Combatting Today's Attacks: It's a
Generational Thing
By Marc Solomon on October 10, 2013
Marc Solomon expresses concern that
while today's attackers are using next generation tools, those that
are the defenders are still using last generation tools. Many in the
security field are not keeping up with changes in the networking
environment, such as the growing use of mobile devices, SaaS,
virtualization, and cloud computing.
New attack methods make it increasingly
difficult to detect. Older generational defensive tools lack the
historical data and intelligence to detect advanced attack methods.
As networks reach muli-gigabit speeds,
network security devices have too keep up with the traffic. Older
device just don't have the speed.
He gives some suggestions of key
questions to ask when talking to vendors of security equipment.
The first question is to ask about is
visibility. Can the equipment see all applications working in the
environment regardless of protocol? Can it see hosts, infrastructure,
and users? Does it have the ability to monitor changes in the IT
environment? Can it provide site reputation information? Can it
monitor network activity based on user, application, or device?
The second area of questions is to ask
about threat effectiveness. Can the technology protect against known
and emerging threats? Can it remain effective even under times of
peak load? How does the technology detect threats? Can it detect and
block specific types of threats? Can it compare baseline behavior
against current behavior to detect anomalies?
The third area to ask about is the
granularity of the system controls. Can the system allow fine-grained
policies? If the policies don't allow sufficient flexibility,
employees will be tempted to work around the security controls, thus
making them worthless.
A fourth area to ask about is
automation. Security systems can generate vast amounts of data. Can
the process of shifting through all this data be automated allowing
the security person to focus on key events?
A fifth concern is the availability of
advanced malware protection. Can malware be detected in cloud based
systems? Is the system able to gather information on emerging
threats? Does it automatically update all connection points?
A sixth area to evaluate is the
performance, scalability and flexibility of the system. Can it handle
the speed of today's traffic. Can it be upgraded to handle the
increased traffic of the future? Does the system have third party
performance results available?
A final area to evaluate is the
management and extensibility of the system. Does the system allow for
easy central management? Can I extend the system as needed? How well
does it work with third party solutions?
As an IT person, I may likely need to
participate in system design, purchase, and upgrade decisions. These
are important questions to ask in evaluating a system. I will need to
consider not just current needs but future needs as well. As a IT
person, I will need to keep both my systems and my knowledge up to
date.
No comments:
Post a Comment