New Users
Home
Analysts & Consultants
People
Channel Advantage
Products
Technology
Case Studies
Awards
About This Guide
Security Risk Management
Current Scenario: Security Risk Management (SRM) is birthed from the reality that Corporate IT security teams are currently forced to implement a security posture by cobbling together discrete security appliances and applications from a myriad of competing security companies. These products focus on various specific aspects of network security, leaving the IT department responsible for integrating, managing, monitoring and correlating discrete security events, alerts, logs and reports into actionable security threats. This reality is obviously not sustainable in the long run, and there’s now a growing consensus an extensible systemic architecture designed to inherently incorporate all of these disparate applications into a single system would be a better a better approach.
Current Scenario: Security Risk Management (SRM) is birthed from the reality that Corporate IT security teams are currently forced to implement a security posture by cobbling together discrete security appliances and applications from a myriad of competing security companies. These products focus on various specific aspects of network security, leaving the IT department responsible for integrating, managing, monitoring and correlating discrete security events, alerts, logs and reports into actionable security threats.
This reality is obviously not sustainable in the long run, and there’s now a growing consensus an extensible systemic architecture designed to inherently incorporate all of these disparate applications into a single system would be a better a better approach.
Tomorrow's Technology Today: Simply stated: There are too many vendors … too many disparate security systems … too many alerts … not enough actionable root-cause and resolution information. It takes too long to connect the dots and determine how global threats, network attacks and vulnerabilities affect network security. Most security products are reactive and focused on explaining what happened, instead of detecting threats before they happen Further, the deployment of the necessary organizational resources to successfully operate in such an environment stresses organizations already challenged with squeezing the most out of their minimalist IT security budgets. This reality is obviously not sustainable in the long run, and there’s now a growing consensus that the confluence of security requirements would be better addressed with an extensible systemic architectural approach designed to inherently incorporate all of these disparate applications into a single system, with one single administration/operations console, one set of reports, etc. The concept of extensible systemic architectural approach to network security is now gaining traction among leading security companies and industry analysts. In fact, in a recent conference address, Cisco Chief Executive John Chambers predicted the end of “pinpoint” security applications and noted that to stop online threats, security has to be integrated throughout the network with an underlying architectural approach, and that SMEs should be focusing now on how their security pieces integrate. A second and very important aspect of Security Risk Management (SRM) is the realization that signature-only detection is totally inadequate to address the current state of network security attacks. A behavioral approach to deep packet analysis is now a requirement to address zero-day attacks, etc. Two recent quotes from analysts at Gartner and Yankee Group highlight the industry alignment behind network behavioral analysis and correlation: “After an organization has successfully deployed firewalls and intrusion prevention systems (IPSs) with appropriate processes for tuning, analysis and remediation, they should consider network behavior analysis (NBA) to identify network events and behaviors that are undetectable using other techniques.” By Paul E. Proctor, Research Analyst, Gartner Inc. “Traditional signature-based security products can’t stop zero-day attacks,” says Andrew Jaquith, a senior analyst with Yankee Group. “Our research shows that while 99% of corporations have deployed antivirus software, nearly two-thirds (64%) nonetheless suffered virus or worm outbreaks that disrupted at least one business unit. Behavioral security solutions are an increasingly important part of a balanced security program.” At the heart of Security Risk Management (SRM) is a proprietary behavioral correlation engine that is actually the foundation upon which all other applications are built. This basic tenet of SRM enables each security application to leverage the rich data derived from the correlation of weeks of raw packet data, detected vulnerabilities, signature detection applications (IPS, AntiVirus, AntiSpam, Content Filtering, etc.), posted vendor alerts, globally detected threats, as well as network access policy violations. A true behavioral analysis and correlation requires: Packet data, IDS/IPS alerts, scans, vendor threats, and tracked resources are data feeds to be analyzed and correlated continuously, and tracked over time. Use of raw packet data vs. log files for analysis. Packets have more data for analysis. Data is used for analysis over long periods of time (up to 2 years) instead of only in real-time. The longer the timeframe, the better the analysis can be. Analysis is relative to an individual network and the system adapts to that network. A behavioral system becomes customized to that network without human intervention. A behavioral system has learned intelligence and can predict behaviors that enable it to track developing threats. It’s important to not mistake Security Risk Management (SRM) for SIM or SEM. A SIM/SEM is nothing more than a noble attempt to integrate a collection of security appliances that were never intended to work together. Consequently, they don’t. SRM is not the aggregation of log information from disparate security appliance logs/alerts. The SIM/SEM approach has proved to be complex, limited, and expensive approach to very loose integration. In contrast, the SRM suite of truly integrated network sensors, scanners, and behavioral correlation modules are inherently designed to capture, retain, and behaviorally analyze packet-level network traffic, so there’s no need to acquire logs and alerts from 3rd party devices. After all, relying on logs and alerts from other security devices that are routinely breeched (e.g. firewalls, IDS, IPS, etc.) makes relying on a SEM inherently untrustworthy. In addition, SEMs require knowing all present and future events for which rules need to be created. For those organizations following the widely accepted “defense-in-depth” network security strategy, the SRM economically delivers a security layer that augments and holistically provides oversight of an organization’s security infrastructure without the requirement of uprooting or disrupting the existing security infrastructure. This self-reliant approach combines real-time flexibility, long-term correlation, and historical trending, with no maintenance and security business intelligence requirement. The behavioral difference and revolutionary approach is becoming the industry model for next generation network security.
