iTnews

A network security strategy for the age of terrorism

By G. Robert on Dec 5, 2006 6:42PM
A network security strategy for the age of terrorism

Just as bacteria evolve around the technological barriers we put in their place, so too do the tactics and strategies employed by computer attackers. When a security measure is put in place, our enemies immediately set out to exploit its weakness. When they are repelled, they adapt their tactics and strategies, regroup and come back yet again.

There has also been an evolution in terms of intent and impact for electronic attackers. The intent has shifted from one of vandalism and joy-riding to that of financial gain. This shift has been accompanied by the organisation of the attackers from that of individuals to international crime rings.

Is your enterprise network ready to answer these challenges?

Just as the terrorist threat has evolved and become more deadly in recent years, so too has the threat to enterprise networks. In the same way that security measures are being reconsidered in major cities around the world, enterprise CSOs and security gurus are realising that the patchwork of point solutions they have deployed are no longer sufficient to defend against today's increasingly sophisticated attacks.

While security has always been a prime concern, the emergence of botnets and zero-day threats are exacerbating the need for real-time network performance and security solutions.

What is required today is a comprehensive approach that provides the enterprise with protection from the edge of its network, all the way through to the core of their data center, providing network-wide visibility and actionable intelligence. Like our national security initiatives, information security needs to take a risk management approach that not only provides protection from attacks but also the ability to identify and defeat threats before they strike.

Network Behaviour Analysis

While the notion of profiling as a security tool is up for debate among politicians, information security professionals have reached consensus, and have subsequently developed an entire market segment around this very idea.

This emerging approach is called network behaviour analysis, or NBA, which analyses the patterns of behaviour on an enterprise network so it can quickly detect and react to anomalies as they occur. NBA identifies the relationship between users, machines and applications and provides the visibility required to identify traffic shifts, floods, off-hours application usage and unauthorised network access so that the network can identify threats and react before it is affected.

Having this ability to proactively respond to emerging threats is paramount, especially when pitted against a threat - such as the one presented by botnets - capable of constantly adapting tactics in an effort to out-flank an enterprise's security measures.

Just as the collaborative sharing of information between different groups can go a long way toward mitigating the risk of physical threats, the same is true in warding off threats aimed at a network. NBA systems work with other elements of the network - from many different providers - so that they can accurately analyse network traffic data and provide both deterministic (signature) and non-deterministic (anomaly) threat detection.

Fortunately, NBA is emerging at a critical time for enterprise networks. Perimeter security defenses are well protected by Firewalls and Intrusion Prevention Systems (IPS) but until the emergence of NBA, internal threats have left enterprises increasingly vulnerable.

In a December 2005 report on the emergence of NBA, Gartner analyst Paul Proctor noted, "after an organisation has successfully deployed firewalls and intrusion prevention systems (IPSs) with appropriate processes for tuning, analysis and remediation, they should consider network behaviour analysis (NBA) to identify network events and behaviours that are undetectable using other techniques."

Proctor went on to position NBA as, "a last line of defense when preventive tools, such as firewalls and IPSs, fail to stop the real-time exploitation of vulnerabilities. They can also be used to detect new applications, behaviour and devices for investigation."

In this cat and mouse game, our enemies always look to exploit the weakest link in our defensive chain, which increasingly is from within. To protect this potential Achilles Heel, NBA solutions are addressing this security weakness by providing real-time actionable intelligence that enables enterprises to:
  • Actively defend their networks before, during and after botnet army attacks and worm outbreaks
  • Thwart distributed denial of service (DDoS) attacks
  • Determine if application performance anomalies are causing network performance problems
  • Eradicate phishing solicitations
  • Eliminate insider misuse


    • Who benefits from adopting NBA?

    The first line of defense for enterprise networks - network administrators - benefit greatly because they have more sophisticated tools at their disposal. NBA provides complete visibility into network activity, enabling them to compare that activity against a baseline of normal behaviour. When an anomaly occurs, they can react quickly and put in place measures that prevent threats from developing into full-blown attacks. Additionally, they can respond quicker to routine help requests because they have an effective remedy for dealing with security breaches inside the network.

    The most important benefit of NBA solutions is to the enterprise itself. Specifically, when potential holes are buttoned-up, the enterprise can focus on its core business, while at the same time arming an increasingly mobile workforce with the knowledge and applications they need without fear of compromise.

    Protection of critical enterprise data is among the highest priorities in Corporate America today. With the emergence of NBA, another potential vulnerability is being addressed. This is not to say that NBA solutions are a silver bullet to all our security problems; however, they are a good countermeasure to the current round of threats from attackers that have evolved over the past decade.
    G. Robert Malan is founder, chief technology officer at Arbor Networks.
    Got a news tip for our journalists? Share it with us anonymously here.
    Tags:
    aagefornetworkofsecuritystrategyterrorismthe

    Partner Content

    5 essential digital transformation ideas
    Promoted Content 5 essential digital transformation ideas
    DoT Victoria turns to Oracle to implement unified cloud-based platform
    Promoted Content DoT Victoria turns to Oracle to implement unified cloud-based platform
    Security through visibility: supporting Essential Eight cyber mitigation strategies
    Promoted Content Security through visibility: supporting Essential Eight cyber mitigation strategies
    How a 'micro data centre' enables your business, your way
    Promoted Content How a 'micro data centre' enables your business, your way

    Sponsored Whitepapers

    Planning before the breach: You can’t protect what you can’t see
    Planning before the breach: You can’t protect what you can’t see
    Beyond FTP: Securing and Managing File Transfers
    Beyond FTP: Securing and Managing File Transfers
    NextGen Security Operations: A Roadmap for the Future
    NextGen Security Operations: A Roadmap for the Future
    Video: Watch Juniper talk about its Aston Martin partnership
    Video: Watch Juniper talk about its Aston Martin partnership
    Don’t pay the ransom: A three-step guide to ransomware protection
    Don’t pay the ransom: A three-step guide to ransomware protection

    Events

    • iTnews Benchmark Awards 2022 - Finalist Showcase
    • 11th Annual Fraud Prevention Summit 2022
    • IoT Impact Conference
    • Cyber Security for Government Summit
    By G. Robert
    Dec 5 2006
    6:42PM
    0 Comments

    Related Articles

    • Australia's ID systems 'deficient', unfit for online: review
    • RBA pushes first IaaS workload into Azure
    • NSW Planning dept finds CISO at Tabcorp
    • Oracle accredited 'certified strategic' gov cloud provider
    Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

    Most Read Articles

    Kmart Australia stands up consent-as-a-service platform

    Kmart Australia stands up consent-as-a-service platform
    NSW digital driver's licences 'easily forgeable'

    NSW digital driver's licences 'easily forgeable'
    Kmart Australia re-platforms ecommerce site to AWS

    Kmart Australia re-platforms ecommerce site to AWS
    Westpac promotes its head of technology to mortgage role

    Westpac promotes its head of technology to mortgage role

    Digital Nation

    The other ‘CTO’: The emerging role of the chief transformation officer
    The other ‘CTO’: The emerging role of the chief transformation officer
    Case Study: PlayHQ leverages graph technologies for sports administration
    Case Study: PlayHQ leverages graph technologies for sports administration
    As NFTs gain traction, businesses start taking early bets
    As NFTs gain traction, businesses start taking early bets
    COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
    COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
    Metaverse hype will transition into new business models by mid decade: Gartner
    Metaverse hype will transition into new business models by mid decade: Gartner
    All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
    Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.