the once-distinct perimeter quickly dissolved. With this increase in credentialed users now accessing the network from the outside, safeguarding internal assets with security technology located solely at the perimeter proved insufficient. Nonetheless, within many organizations, internal security still placed second in priority to increasing business process efficiency.
There is an inherent trade-off between security and accessibility, but many organizations have sought to strike a balance between making it easy for people to access the systems they need while still remaining secure. Yet many organizations, including CRM centers, are still exposed to more risk than necessary because they have not addressed the security ramifications associated with extending their network to third parties. For an organization to be truly protected today, it must continue to mind the perimeter, but it must also turn its focus inward and secure the internal network.
When Networks Were Islands: Perimeter Security, Then And Now
In the past, a company's network operated--for the most part--independently, with connections being made inside the organization only. Today's network, however, reflects how business relations have changed. For an organization to remain competitive in this era, conducting business rapidly and efficiently is imperative. This accelerated business environment has driven the need for an organization to extend access to multiple outside parties, thus creating a perimeter with numerous points of entry.
Further, without the right defenses, an organization's security posture is only as strong as the security posture of each third-party network to which it is connected. Therefore, the lack of security control at third-party sites puts an organization at considerable risk. For example, a successful worm exploited at a vendor site or partner site could easily infiltrate the main organization's perimeter security by exploiting trusted connections.
As such, these open networks are more vulnerable to malicious attacks--a disconcerting reality, as perimeter security in most cases represents a company's sole defense against hackers and malicious software (malware). Today, worms and internal threats can easily circumvent perimeter security through virtual private networks (VPNs), mobile devices, encrypted traffic and insider attacks, exposing critical internal assets to potential exploit.
The growing number of attacks, their heightened level of destructive power and the shrinking lag time between a vulnerability announcement and exploit has made perimeter security ineffective in the war against worms.
In fact, a recent study by the Yankee Group indicated that the average time for enterprises to both test and roll out patches is approaching two months. By contrast, recent worm attacks have exploited vulnerabilities fewer than 15 days after the published advisory. This lapse in time leaves an organization exposed to potential exploit for weeks. For instance, the Nimda worm in 2001 had a lag time of 330 days. In April 2004, the Sasser worm had a much faster threat cycle of 16 days. Traditional perimeter security appliances miss these threats in those critical hours and days before signatures are available. As such, organizations that base their network protection solely on perimeter security and internal patch management are at a severe disadvantage when combating worm attacks.
Another significant risk to critical infrastructures such as contact centers is insider threats. An insider threat refers to both potential and actual attacks by credentialed users or "insiders." These attacks can result in theft or contamination of sensitive data, or disruption of highly critical services. There are several trends contributing to this growing threat to network security. The first is the increase in credentialed users. In the past, these threats were characterized by employees or former employees of the company. Today, however, with companies extending access to corporate resources, contractors, remote employees and business partners, there are often more credentialed users than employees connecting to the network.
The second trend is the move toward wider access and Web services. As applications moved from mainframes to client servers to Web-based services, it has become more cost-effective to provide a wider group of users with access to applications and data. Although this has several advantages, including more efficient business processes, it also creates several security challenges because a Web browser is a highly effective hacking tool.
Traditional solutions, such as firewalls, signature-based intrusion detection systems (IDS) and signature-based intrusion prevention systems (IPS), are not designed to deal with this problem. First, these devices are typically deployed at the perimeter; second, the internal network has far too many connections to monitor, making it exceedingly expensive to do with link-based solutions; and third, threats such as unauthorized access or sabotage of custom applications largely defy signature-based technologies.
Current strategies for protecting the internal network against these threats are largely focused on perimeter security and patch management. While perimeter security appliances such as IDS and IPS have helped with known threats, they have been largely ineffective against new attacks and threats brought into the network on mobile devices. Patch management has similarly helped eliminate vulnerabilities to many known threats, but it simply cannot keep up with the increasing speed of new exploits.
In planning for internal security, companies should consider their most critical processes, one of which is CRM. Perimeter-based defenses alone do not provide these critical infrastructures with the necessary protection from the increasing barrage of network attacks, many of which are now originating from the inside. This partial defense leads most enterprises to experience at least three disadvantages:
* Downtime and disruption of key internal applications and services;
* Loss or corruption of critical data; and
* Lost productivity among all staff, as well as diversion of key IT team members.
A Layered Approach Is Required
Through a layered security approach, an organization can still benefit from an extended network and new business-enhancing technologies, and they can contend with the ever-growing number of malicious attacks. A layered approach will help minimize the opportunity for malicious users or software to access their intended target. If the malicious user or software infiltrates one layer, there will still be several others protecting the company's critical infrastructure. The basic components of a layered security program include the following:
* Perimeter security. Perimeter security technologies, including firewalls, IDS and IPS, are a company's first line of defense against attacks. However, the typical network today has more egress and ingress points, which demand several layers of protection to safeguard against the activity that can circumvent perimeter security technologies.
* Internal behavioral surveillance and protection. Behavioral network security is a new layer that enterprises are quickly integrating into their security programs. With a clear understanding of how the internal network and assets in that network are used over time, and the ability to monitor all network activity, these products can identify malicious activity with pinpoint accuracy and safely mitigate it without disrupting critical services.
* Policy enforcement and training. It is imperative to a strong security program that anyone (within the company) who has potential to cause harm to the network's integrity is well educated on policy. Additionally, through technologies such as identity management and authentication, companies can gain better controls over how end users access network assets.
* The desktop. It is critical to have endpoint security such as anti-virus software integrated at the desktop.
Contact centers must consider yet another layer of security to effectively protect their systems from compromise. The human error element is a major concern for CRM centers, as call center representatives frequently interact with customers on a one-on-one basis. This contact grants criminals the opportunity to exploit representatives through social engineering tactics. Comprehensive training of customer representatives is a critical step in ensuring they do not fall victim to social engineering ploys, ploys such as the request for personal information without the appropriate proof of identification.
Worms and insider threats have the power to disrupt critical services, to drain vital resources and to compromise sensitive data. In today's accelerated business world, isolating a network is not an option. Conversely, business pressures are forcing companies to make applications and data inside the corporate network more accessible by remote workers, business partners and contractors. Patch management and perimeter security appliances, such as firewalls and IPS, are helping to secure networks, but they do little to help protect against new attacks, insider threats and malicious code that circumvent the perimeter on mobile devices. As attempts to steal or corrupt customer information increase, organizations need to mitigate these forms of attacks, requiring a solution that will block malicious activity without obstructing legitimate business processes.
If you are interested in purchasing reprints of this article (in either print or HTML format), please visit Reprint Management Services online at www.reprintbuyer.com or contact a representative via e-mail at email@example.com or by phone at 800-290-5460.
For information and subscriptions, visit www.TMCnet.com or call 203-852-6800.
By Rob Nazzal
Mazu Networks, Inc.
Rob Nazzal is director of product management for Mazu Networks, Inc. (www.mazunetworks.com), a provider of network-wide intrusion prevention systems (IPS) for enterprise and government. Mazu's solutions protect networks from worms, insider threats and denial-of-service (DoS) attacks, internally and at the perimeter.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||MANAGEMENT SCOPE|
|Publication:||Customer Interaction Solutions|
|Date:||Apr 1, 2005|
|Previous Article:||Of jackpots and jugglers, making service optimization work for you.|
|Next Article:||VoIP-enabled integration in the contact center bridges the gap between CRM and customer response management.|