Tomorrow's Technology Today: Simply stated:
Further, the deployment of the necessary organizational resources to successfully operate in such an environment stresses organizations already challenged with squeezing the most out of their minimalist IT security budgets. This reality is obviously not sustainable in the long run, and there’s now a growing consensus that the confluence of security requirements would be better addressed with an extensible systemic architectural approach designed to inherently incorporate all of these disparate applications into a single system, with one single administration/operations console, one set of reports, etc.
The concept of extensible systemic architectural approach to network security is now gaining traction among leading security companies and industry analysts. In fact, in a recent conference address, Cisco Chief Executive John Chambers predicted the end of “pinpoint” security applications and noted that to stop online threats, security has to be integrated throughout the network with an underlying architectural approach, and that SMEs should be focusing now on how their security pieces integrate.
A second and very important aspect of Security Risk Management (SRM) is the realization that signature-only detection is totally inadequate to address the current state of network security attacks. A behavioral approach to deep packet analysis is now a requirement to address zero-day attacks, etc.
Two recent quotes from analysts at Gartner and Yankee Group highlight the industry alignment behind network behavioral analysis and correlation:
At the heart of Security Risk Management (SRM) is a proprietary behavioral correlation engine that is actually the foundation upon which all other applications are built. This basic tenet of SRM enables each security application to leverage the rich data derived from the correlation of weeks of raw packet data, detected vulnerabilities, signature detection applications (IPS, AntiVirus, AntiSpam, Content Filtering, etc.), posted vendor alerts, globally detected threats, as well as network access policy violations.
A true behavioral analysis and correlation requires:
It’s important to not mistake Security Risk Management (SRM) for SIM or SEM. A SIM/SEM is nothing more than a noble attempt to integrate a collection of security appliances that were never intended to work together. Consequently, they don’t. SRM is not the aggregation of log information from disparate security appliance logs/alerts. The SIM/SEM approach has proved to be complex, limited, and expensive approach to very loose integration.
In contrast, the SRM suite of truly integrated network sensors, scanners, and behavioral correlation modules are inherently designed to capture, retain, and behaviorally analyze packet-level network traffic, so there’s no need to acquire logs and alerts from 3rd party devices. After all, relying on logs and alerts from other security devices that are routinely breeched (e.g. firewalls, IDS, IPS, etc.) makes relying on a SEM inherently untrustworthy. In addition, SEMs require knowing all present and future events for which rules need to be created. For those organizations following the widely accepted “defense-in-depth” network security strategy, the SRM economically delivers a security layer that augments and holistically provides oversight of an organization’s security infrastructure without the requirement of uprooting or disrupting the existing security infrastructure.
This self-reliant approach combines real-time flexibility, long-term correlation, and historical trending, with no maintenance and security business intelligence requirement. The behavioral difference and revolutionary approach is becoming the industry model for next generation network security.
Conclusion: The underlying behavioral analysis and correlation foundation enables sharing of information between security applications and disciplines, and lies at the heart of the SRM architectural approach. Security Risk Management provides all security applications the behavioral-edge, provides superior performance, operational ease, and costs a fraction of the price.
Global DataGuard, Inc. 14800 Landmark Blvd, Suite 610 Dallas, TX 75254 USA Tel: 1-972-980-1444
Recommend this to others:
HOME |
ADVERTISE WITH US |
TELL US ABOUT YOURSELF |
UPDATED PRIVACY POLICY |
Copyright © 2006 Silicon Valley Communications - All rights reserved.
