Here’s a critical challenge for today’s enterprises: How do you create a trusted and available networking environment in the face of constant Internet threats? For an increasing number of enterprises, adding security appliances to their infrastructure helps them detect new threats earlier and implement effective mitigation strategies before their business is impacted. This article looks at how these appliances can help protect any business against today’s most dangerous and sophisticated Internet security threats.
To provide some context, let’s start by discussing the nature of today’s threats and then examining the current threat landscape.
First, it’s clear that Internet attacks are increasing in both frequency and sophistication. For example, network infections and intrusion attempts have both increased dramatically since 1996. In the mid 1990s, information security threats were few and far between. And the early threats were simple and limited in their destructive capabilities. However, we now see far more advanced “blended threats” (such as Code Red, Slammer, and Blaster) that are capable of causing significant damage. Also, intrusion and infection attempts are steadily increasing and quickly reaching epidemic proportions.
New threats are also exploiting software vulnerabilities more quickly. Until recently, it took about six months from the time a software vulnerability was first announced until threats began to appear that exploited that vulnerability (last year’s Slammer attack followed this pattern). This gave businesses plenty of time to review the vulnerability, prioritize the impact, and test and deploy the correct patches.
Today, that “window” is quickly shrinking. In August 2003, the Blaster worm exploited the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability only 27 days after it was announced. In June 2004, the Sasser worm exploited a new vulnerability only 18 days after it was announced.
Very soon, we can expect to see “zero-day” threats that actually exploit vulnerabilities before they are announced and before countermeasures and threat signatures can be developed. This potential gap between the time a zero-day threat is released and the time effective countermeasures can be made available could translate into serious problems and costs for businesses around the world.
Many of today’s threats are also able to propagate with bewildering speed. Code Red doubled its infection rate every 37 minutes. Slammer doubled its rate every 8.5 seconds—and infected 90 percent of the world’s unprotected servers in an alarming 10 minutes. These fast-spreading threats require security analysts to identify and analyze threats immediately—and make decisions quickly.
The bottom line is that we are fast approaching a state where we will have little or no reaction time against new threats. That’s why today’s enterprises need to focus on proactive security instead of reactive response.
Threats represent serious business challenge
It’s also important to understand that Internet threats have become more than an IT issue. Today, they represent a serious business challenge.
Many direct losses that can result from an Internet attack are fairly tactical. They might include the theft of money, computer resources, and information. But they can also lead to less obvious long-term problems.
For example, suppose a hacker breaks into a major financial institution and steals $15 million. The stolen money—which is probably insured—represents a relatively minor problem. The much bigger long-term risk involves a loss of confidence that such a break-in was possible—as well as changed perceptions that might cause major customers to move to a competitor.
Significant long-term brand damage can also occur when e-businesses experience denial-of-service attacks that interrupt service and damage relationships with customers. For most business executives, the possible damage to the brand, with the resulting drop in sales, is their number one risk associated with Internet security threats. That’s why it’s so important to consider the indirect strategic risks associated with those threats.
But there are other strategic risks to consider—such as productivity losses that can result from the diversion of funds, expenses associated with disruptions in business continuity, corrupted data, and expensive recovery operations.
There are also significant legal risks associated with Internet security threats—like the failure to meet contract requirements and government regulations, and the inability to control illegal activity.
For all these reasons, it’s clear that Internet security is very much a strategic business issue—even more than a technical issue.
Increased pressure on IT
It goes without saying that today’s threat landscape translates directly into dramatically increased pressure on IT teams. To begin with, they are being asked to provide more complete security protection against a constantly increasing number of sophisticated threats. They are also responsible for securing critical information assets worth millions of dollars. And they are facing tough new audit, regulatory, and legal requirements and standards.
Finally, they are being asked to meet all of these new challenges in less time, for less money, and with fewer people. Given the exponential growth in the number and complexity of Internet threats, keeping pace from a spending and staffing perspective is an ever-increasing challenge as well.
Addressing the challenges
So how can enterprises meet these growing security-related challenges? How can they protect against new threats without increasing their budget?
The key lies in building a security foundation that includes three key components:
# First, enterprises need to secure all of the vulnerable points in their IT infrastructure—from the core of their network out to branch offices and mobile users who access the network remotely. This is a daunting challenge in today’s world—especially as the need to grant access and resources to people outside the network erases traditional network borders and perimeters.
# Second, it’s critical that the network remain secure, available, trusted, and reliable at all times. Customers, employees, and partners expect instant access to the information and resources they need 24×7. When people can’t access the basic resources they depend on—like email—productivity suffers immediately.
# Third, enterprises need to receive constant, reliable information about their network and all of the critical access points in the organization. Without consistent, real-time data about every aspect of the network—including security—it’s impossible to know whether all of the data flowing through the organization is safe, reliable, and protected.
A comprehensive approach to threat protection delivers all of these key capabilities and characteristics, and includes a range of different products. For the purposes of this article, let’s focus primarily on how security appliances—and the services that support them—can provide protection against today’s most sophisticated Internet threats.
The power of integration
Integrated security appliances offer advantages that traditional security products from several different vendors can’t. For example, by pulling together many different security functions (such as firewall technology, protocol anomaly-based intrusion prevention and intrusion detection, virus protection, content filtering, anti-spam, and virtual private networking) into a single integrated device, enterprises can eliminate the cost and complexity of installing and managing different security technologies. This also gives them the ability to manage all remote locations and branch offices from one centralized location.
Next, integrated security appliances make it possible to provide proactive, multilayered threat and intrusion protection for every point on the network. This addresses one of the biggest issues IT teams deal with: keeping their organizations secure over time, especially in the face of continually evolving threats and changing security requirements.
Integrated security appliances can also help enterprises increase control with centralized management. Centralized management capabilities lower the cost of managing different appliances and systems. They give a more complete view of the whole security environment—and more control over remote sites and branch offices. They also make it possible to identify emerging threats from around the organization and mitigate potential damage more quickly. And they can reduce the need for IT staff to travel to branch offices and remote locations.
Bottom line: security appliances are capable of securing network gateways, internal network segments, individual servers, and individual clients that access the network — while still allowing secure, controlled access to the people who need it.
Keeping the business up and running at all times is a major issue facing enterprises today. And integrated security appliances are helping them improve the availability of their systems. With the right combination of security technologies positioned in the right places on the network, it is possible to improve one’s security posture—despite today’s disappearing perimeters and sophisticated Internet threats.