Is your enterprise network ready to answer these challenges?
Just as the terrorist threat has evolved and become more deadly in recent years, so too has the threat to enterprise networks. In the same way that security measures are being reconsidered in major cities around the world, enterprise CSOs and security gurus are realising that the patchwork of point solutions they have deployed are no longer sufficient to defend against today's increasingly sophisticated attacks.
While security has always been a prime concern, the emergence of botnets and zero-day threats are exacerbating the need for real-time network performance and security solutions.
What is required today is a comprehensive approach that provides the enterprise with protection from the edge of its network, all the way through to the core of their data center, providing network-wide visibility and actionable intelligence. Like our national security initiatives, information security needs to take a risk management approach that not only provides protection from attacks but also the ability to identify and defeat threats before they strike.
Network Behaviour Analysis
While the notion of profiling as a security tool is up for debate among politicians, information security professionals have reached consensus, and have subsequently developed an entire market segment around this very idea.
This emerging approach is called network behaviour analysis, or NBA, which analyses the patterns of behaviour on an enterprise network so it can quickly detect and react to anomalies as they occur. NBA identifies the relationship between users, machines and applications and provides the visibility required to identify traffic shifts, floods, off-hours application usage and unauthorised network access so that the network can identify threats and react before it is affected.
Having this ability to proactively respond to emerging threats is paramount, especially when pitted against a threat - such as the one presented by botnets - capable of constantly adapting tactics in an effort to out-flank an enterprise's security measures.
Just as the collaborative sharing of information between different groups can go a long way toward mitigating the risk of physical threats, the same is true in warding off threats aimed at a network. NBA systems work with other elements of the network - from many different providers - so that they can accurately analyse network traffic data and provide both deterministic (signature) and non-deterministic (anomaly) threat detection.
Fortunately, NBA is emerging at a critical time for enterprise networks. Perimeter security defenses are well protected by Firewalls and Intrusion Prevention Systems (IPS) but until the emergence of NBA, internal threats have left enterprises increasingly vulnerable.
In a December 2005 report on the emergence of NBA, Gartner analyst Paul Proctor noted, "after an organisation has successfully deployed firewalls and intrusion prevention systems (IPSs) with appropriate processes for tuning, analysis and remediation, they should consider network behaviour analysis (NBA) to identify network events and behaviours that are undetectable using other techniques."
Proctor went on to position NBA as, "a last line of defense when preventive tools, such as firewalls and IPSs, fail to stop the real-time exploitation of vulnerabilities. They can also be used to detect new applications, behaviour and devices for investigation."
In this cat and mouse game, our enemies always look to exploit the weakest link in our defensive chain, which increasingly is from within. To protect this potential Achilles Heel, NBA solutions are addressing this security weakness by providing real-time actionable intelligence that enables enterprises to:
Who benefits from adopting NBA?
The first line of defense for enterprise networks - network administrators - benefit greatly because they have more sophisticated tools at their disposal. NBA provides complete visibility into network activity, enabling them to compare that activity against a baseline of normal behaviour. When an anomaly occurs, they can react quickly and put in place measures that prevent threats from developing into full-blown attacks. Additionally, they can respond quicker to routine help requests because they have an effective remedy for dealing with security breaches inside the network.
The most important benefit of NBA solutions is to the enterprise itself. Specifically, when potential holes are buttoned-up, the enterprise can focus on its core business, while at the same time arming an increasingly mobile workforce with the knowledge and applications they need without fear of compromise.
Protection of critical enterprise data is among the highest priorities in Corporate America today. With the emergence of NBA, another potential vulnerability is being addressed. This is not to say that NBA solutions are a silver bullet to all our security problems; however, they are a good countermeasure to the current round of threats from attackers that have evolved over the past decade.
G. Robert Malan is founder, chief technology officer at Arbor Networks.