Monitor, manage and enforce -- these are some of the key things that enterprises have to do to ensure that their security policy remains effective in the face of new vulnerabilities in applications and operating systems and the lack of protection by current installed solutions.
Speaking at Computerworld Singapore Security Forum last week, Paul Henry, senior vice president of information and network security provider CyberGuard Corp., noted that new vulnerabilities and threats are proliferating and enterprise applications are the most attractive target for attackers to break into an organization"s network.
In an effort to meet today?s blended threats, security architectures are becoming dramatically more complex. Organizations will be better able to determine where they are vulnerable if they look at what assets need to be protected, and then create an enforceable security policy and strategy. ?Network security is only effective with the right policy and procedures,? he added.
In all too many occasions, decisions on security products are based primarily on popularity and price with little regard to the actual security the product can provide.
?Most organizations do not purchase products that support the security policy and then they end up having to change the policy to meet the limitations of the products,? said Henry.
Organizations, therefore, need to take a serious look at how effective a product is by evaluating how the product performed against recent threats like the recent Java and Microsoft Internet explorer vulnerabilities, Sober.I attack and Microsoft JPEG exploit.
Many attacks combine multiple vulnerabilities both new and old, and vulnerabilities are not one-time events -- they are often discovered over the life of a given application.
Security patching is therefore the first line of defense of computer security since vulnerabilities in popular applications and operating systems are among the primary targets for hackers.
According to Henry, IT administrators should evaluate vendors offering patch identification and deployment services to mitigate the costs associated with patching vulnerable systems without sacrificing response times. They should actively pursue solutions that allow them to quickly and effectively respond to patch requirements as they are made public.
?However, the ability to monitor, manage and enforce policy across the enterprise is just as important if not more important than individual point products.?
The typical organization has multiple versions of operating systems and applications. Management consolidation across all of the enterprise?s security mechanisms, said Henry, is therefore the glue that binds an organization"s security architecture together.
To have a policy-driven security in place, organizations must have a strong corporate policy as a foundation, classify all assets and types of users, reinforce the physical and perimeter basics and deploy policy-based centralized management.
Multiple business units, divisions or geographies within an organization must understand the importance of centralized management to enforce policy and procedures. The security infrastructure must provide a single, centralized security audit to provide for centralized accountability and enforcement of security processes.
?Having the best Internet-facing firewalls, intrusion detection, content scanning, desktop firewalls and antivirus delivers a false sense of security. You can have the best of the best firewall, IPS, IDP but if you can?t manage it, you are SOL (sorry, out of luck).? CyberGuard is at www.cyberguard.com.