Vendor Accent

Securing the enterprise

A sound security policy that takes care of current security needs and perceived threats in the future is a must for any entity that's part of the digital economy, says Aravind Sitaraman

A s global economic pressures mount, enterprises find themselves working closely with customers, partners, and suppliers. Close co-operation between these entities has become a crucial enabler for cost reduction, improved financial performance and higher productivity. Hence, enterprises are viewing their network infrastructure as a strategic asset rather than as a technology and a collaboration tool.

The network has expanded into non-traditional areas. For instance, enterprises increasingly work upon an extended community basis where their strategic suppliers and partners get insight into the enterprise's supply requirements, demand status, customer issues, and delivery schedules. This enables closer co-operation between the enterprise and its suppliers and partners.

Market-driven expansion of the network into unconventional areas bring other challenges. Network security may be compromised from within or outside the corporation. A study in 2003 showed that internal security threats may result in large losses (up to 10 times more) than those from external sources.

Over 2,500 new vulnerabilities were identified in 2002 and many continue to remain as viable targets for future threats. From 1999 to 2002, there was a cumulative 2,000 percent increase in financial losses resulting from hacker-induced denial-of-service. Theft of proprietary information causes the greatest financial loss-the average was $2.7 million per incident in 2003. Yet, according to a US task force on cyberspace security, companies spend a minuscule percentage of their revenue (0.0025 percent) on security. That's slightly less than what they normally spend on coffee. The same study points out that up to 78 percent of security-related incidents are due to communications on the Internet (up 57 percent from 1999). Since security lapses may happen with the connivance of an individual within an organisation, conventional wisdom is to protect the corporation from 'known' threats. However, the increased complexity of network services and applications have created new threat areas and many of them are unchartered territory.

Security challenges

Security challenges have evolved from the 1980s. The first-generation consisted of slow-moving boot viruses that took weeks to manifest and were largely restricted to individual computers. Second-generation viruses exploited security holes in popular e-mail and word processor programs to create mischief. The third-generation of threats manifest in a few minutes. The Sapphire Worm or 'Slammer' virus took about 11 minutes to propagate itself from one end of the world to the other. These are sophisticated programs that use a blend of techniques. For instance, a Trojan inside a network may invite a worm that could then proceed to unleash a virus that formats disks, deletes or copies files, exports information, or simply shuts-down system services.

What corporations should do

The bottom line is that the security paradigm is changing. To successfully fight such security threats, corporations must view security in a different manner. First, covering security threats to the network is now a fundamental business need. Second, since network-based applications as well as the number of servers and desktops in the enterprise have grown dramatically, a security solution has to scale-up to handle thousands of servers and desktops. Third, companies have deployed an assortment of security products to deal with a host of threat perceptions. These products, in turn, distribute agents of their own. Corporate network management should be able to manage these different elements. Fourth, enterprises cannot deal with rapidly-mutating and propagating attacks. As the time from attack to damage is in the order of minutes at present and will be measured in seconds in the future, organisations need an automated system that will detect, quarantine, report, log, and initiate damage-limiting action.

Networks that defend themselves

A new concept of a network that protects itself has been introduced. However, even these are not enough when dealing with future threats. There are three parts to this concept. First, an integrated security methodology is needed. Second, advanced security technologies such as endpoint security, application firewalls, SSL VPN, and network monitoring for anomalies have to be added. Finally, system-level solutions are required to dynamically identify, prevent, and respond to threats by getting the endpoints of the network to work in tandem.

In conclusion, enterprises must understand that implementing a security policy is a systematic process. It includes security procedures to deal with risks and the deployment of security policies. Then there is constant surveillance, monitoring, audit, and analysis of network events. When security lapses occur, incident reports must be generated and analysed to identify the root causes of these incidents. Finally, corrective actions should be evaluated, selected, and implemented inside the architecture.

Organisations must realise that threats are becoming more complex, prevalent, evolving rapidly and are here to stay. Security threats in the future will cause much harm to companies that do not align their security strategy with their business strategy.

The author is Director, Engineering with Cisco Systems, Inc. He can be reached at asitaram@cisco.com or aravind_sitaraman@hotmail.com.