Unifying Your Threat Management Practice
The Network Security Dilemma
IT executives trying to keep on top of network security face a difficult task: the growing sophistication of the threats, an increasing compliance burden, and the vulnerabilities exposed by new applications and technologies.
Hackers are no longer focused on notoriety as on financial gain—in fact, organized crime is becoming an ever-larger part of the network security struggle. Combined with the widespread availability of exploit development frameworks, the addition of the profit motive means that threats arise and evolve faster than ever before, and threats are no longer dependent on a single exploit mechanism. Furthermore, it’s not just network-level security you must be concerned with, for which firewalls and intrusion prevention systems (IPS) were developed, but content (data) level security as well. Messaging security, antivirus, antispam, Web filtering, antispyware…the list of required technologies grows.
Given this pressure, it seems like salt in the wound that IT executives also face the possibility of criminal and civil sanctions for failure to keep up with these threats. Regulatory and best practice guidelines like Sarbanes-Oxley, Basel II Accord, and PCI/DSS place an enormous due-diligence burden on IT executives. Not only must you keep up with the latest technologies for dealing with potential attacks, to prove that you did all you could to protect sensitive data and your networks, but you must be able to log traffic and events, as well. This is not only necessary for the legally-required audits that prove your compliance, but also for forensic operations, which are critical to discerning and quickly remediating weaknesses in your security regime.
Finally, to top it all off, the ultimate dilemma facing IT executives: In efforts to improve operational efficiencies and support the drive to competitive advantage and business success, you have worked assiduously to provide greater user mobility, interconnectivity, and third-party access to your network. As well, you’ve carefully adopted new technologies where they promised bottom-line improvements, implemented new applications, and kept existing applications up to date.
And what’s the payoff? In all cases, in addition to improving business performance, you’ve added new openings for attack—or rather, your vendors have. And this doesn’t even take into account the Internet applications like Skype, that your users may add to the mix, with all their vulnerabilities!
Pragmatic Network Security
Unfortunately, you’re doing all this on a budget that may seem miniscule compared to the urgency of these threats. The reality is that IT security is only a one part of your overall IT budget, which in turn is only a small part of the overall business budget. You not only have to be careful to rank threats in accordance with their potential impact on the business, but also balance the appropriate remedial technologies and products against everything else in your IT budget. And, to top it all off, you must do so under the imperative to reduce operational expenses relative to capital expenditures. The best threat management strategy in the world won’t do you much good if you can’t afford the people and time to operate it!
All this explains why IT executives are so interested in unifying threat management, since it promises to reduce the complexity, and thus the cost, of implementing and managing the security infrastructure. But it also imposes an extremely pragmatic approach on IT executives concerned with that unification, which can be summed up under three heads:
1) Security cannot be viewed as an end in itself. It is more usefully seen as a critical part of network and application availability—of enabling users to get their jobs done. Your choices of security technologies and products will be determined by how, in practice, they serve this goal. One advantage of this perspective is the resulting ease with which security decisions can be related to your overall IT goals, and to the bottom line of the business they serve.
2) Vendor consolidation becomes key. The OpEx imperative demands simplicity, not multiplicity. Continuing to buy disparate “best of breed” single function products—a term that’s meaningless if you end up with an unmanageable mess—to respond to the evolving security “threat-scape” is a recipe for management disasters. As we’ll see below, this also demands unified management, reporting, and research from the vendor you choose.
3) No forklifts! Whatever you implement must complement existing security investments. This is almost too obvious to be worth mentioning, except that so many vendors seem to assume that their solution trumps years of careful investment, implementation, training, and experience on your part. But, again, this makes unified management, reporting, and research even more important, to avoid multiplying management touchpoints beyond your team’s ability to deal with them. Management complexity is never entirely avoidable, but it can be minimized with the right choice of vendor.
Finding and Filling the Network Security Gaps
The essence of pragmatism is the refusal to consider theory and practice as opposing concepts. Instead, a pragmatist uses theory as a kind of map for finding a way to a practical solution. One way to construct a useful map for finding your way to unifying your threat management infrastructure is to divide up your IT infrastructure into functional network segments, which may be either physical (e.g., data center or core) or logical (e.g., guest access or email messaging). Then you can try to discern what security gaps may exist in each of them. This will enable you to come up with the right questions to ask as you further research technologies and vendors, develop a short list, and make your final decision.
Putting It All Together
It’s important, as you consider Unified Threat Management (UTM) solutions, to look for a vendor that not only offers a wide range of security technologies, but, even more important, gives you unified management, reporting, and threat research. Otherwise, you’ll end up with the same management burdens that a collection of disparate point products would deliver, with disastrous effects on your operational expenses.
Summary
Unified security solutions, like FortiGate from FortiNet offer IT executives concerned with network security a way to integrate multiple new security technologies into their network infrastructure without multiplying management touchpoints. FortiNet solutions include not only Unified Threat Management network appliances, but in some cases dedicated email security appliances and end-point protection, along with timely and complete global threat research to keep the protection up to date. Above all, such a solution must offer unified management and reporting consoles to pull it all together—as without these, the solution cannot deliver the promised reduction in operating expenses demanded of every part of the IT department. A security gap analysis is the first step in choosing the right UTM solution and integrating it with your existing security investments.
In short your network should be comprehensively and uniformly protected with an end to end UTM solution, as depicted in the figure below, that empowers you with the flexibility to protect various parts of your networks and with the corresponding security features that make sense for your environment.
For more information contact: Preferred Technology Solutions 972-644-1992
» Back to Top
|
