Enterprise Security Solutions

With increasing threats to security, simply deploying a security solution isn't enough. You also need to have the right policies in place

Tuesday, October 06, 2009

Print

Comment

Email

Digg

Del.icio.us

Reddit

Twitter

In the last UTM shootout we did, exactly a year back in September 2008, we found that most features were common across UTMs. Actually, there were less differences in features and more in technologies used. Basic tools such as anti-virus, anti-spam and anti-spyware were common on all UTMs, but features like caching, VPN, high availability were less common. High-end UTMs like Cyberoam's CR 1500i could handle 10,00,000 concurrent connections and is no less complex than a high-end data center server. Most high performance UTMs come bundled with multi-processors providing tremendous processing power and huge storage space. We even tested one with a quad-core CPU and it proved to be a real performer in tests.

So, does buying a high-end UTM really alleviate all your concerns? Before buying a security solution you need to figure out your organization's requirement and then choose the best solution for it.

The trends we saw last year and continue to see even now that IT managers are buying UTMs that primarily aid in monitoring and reporting. They have become a major tool for supporting security audits, by providing structured access and security of data. This in turn strengthens an organization's case for different security compliances such as HIPPA, CIPA, BS 7799, etc as they would be using a reporting and monitoring tool with additional security functionality. If the main anti-virus appliance fails at the gateway they can use this as a failsafe option.

Apart from UTMs there are various other security solutions available. For stopping spam, you can have dedicated appliances. Such appliances are suited to large enterprises where the number of users is large and security of data is a prime concern. Similarly, if you want to have a secure branch office connection or a remote user connecting to head office, having a UTM would make sense. However, if the number of concurrent connections is large, then having SSL-VPN appliances would make more sense.

Services on Cloud
Cloud Computing is getting hotter each day, but the technology behind this is nothing new. For details on what it is and how one can deploy Cloud Computing visit http:// tinyurl.com/ lrshbnasp. There are security solutions available on the cloud which one can use on pay-as-you-use basis. Let's take a simple example. You have a mail server in your enterprise, but lack an anti-spam solution. You can buy an anti-spam appliance but does that really make sense. Yes, it does for a large enterprise but for others it might not. You need to be aware of the bandwidth requirements and the ability of the appliance to handle the load. So one should subscribe to an anti-spam solution deployed on the cloud and not care about the hardware or software being used. The billing is done based on usage. There is a free anti-spam solution deployed on the cloud called Safentrix. If you want know more about it and how one can integrate it to the mail server then visit the link: http://tinyurl. com/nhd97q.

End-point security
Next is end point security, the anti-virus or anti-spam solution deployed at the user's desktop. For enterprises, vendors like Symantec provide an end-point security solution which costs less as compared to buying a single user license for all users. By just deploying a gateway level security solution, threats generated within your enterprise can not be controlled. One of the ways in which security can be compromised is by transferring data through USB drives. For such threats, there should be a mechanism to alert the administrator about an attack. There are devices that can be plugged into a network to monitor it for malicious activity. And as soon as a threat is detected, the device notifies the administrator about it. The licensing of these devices is quite interesting. You can buy a device and place it on the network for continuous monitoring or you can rent it for a couple of months to scan your network and neutralize all threats.

Information no longer resides inside the four walls of an organization, given the business outsourcing scenario. Any leakage of information can cause you to lose not only money but also credibility. So, apart from securing PCs from viruses, spyware, etc it very important for an organization to defend against all vulnerable ends. And this is now becoming a big concern for many enterprises. Data loss protection or DLP is the term used to describe the theft of sensitive or critical data from an organization. However, there are number of ways to solve this issue. But before that, you first need to figure out the amount and type of data your organization wants to protect. This might comprise an organization's strategies, client confidential data, etc. Such data can get stolen only if someone tries to copy it to a portable media or send it via Internet to a third person. To steal data one needs the right to access that data. The most common solution to this problem is to stop users from carrying portable media inside the organization. The other measure an organization can opt for is to block all ports on a user's system. The second method seems to be pretty practical, because even if someone gets inside the premises of your organization with the intention of stealing data, he will not be able to connect to the system. The third option is mail server configuration. The IT manager can configure the mail server in such a way that any mail that comes with an attachment shall be blocked.

The issues are endless when it comes to DLP. Even if you block the port and scan all emails that go out of the organization, one can still use a third party email service provider, for example Gmail. This would make you think of blocking the Internet itself. But such a solution would work only for organizations that mostly work offline. So what solution should one opt for? There are couple of vendors who offer customized solutions for such organizations.

Enterprise policies
The most important aspect is to clearly define a policy and stick to it. However, security solutions alone aren't enough. You also need well-documented security policies, and moreover you need to conduct regular assessments of your network. Having a written policy is always a good idea and we can't stress enough on its importance. But even more important is to visit them regularly and keep updating. For instance, consider a scenario where despite having a documented policy you keep getting recurring security threats. In such a case, you need to find a solution to the threat and update your security policy defining how to combat it in future. Besides documentation, you also need to conduct regular assessments of the security of your network. Since your IT infrastructure isn't static, do not expect your security requirements to remain the same. Security threats are increasing, and so is your IT infrastructure. Beyond a certain point, even policies and re-assessments may not work. That's where you need to start exploring security standards. Today, two key standards exist for information security. These are BS7799 and ISO27000 series. There are quite a few organizations that haven't deployed these standards. Amongst the two, the ISO standard is more popular.

Page(s)   1