How To Defend Against Security Threats


Customers often complain about the high cost of security in terms of the software and hardware needed to batten down the hatches. Only companies that have failed to effectively secure themselves and have experienced the painful consequences truly understand the pain of not preparing adequately. Here, Net Optics President and CEO, Bob Shaw, explains how IT pros can sell security solutions and defend networks from a barrage of security threats. —Jennifer D. Bosavage, editor

Perpetrators stole or compromised an astounding 386 million customer records worldwide last year. Calculating that each lost record costs an organization about $200, the price tag for 2011’s security breaches reached an estimated $77 billion. Early this year, credit and debit card processor Global Payments admitted that a systems breach had resulted in the “export” of 1.5 million records. That brisk rate of criminal activity raises many questions, foremost among them: where are the highest vulnerabilities, and how can IT professionals mount an effective defense?

Related: How To Convince Customers 
That They'll Always Need Security

Progress is vital—and unstoppable. New applications and devices drive productivity and empower employees, but they expose companies to soaring risk and uncertainty. The consumerization of IT and barrage of Web-based and social applications threaten network performance and security, challenging IT operations to monitor traffic and block security threats. All the while, mobile devices are keeping traffic at a boil, making it ever harder to track the people and devices accessing these applications, and to sell security solutions.

Social networking sites such as Facebook and Twitter have become a fertile breeding ground for malware and social engineering scams, while Android and Apple iOS platforms are becoming increasingly attractive hacker targets. Of course, few companies would actually block those applications or deny network access to mobile devices (in fact, BYOD is propelling the trend in the very opposite direction). Nevertheless, IT still needs to control access and monitor user and network behavior. What are the best options?

Siloes and Islands Fall Short
Security approaches have suffered historically from two design flaws. For one, network administrators tend to purchase tactical point tools or appliances to overcome a security or network issue. This creates “islands of security” whose lack of technical integration makes them only marginally effective when dealing with the juggernaut of security challenges rolling in from Web-based applications and mobile devices. Besides, security tools deployed “on top of” existing technologies tend to behave like an afterthought, adding complexity and management overhead to the IT and network infrastructure and putting a drag on performance.

The “siloed” approach segments the network to fit the needs of disparate teams: security, regulatory, performance, databases, applications, departments, etc., each attempting to block only the threats for which they were responsible. This model has shaped many of today’s network infrastructures. To manage their respective segments each network team installs and operates their appliance(s) independently, connecting to the network at their various locations.

But where teams compete for network access, inefficiencies ensue, such as patchy visibility and major gaps in security coverage. Best Practices now demand treating the entire span of the network as an entity, across cloud, data center and remote branches.

The Power of Visibility
Not surprisingly, with billions vanishing, visibility has taken on an almost mystical aspect to desperate IT pros. Not only can visibility rescue the network from intrusion and theft, but reveal other issues affecting network productivity and value, minimize risk and enable productivity gains from IT applications and services. But as applications become more diverse and the devices hosting them more pervasive, visibility solutions that look only at the network edge or see only random monitoring data are not robust or comprehensive enough.

The importance of fine-grained monitoring and visibility across both the virtual and physical networks cannot be overemphasized. Without it, security threats can have their way, raising financial risk while inviting business casualties. At the very least, visibility into the virtual must be comparable in acuity to that of the physical network.

Next page: Application and Network Visibility—Formulating a Response to Threat

Application and Network Visibility—Formulating a Response to Threat
Visibility into who is using which web-based application can avert those dismaying network traffic spikes that slow mission-critical applications and compromise security tools. Without visibility, by the time IT can take action, the crisis has taken on a life of its own and the business is losing revenue. The following design tactics can thwart attacks, and help rid the network of crime.

1. Look beyond status quo solutions.
Given the scale and scope of consumer-oriented applications, IT should address threats with a comprehensive network visibility and application security architecture. This should offer all the performance needed to handle an intensive, expanding and unpredictable environment.

2. Think visibility into all applications.
Because all applications are at risk, any defense should be network-wide. A holistic visibility architecture should provide ample intelligence and insight about the most active users and applications in all areas of the enterprise.

3. Don’t skimp on scalability.
You need to delve deep into application behaviors and weaknesses in order to frustrate wily application-borne threats. Be sure that your architecture is scalable enough to meet the most intensive requirements over time—enabling collection of byte, packet, session, and time statistics; identifying hundreds of applications and offering detailed analysis of application data to administrators. The time to start implementing this architecture is now.