The evolving network demands improved security.A decade ago, a company could effectively secure its network through perimeter protection such as a firewall. At that time, networks had definitive borders, making it easier to safeguard critical internal assets with perimeter security technology.
However, as organizations recognized the business benefits of extending network access to customers, partners and vendors, the once-distinct perimeter quickly dissolved. With this increase in credentialed users now accessing the network from the outside, safeguarding internal assets with security technology located solely at the perimeter proved insufficient. Nonetheless, within many organizations, internal security still placed second in priority to increasing business process efficiency.
There is an inherent trade-off between security and accessibility, but many organizations have sought to strike a balance between making it easy for people to access the systems they need while still remaining secure. Yet many organizations, including CRM (Customer Relationship Management) An integrated information system that is used to plan, schedule and control the presales and postsales activities in an organization. centers, are still exposed to more risk than necessary because they have not addressed the security ramifications ramifications npl → Auswirkungen pl associated with extending their network to third parties. For an organization to be truly protected today, it must continue to mind the perimeter, but it must also turn its focus inward and secure the internal network.
When Networks Were Islands: Perimeter Security, Then And Now
In the past, a company's network operated--for the most part--independently, with connections being made inside the organization only. Today's network, however, reflects how business relations have changed. For an organization to remain competitive in this era, conducting business rapidly and efficiently is imperative. This accelerated business environment has driven the need for an organization to extend access to multiple outside parties, thus creating a perimeter with numerous points of entry.
Further, without the right defenses, an organization's security posture is only as strong as the security posture of each third-party network to which it is connected. Therefore, the lack of security control at third-party sites puts an organization at considerable risk. For example, a successful worm exploited at a vendor site or partner site could easily infiltrate infiltrate /in·fil·trate/ (in-fil´trat)
1. to penetrate the interstices of a tissue or substance.
2. the material or solution so deposited.
1. the main organization's perimeter security by exploiting trusted connections.
As such, these open networks are more vulnerable to malicious attacks--a disconcerting dis·con·cert
tr.v. dis·con·cert·ed, dis·con·cert·ing, dis·con·certs
1. To upset the self-possession of; ruffle. See Synonyms at embarrass.
2. reality, as perimeter security in most cases represents a company's sole defense against hackers and malicious software (malware (MALicious softWARE) Software designed to destroy, aggravate and otherwise make life unhappy. See crimeware, virus, worm, logic bomb, macro virus and Trojan. ). Today, worms and internal threats can easily circumvent cir·cum·vent
tr.v. cir·cum·vent·ed, cir·cum·vent·ing, cir·cum·vents
1. To surround (an enemy, for example); enclose or entrap.
2. To go around; bypass: circumvented the city. perimeter security through virtual private networks (VPNs), mobile devices, encrypted traffic and insider attacks, exposing critical internal assets to potential exploit.
The growing number of attacks, their heightened level of destructive power and the shrinking lag time between a vulnerability announcement and exploit has made perimeter security ineffective in the war against worms.
In fact, a recent study by the Yankee Group (the Yankee Group, Boston, MA, www.yankeegroup.com) A major market research, analysis and consulting firm founded in 1970 by Howard Anderson. It provides general consulting and strategic planning in the computer and communications field. indicated that the average time for enterprises to both test and roll out patches is approaching two months. By contrast, recent worm attacks have exploited vulnerabilities fewer than 15 days after the published advisory. This lapse in time leaves an organization exposed to potential exploit for weeks. For instance, the Nimda worm in 2001 had a lag time of 330 days. In April 2004, the Sasser worm had a much faster threat cycle of 16 days. Traditional perimeter security appliances Security appliances protect computer networks from unwanted data traffic, intruders, email spam, enforce policies, and may also be used to create and manage VPNs. There are a number of types of security appliances. miss these threats in those critical hours Critical Hours is that time from sunrise to two hours after sunrise, and from two hours before sunset until sunset, local time. During that time, certain American radio stations may be operating with reduced power as a result of Section 73. and days before signatures are available. As such, organizations that base their network protection solely on perimeter security and internal patch management The installation of patches from a software vendor onto an organization's computers. Patching thousands of PCs and servers is a major issue. A patch should be applied to test machines first before deployment, and the testing environments must represent all the users' PCs with their unique are at a severe disadvantage when combating worm attacks.
Another significant risk to critical infrastructures such as contact centers is insider threats. An insider threat refers to both potential and actual attacks by credentialed users or "insiders." These attacks can result in theft or contamination of sensitive data, or disruption of highly critical services. There are several trends contributing to this growing threat to network security. The first is the increase in credentialed users. In the past, these threats were characterized by employees or former employees of the company. Today, however, with companies extending access to corporate resources, contractors, remote employees and business partners, there are often more credentialed users than employees connecting to the network.
The second trend is the move toward wider access and Web services (1) Loosely, any online service delivered over the Web. Such usage appears in articles from non-technical sources, but not in IT-oriented publications, because definition #2 below describes the correct use of the term. . As applications moved from mainframes to client servers to Web-based services, it has become more cost-effective to provide a wider group of users with access to applications and data. Although this has several advantages, including more efficient business processes, it also creates several security challenges because a Web browser The program that serves as your front end to the Web on the Internet. In order to view a site, you type its address (URL) into the browser's Location field; for example, www.computerlanguage.com, and the home page of that site is downloaded to you. is a highly effective hacking tool A hacking tool is a program designed to assist with hacking, or a legitimate utility that can also be used for hacking. Examples include Nmap, Nessus Remote Security Scanner, John the Ripper, SuperScan, p0f, and Winzapper. .
Traditional solutions, such as firewalls, signature-based intrusion detection systems This article is about the computing term. For other uses, see Burglar alarm.
An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. (IDS) and signature-based intrusion prevention See IPS and IDS. systems (IPS (1) (Inches Per Second) The measurement of the speed of tape passing by a read/write head or paper passing through a pen plotter.
(2) (IPS) (Intrusion Prevention S ), are not designed to deal with this problem. First, these devices are typically deployed at the perimeter; second, the internal network has far too many connections to monitor, making it exceedingly expensive to do with link-based solutions; and third, threats such as unauthorized access or sabotage of custom applications largely defy signature-based technologies.
Current strategies for protecting the internal network against these threats are largely focused on perimeter security and patch management. While perimeter security appliances such as IDS and IPS have helped with known threats, they have been largely ineffective against new attacks and threats brought into the network on mobile devices. Patch management has similarly helped eliminate vulnerabilities to many known threats, but it simply cannot keep up with the increasing speed of new exploits.
In planning for internal security, companies should consider their most critical processes, one of which is CRM. Perimeter-based defenses alone do not provide these critical infrastructures with the necessary protection from the increasing barrage of network attacks, many of which are now originating from the inside. This partial defense leads most enterprises to experience at least three disadvantages:
* Downtime The time during which a computer is not functioning due to hardware, operating system or application program failure. and disruption of key internal applications and services;
* Loss or corruption of critical data; and
* Lost productivity among all staff, as well as diversion of key IT team members.
A Layered Approach Is Required
Through a layered security Layered security is a new term used by information protection and online security vendors that describes the practice of leveraging several different point security solutions to protect the digital identities and information of consumer, enterprise or government environments. approach, an organization can still benefit from an extended network and new business-enhancing technologies, and they can contend with the ever-growing number of malicious attacks. A layered approach will help minimize the opportunity for malicious users or software to access their intended target. If the malicious user or software infiltrates Infiltrates
Cells or body fluids that have passed into a tissue or body cavity.
Mentioned in: Eosinophilic Pneumonia one layer, there will still be several others protecting the company's critical infrastructure. The basic components of a layered security program include the following:
* Perimeter security. Perimeter security technologies, including firewalls, IDS and IPS, are a company's first line of defense against attacks. However, the typical network today has more egress See ingress. and ingress An entrance. Contrast with "egress," which means exit. See ingress traffic. See also Ingres 2006. points, which demand several layers of protection to safeguard against the activity that can circumvent perimeter security technologies.
* Internal behavioral surveillance and protection. Behavioral network security is a new layer that enterprises are quickly integrating into their security programs. With a clear understanding of how the internal network and assets in that network are used over time, and the ability to monitor all network activity, these products can identify malicious activity with pinpoint accuracy and safely mitigate it without disrupting critical services.
* Policy enforcement and training. It is imperative to a strong security program that anyone (within the company) who has potential to cause harm to the network's integrity is well educated on policy. Additionally, through technologies such as identity management and authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC.
(2) Verifying the identity of a user logging into a network. , companies can gain better controls over how end users access network assets.
* The desktop. It is critical to have endpoint security such as anti-virus software anti-virus software n → Antivirensoftware f integrated at the desktop.
Contact centers must consider yet another layer of security to effectively protect their systems from compromise. The human error element is a major concern for CRM centers, as call center representatives frequently interact with customers on a one-on-one basis. This contact grants criminals the opportunity to exploit representatives through social engineering tactics. Comprehensive training of customer representatives is a critical step in ensuring they do not fall victim to social engineering ploys, ploys such as the request for personal information without the appropriate proof of identification.
Worms and insider threats have the power to disrupt critical services, to drain vital resources and to compromise sensitive data. In today's accelerated business world, isolating a network is not an option. Conversely, business pressures are forcing companies to make applications and data inside the corporate network more accessible by remote workers, business partners and contractors. Patch management and perimeter security appliances, such as firewalls and IPS, are helping to secure networks, but they do little to help protect against new attacks, insider threats and malicious code that circumvent the perimeter on mobile devices. As attempts to steal or corrupt customer information increase, organizations need to mitigate these forms of attacks, requiring a solution that will block malicious activity without obstructing legitimate business processes.
If you are interested in purchasing reprints of this article (in either print or HTML HTML
in full HyperText Markup Language
Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. format), please visit Reprint reprint An individually bound copy of an article in a journal or science communication Management Services online at www.reprintbuyer.com or contact a representative via e-mail at firstname.lastname@example.org or by phone at 800-290-5460.
For information and subscriptions, visit www.TMCnet.com or call 203-852-6800.
By Rob Nazzal
Mazu Networks, Inc.
Rob Nazzal is director of product management for Mazu Networks, Inc. (www.mazunetworks.com), a provider of network-wide intrusion prevention systems (IPS) for enterprise and government. Mazu's solutions protect networks from worms, insider threats and denial-of-service (DoS) attacks, internally and at the perimeter.