Increasingly complex security threats, continued to improve the regulatory requirements and continuous development of new applications to the enterprise network security has brought more new problems. As the management problems, increase the number of single-point solution is not always the best option. Fortinet's Asia Pacific vice president Jens Andreassen, consider the question is: How can we carry out a practical security gap analysis, and choose a suitable manufacturers to improve network security, and will not increase the complexity of management.
Every day in their efforts to safeguard network security IT managers face increasingly complex challenges, because they face the threat of more complex, the increasing burden of compliance, and new applications and technology has also brought more loopholes.
Hackers are now more concerned about the access to economic interests rather than Yangmingliwan, and organized crime in the network security in the struggle began increasing the proportion occupied. In addition, because the network layer to maintain sustained vigilance and have developed a variety of firewall and intrusion prevention system (IPS), therefore, not only confined to the security of the network, thereby including the content (data) layer.
Information security, anti-virus, anti-spam, Web filtering, anti-spyware technology needs… this list continues to lengthen, it is very difficult to keep up with this small business development speed.
Compliance with the protection of the guiding principles for IT managers have brought a heavier responsibility. They must not only adopt the latest technology to deal with potential threats, and must prove to make every effort to protect sensitive data and networks.
All kinds of traffic and activities must be recorded in the log, in order to review and prove their compliance, and also to facilitate evidence collection. This is for the rapid identification and repair of network security loopholes in the system is essential. These more weight to their burden.
Therefore, in order to fully enhance operational efficiency and gain a competitive advantage and business success, IT managers for their hard work and efforts to provide a better user mobility, interoperability and third-party network access capabilities.
The addition of new or upgrade existing applications to achieve the various new technologies to improve the basic, perhaps can improve business performance, but unfortunately, it also added a new attack loopholes.
Practical Network Security
IT security in general is only part of the overall IT budget, and the overall IT budget and the overall operating budget is only a small part. We need not only the threats of the business in accordance with the potential impact on their grade level, but also need to balance the budget in IT related technologies and products. All of this must be in accordance with the rules, to reduce capital expenditures and related operating expenses.
This explains the integration of all network security functions more and more interested in the reasons, because it can reduce the implementation of safety facilities and management of the complexity and cost.
But it also concerned about the unity of the IT managers to provide a practical approach in particular, the method can be summarized as the following three points:
1) security to be regarded as more networks and the availability of an important part of this availability enables users to complete its main business. In practice, security technology and products is how they choose to serve this objective decision. This approach is that the benefits of IT in accordance with the overall goals and core business easily make security decisions.
2) integration of many companies that manufacturers are "wholly or do, or do the whole", while some companies still insist on buying the best single totally different functional products. But the reality is: even if the integration of two or three functions can also bring significant benefits, such as reducing the complexity of management and reduce the impact on the environment (because less equipment) and generate a higher return on investment. These factors will help reduce the risk of network protection, so as to cope with equipment from different manufacturers result of the evolving security "threat situation."
3) no matter what the programme, must be the safety of existing investments added. This is almost needless to repeat the obvious, but too many manufacturers seem to think their solution is better than years of IT managers cautious investment, implementation, training and experience. The complexity of the management can never be totally avoided, but it can choose the right products to reduce.
Fix the network and found security flaws
Develop small-scale network integration plan and from the unified threat management as a means of benefit are: IT infrastructure will be divided into functional regional network, which the district can be physical (such as: data center or core network) or the logic (For example: visitors access or e-mail communication). Through this scheme, there will be able to figure out what kind of safety deficiencies, and to enable IT administrators ultimately determine the appropriate solution.
IT managers should ask a simple question: whether or not the function of regional networks using the appropriate products and technologies.
1) peripheral
2) Data Center
3) core network
4) ROBO / SOHO
5) secure e-mail communications
6) end
Neighboring
The network perimeter is the first line of defense is the focus of various external threats, particularly network and content on the criminal purpose of the external threats. The potential defect is common in VPN (IPSEC or SSL), firewall, intrusion prevention system (IPS) and various anti-virus solutions - throughput, availability, as the threat of procedure.
Data Center
Data Center has a variety of servers and applications to help business users work. Here is the greatest challenge throughput and real-time operation, in particular with important applications and content of anti-virus scanning on the throughput and real-time operation. If unable to keep up with security solutions, certain things will be slipped into the past, many users of the impact, if not all users.
Core Network
Core Internet challenges including high bandwidth and a large number of concurrent sessions, and the existence of small packets of real-time applications such as voice over IP (VoIP).
Many solutions that can be achieved on the 512-byte packet of high throughput. But in reality, when dealing with small packet performance usually decreased significantly. Although the main core network and firewall, VPN and the operation of the IPS, but the choice of the solution must provide scalable capacity, performance, high availability and redundancy. It belongs to speed up the network and content protection capacity of the ATCA hardware and dedicated ASIC processor areas.
Remote office / branch office (ROBO) and small office / home office
Remote office / branch office (ROBO) and small office / home office (SOHO) has brought many of the same issues, and also an increase of wireless networks and various access equipment (such as: DSL modem) roaming users and attack vulnerabilities , And other real-time voice and presence applications. For any programme to provide a small packet throughput of the inspection is very important.
Secure e-mail communications
E-mail is an important way to virus infection, resulting data is the main source of insecurity, the main legal disputes spread medium. In regulatory terms, advanced archiving is an important function, outside of the important content filtering to protect confidential information.
Terminal
Depth protection requirements on the network pay close attention to the various terminals: desktop computers, notebook computers and PDA, and so more and more. Security flaws in this area could damage the integrity of networks and applications, enterprises can meet the safety standards is the key. Guard against spyware and viruses the ability of particular importance. Personal Firewall and reliable VPN client can work together to increase protection.
Fully integrated
Measure unified threat management (UTM) solutions, regardless of network security features of the whole or in part, it is important to choose the manufacturers not only to provide a variety of security technology, but also to provide unified management, reporting and threat analysis. Otherwise, all kinds of totally different end product will still have the same management burden and operating costs an even greater impact.
Unified management, reporting and analysis
Security infrastructure management mainly involves the formulation of security policy, issued and implemented, and all parts of a variety of network security device configuration management. UTM solution should be able to provide a single management and control platform, a unified security features, strategies and configuration change control, thus realizing precise management control.
Strategic management of the reporting requirements of a strong, these features will be all kinds of equipment and technology integration activities, while providing network capacity and use of data to achieve a good network management. Scheduled and on-demand report, coupled with a large number of standard reports, means that when needed it easy to customize. These features include the relationship between the incident, evidence analysis and vulnerability scanning, and so on, in and management control platform more closely integrated, have become very important.
Unified Threat Research
Any UTM solutions are dependent on the timely updated summary of features, URL and other threats to information, so as to follow up the rapid evolution of the threat. Automatic Updates will be able to do this, but by the hour rather than daily updates service level agreements for the network to provide the best protection.
Aggregate
A unified security solutions, even if only two or three functions, but also able to network security concerns of IT managers to provide a method in their network infrastructure in the integration of a variety of new security technology. Solutions must provide a unified management and reporting control platform, all the functions of integration as one. Without these things, the solution can not be achieved lower operating costs requirements.
UTM should be end-to-end network solutions for comprehensive and uniform protection, the solution enables IT administrators the flexibility to apply to the use of environmental security features to protect various parts of the network.
Edit by: Securitysofts
No comments:
Post a Comment