You can't manage what you can't see!Security threats have grown more menacing with the appearance of the likes of Sober, Mytob, and Bagle. Along with the newer trends of spyware, phishing and key logging the implications of ineffective information security have become potentially debilitating de·bil·i·tat·ing adj. Causing a loss of strength or energy. Debilitating Weakening, or reducing the strength of. Mentioned in: Stress Reduction to business operations Business operations are those activities involved in the running of a business for the purpose of producing value for the stakeholders. Compare business processes. The outcome of business operations is the harvesting of value from assets and indeed strategy. Such attacks represent an increasing risk to an enterprise, as information is compromised or floods of malicious traffic clog networks and bring mission-critical business systems, processes and procedures to a standstill. There is a wealth of tools available to help protect the enterprise from security threats. Firewalls, virtual private networks, strong user authentication See authentication. , encryption, intrusion detection/prevention systems (IDS/IPS), email filters, antivirus, vulnerability scanners are all options. Each of these point solutions is capable of addressing a specific element of the security mosaic. In order to address their limitations many enterprises attempt to aggregate these solutions in a futile attempt to achieve effective IT security. In isolation or even together, however, these tools are ineffective against unknown, targeted or blended attacks. That is to say, a previously undefined exploit requires the vendor to develop a system security patch A fix to a program that eliminates a vulnerability exploited by malicious hackers. See vulnerability and patch. , during which time, the undefined attack will propagate prop·a·gate v. 1. To cause an organism to multiply or breed. 2. To breed offspring. 3. To transmit characteristics from one generation to another. 4. , rechecked, throughout the enterprise. If this happens to be your network your enterprise will be on the security front line--open to virus and hacker attacks and unable to maintain normal business activity. From a corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. standpoint, this lack of security control is simply unacceptable. The downside of this deterministic or signature-based approach is that it is increasingly difficult to track, let alone manage the volumes of alerts coming daily from multiple sources. Corporate governance, however, demands that these alerts are managed using formal and auditable IT risk management processes with timely and meaningful security outcomes. The corollary being that in an increasingly complex and networked world the risks to the enterprise have become increasingly debilitating and while the fundamentals of managing these risks have changed little. Insight through analysis: a better approach Too little protection or too much protection: today's security solutions fall short either way. Experience demonstrates that an ideal security solution is one that permits network communications between enterprises while protecting against security breaches as they happen; regardless of whether the breach is familiar or not. Existing technologies cannot deliver this level of intelligence. Microsoft Chairman, Bill Gates (person) Bill Gates - William Henry Gates III, Chief Executive Officer of Microsoft, which he co-founded in 1975 with Paul Allen. In 1994 Gates is a billionaire, worth $9.35b and Microsoft is worth about $27b. , introduced a vision called Adaptive Protective Technology (A.P.T.), which would, in the future, create networks that continually monitor network activity and respond in real-time to unexpected changes in behaviour. Gartner Vice President of Security Research, John Pescatore, confirmed the validity of the vision by noting that A.P.T. is the only way to detect and prevent unknown attacks. 'Rather than the cycle of attack and patch which invariably in·var·i·a·ble adj. Not changing or subject to change; constant. in·var  i·a·bil leaves the backer the winner,
A.P.T. shields the enterprise and prevents attacks, to which the
enterprise is vulnerable, from entering the system,' he said.
'A.P.T. effectively blocks suspicious activity before it wreaks
havoc across the enterprise."
A next generation threat management system now delivers A.P.T. through the use of hybrid Behavioural Anomaly Detection An approach to intrusion detection that establishes a baseline model of behavior for users and components in a computer system or network. Deviations from the baseline cause alerts that direct the attention of human operators to the anomalies. See IDS and anomaly. (B.A.D.) technology. With a number of successful deployments within high volume, mission-critical enterprises the system is able to instantly identify and respond to unusual or unfamiliar system behaviour. B.A.D. operates by first observing the enterprise network (including operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. and application activity) to establish a baseline of activity on the ICT (1) (Information and Communications Technology) An umbrella term for the information technology field. See IT. (2) (International Computers and Tabulators) See ICL. 1. (testing) ICT - In Circuit Test. infrastructure. This non-deterministic system continually gathers data from multiple sources in the network and relays that data back to a quantitative decision engine for analysis and response. This response is based on measures of the relationships between events occurring at different OSI (1) (Open System Interconnection) An ISO standard for worldwide communications that defines a framework for implementing protocols in seven layers. Control is passed from one layer to the next, starting at the application layer in one station, proceeding to the levels, on assessment of the threat seventy and the priority of the assets under threat. This allows for automated monitoring of enterprise traffic and the instant detection of unusual or non-compliant events. When internal misuse or an external breach is detected, the technology can instantly respond to lock user accounts, stop and start processes, or execute any command line script or executable according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. a predefined script. For example, if a Denial of Service A condition in which a system can no longer respond to normal requests. See denial of service attack. (DOS) attack is detected it can instantly reconfigure the firewall to block the source IP address or subnet (SUBNETwork) A logical division of a local area network, which is created to improve performance and provide security. To enhance performance, subnets limit the number of nodes that compete for available bandwidth. . B.A.D. technology is equally adept at pinpointing other breaches such as fraud, buffer overflows, worms and reconnaissance. This anomaly-based behavioural approach to IT system activity is unique in its ability to permit normal or familiar traffic to transit the network and yet be able to identify unrecognised or non-compliant behaviour. Unlike deterministic solutions this new approach is, by design, measurably more effective at identifying and responding to potential threats before they become a problem. The implications of this we significant. For example, an employee takes a laptop home and gets it infected with a new variant of a fast-spreading worm like NetSky or Sober. If the attack signatures on that laptop have not been updated, the worm will propagate within the unit. When that laptop reconnects to the enterprise network, the attack may traverse the firewall and wreak wreak tr.v. wreaked, wreak·ing, wreaks 1. To inflict (vengeance or punishment) upon a person. 2. To express or gratify (anger, malevolence, or resentment); vent. 3. havoc. Without B.A.D. technology to respond to unusual traffic across the outbound mail IP port the malicious behaviour may continue for minutes or hours, until an appropriate virus definition update has been sourced and the network patched. Conversely, using the B.A.D. threat management system the enterprise can protect against catastrophic damage, loss of data, intellectual property or reputation, costly clean-ups or even a breach of the law. True IT Threat Management As this A.P.T system is device/OS/application-agnostic it can baseline activity and process alerts from any type of log-based or agent-installed source. This approach delivers a potent first line of defense providing coverage of the enterprise network. By refining alerting rules and allowing the software to continually learn from system activity users can deploy B.A.D. technology to control their IT security practices--effective IT threat management protecting the enterprise with a minimum of effort and expense. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion