Threats to corporate networks have become more complex as spam, viruses and denial of service (DoS) attacks plague businesses everywhere. Companies continue to search for the ultimate safeguard against security threats. Some believe that deploying a stockade of weapons around the perimeter of their network is the most effective way to defend against intruders.

However, defenses such as firewalls, intrusion detection systems, antivirus programs, spam filters and Web surfing controls are peripheral and not enough.

When you rely on defenses at the edge of the network, you are, by definition, engaged in a reactive defense. Defenses at the edge take effect only when an attack is partially or fully developed – this is far from an ideal defensive posture.

On the other hand, using the network itself as the first line of defense shifts your positioning from reactive to proactive. Within a network, it is possible to spot not only known viruses and worms, but also emerging viruses and worms that do not necessarily have known signatures as they are evolving, so you can try to neutralize them before the attack begins.

This centralized approach to network security delivers greater cost efficiency and, when coupled with the right premise-based security elements, companies may achieve an end-to-end security solution that is comprehensive and easier to manage.

As an example, a financial institution we have worked with learned of a potential attack on its Web site and e-mail servers. Using a centralized approach and sophisticated, premise-based tools, the known threat was identified in time to screen unauthorized messages by both content and source/recipient, helping to ensure transparency to their end users.

The company’s internal assessment showed this approach to be significantly more efficient in terms of productivity than their prior approach of reacting after an incident occurred.

While most large enterprises use a system of premise-based security firewalls distributed across the company’s locations, an alternative is to implement a layered approach with an emphasis on leveraging the network – a network in which security and ease of management are built in.

Seeking Higher Ground Against a Rising Tide of Threats

Today’s security problems stem mostly from three developing trends. First, flaws in software leave vulnerabilities that troublemakers can exploit. Second, hackers assemble armies of “zombie” personal computers to mount spam and DoS attacks. Third, networks and systems are increasingly interconnected and integrated.

In such an environment, maintaining security posessignificant business challenges:

• ‑Network convergence. Increasing interconnection and interlocking dependencies across the many applications makes security management intricate, sensitive and difficult.

• ‑Disparate security solutions. Multiple security solutions may be available for each area of jeopardy, which raises the question of how these solutions can be integrated most effectively. There can also be a lack of consistency within an organization. For example, another financial institution learned that each of its business units had a slightly different security solution. An objective assessment ultimately paved the way for a more comprehensive enterprise-wide solution.

• ‑Increasing risks. Communications technologies, hardware, and software continue to evolve rapidly, making it challenging to keep vulnerability and response assessment current. Furthermore, cybercrime has become more sinister. Hackers aren’t just teenagers looking to cause a few problems. They are in organized groups seeking to exploit personal data and business systems for financial gain.

• ‑High cost. For corporations trying to manage these concerns, security raises significant issues of resource allocation. The increasing number of applications running across the network drives cost, and security personnel require a high level of expertise and ongoing training.

Consolidating Security in a Unified Network

As organizations examine whether a premise-based or layered security approach suits them, they should pay special attention to six key areas:

• ‑Firewall policy enforcement – Firewall functionality should be embedded in the network to help stop threats before they reach the company premises.

• ‑Intrusion detection – Alarms from the intrusion detection system should be incorporated with network-based firewall activity logs.

• ‑E-mail filtering – Filtering systems should automatically examine the content of data packets and place those containing known viruses or spam in quarantine. This practice of storing and analyzing unauthorized or suspicious messages and notifying the users of such unwarranted traffic can reduce costs, although it is not without its own set of costs and investment of resources. One regional bank saw overall costs go down when it identified recurring pitfalls in its internal mail and messaging systems, which enabled it to implement stop gap measures and adopt a permanent policy guideline.

• ‑URL filtering – URL filtering helps control network usage and prevent employees from spending time on unauthorized Web surfing.

• ‑Distributed DoS attacks – This type of attack is likely to be initiated by gaining control over thousands of PCs. The best place to stop that flood is not on the premises but far upstream in the network, before the flow gains strength.

• ‑Threat Management – Enterprises should have a proactive security program that addresses threats as early as possible. Most information security teams are reactive and focus on incident response because the Local Area Network is down, people are complaining, e-mail is not working and applications are broken.

The right approach to network security isn’t an
either/or – it would be reckless to abandon any one defense in favor of any other. Rather, we need to use all the tools at our disposal. By understanding the true scope of the threat – and the power of the network when all its assets are combined, we can stay one step ahead of the hackers and turn the tide against cyber attacks.

Stan Quintana is AT&T’s Vice President of Managed Security Services. For more information, please contact: Melissa A. Mirabile at 212-453-2327 or via email at mm8216@att.com.