Enterprise Management Associates, Nov 2008, Pages: 16
The proliferation of highly sophisticated hackers has plagued the information security community for the past few years. Easily detectable, highly visible viruses have, in many ways been replaced by covert, often silent malware (malicious software). In the place where less sophisticated, vanity-driven, virus writers once stood, a new generation of organized, sophisticated, information and money-driven criminals has appeared, who in some cases may even be sponsored by foreign governments.
For so many security professionals working in the trenches of what is seemingly becoming open cyber warfare, these realities are all too familiar. For decision makers this extremely hostile environment poses a great many difficult strategic questions. Primarily, with the advanced level of sophistication of those attacking the security of businesses and governments, how does an IT organization protect itself and the business it supports both now and in the future without a significant financial investment?
Answering this question is especially difficult when one considers that mitigating security issues by adding additional vendor solutions has long been the standard practice within the information security community. Indeed the history of security can be easily followed through viewing the technology in place. First there were policies, and then firewalls, then intrusion detection systems, then anomaly detection systems, then web filtering and so on and so forth. At this point within the maturity curve of organizationally adopted security strategies, many executives will find that they have invested a large and still proliferating set of resources into their current security infrastructure.
What this means to executive strategists is that they have already undergone a significant financial investment, only to find themselves still in a difficult position. Moreover, the security infrastructure that they invested in is dated and no longer addresses the tumultuous environment their organization now faces.
Thus, organizations must consider methods that can be utilized to enhance their security posture by leveraging their existing infrastructure instead of adding more layers to their defense-in-depth security model. A defense-in-depth model, for those not familiar with the term, is the industry standard practice of deploying multiple layers of technology to counter the security threats posed to a specific organization.
This research paper proposes that Network Visibility for Security (NVS)-the set of capabilities that enable the enterprise to fully understand security-relevant issues and events within an infrastructure-is the solution to this issue. Through an intelligently integrated approach to NVS, organizations can modify their security strategy to take on a proactive, instead of reactive, approach. Furthermore, this can be done without multiple significant financial investments, since NVS solutions are meant to leverage existing visibility into network activity, as well as to complement and enhance, instead of replace, the existing security infrastructure. Network visibility solutions accomplish this by giving security professionals the information needed to conduct more efficient incident response processes and gain live threat intelligence. This allows organizations to address more issues in forensic investigation as well as bring security countermeasures up to date with targeted and covert attacks using intelligence against the latest threats.
