Choose the Right Preventive Security Technologies
by Firas Raouf
January 10, 2005
IT managers can choose from a wide range of hardware and software solutions to prevent worms, viruses, and other attacks. Regardless of approach, however, the true value of any solution is best measured by how well it ensures asset availability and enhances business continuity.
A security solution must do more than merely detect and prevent attacks. It must actually prevent downtime of any sort for the machine. Machine unavailability can be caused by many events, including compromise due to a policy violation; taking machines offline (for example, when platforms are no longer supported by their vendors and no longer receive security hotfixes or support); and patching.
Most security breaches are a result of an "internal" compromise. This can include end usersrogue and naive alikemisconfiguring devices and programs and thus unknowingly propagating malicious code, or purposefully disclosing proprietary business information.
A recent study performed by CompTIA concluded that human error is the leading cause of security breaches, encompassing nearly half of all incidents. A combination of human error and technical malfunction is a close second. Compounding this trend is the reality that only half of the organizations surveyed have a written IT security policy in place. A solution that can enforce policies can limit attacks and associated downtime significantly.
Unfortunately, not all organizations can afford to upgrade their Windows servers to newer, more advanced versions. Some face government regulations restricting changes to production processes, including operating systems used. Intensifying this challenge is the suspension of supporthotfix support, in particularfor discontinued platforms. These systems and applications become wide open for targeted cyber attacks, creating, in effect, an attack surface that cannot be protected. Organizations are left with two undesirable options: 1) leave the affected machines online and hope they're not compromised by attack, which is highly unlikely; or 2) take them offline during the planned migration, creating unavailability for critical business applications and services.
In theory, the frequency and ease with which vendors make patches available would seem to facilitate a more secure enterprise. In practice, however, organizations are faced with the daunting reality of testing, deploying, and verifying myriad patch installations. Under the best of circumstances, this process requires a combination of process and technology to minimize business disruption and associated costs.
Unfortunately, the rapidly shrinking window to install patches means patch deployments are rarely carried out under the best of circumstances. Frequently, security and IT teams are forced into panic patching systems without the proper testing and validation. This hurried approach results in tangible losses in end-user productivity, business disruptions, and related IT resource drain. An effective security solution should make machines resilient to attacks, even without the presence of the necessary patch, so IT teams can patch according to their timetables, saving costs and increasing business continuity.
Ensuring maximum asset availability requires multiple layers of security working in concert to protect against intrusions, enforce usage policies, and allow machines to remain resilient to attackseven when patching is not an option. These layers should be combined into a single, integrated solution residing on the end-point assets in order to work as seamlessly as possible.
About the Author
Back to top
Firas Raouf is the COO for eEye Digital Security.