Defending the Networks

BANGALORE: Today, most attacks involve denial of service (DoS) but it’s only a matter of time before worm exploits start harnessing distributed computing power or establishing peer-to-peer file sharing increasing the risk further. In such a scenario, IT professionals need to be aware of the new nature of security threats to protect their networks.

These include:

Shift from internal to external attacks - Before 1999, when key applications ran on minicomputers and mainframes, threats typically were perpetrated by internal users with privileges.

Shorter windows to react - When attacks homed in on individual computers or networks, companies had more time to understand the threat. Now that viruses can propagate worldwide in minutes, that "luxury" is largely gone.

More difficult threat detection – Hackers are getting smarter. Earlier they used to attack the network, and now they attack the application or embed the attack in the data itself, which makes detection more difficult. An attack embedded in a text file or attachment can only be detected by looking at the actual payload of the packet--something a typical firewall doesn't do. The burden of threat detection is shifting from the firewall to the access control server and intrusion detection system.

A lowered bar for hackers - Finally, a proliferation of easy-to-use hackers' tools and scripts has made hacking available to the less technically-literate.

Towards a self-defending network

As the nature of threats to organizations continues to evolve, so must their security defense posture. Antivirus solutions are still essential but not enough, by the time the signature has been identified, it is too late. With self-propagation, companies need a network technology that can autonomously take action against threats. This calls for an end-to-end ‘self-defending network’ strategy among enterprises, from the desktop level right down to the network level including secure access.

The foundation for a self-defending network is integrated security—security that is native to all aspects of an organization. Every device in the network—from desktops through the LAN and across the WAN — plays a part in securing the networked environment through a globally distributed defense. A self defending network approach brings together three critical elements of network security which includes Secure Connectivity, Threat Defense, and Trust and Identity with the capability of infection containment and rouge device isolation in a single solution.

A Secure Connectivity solution helps ensure that the information transported across an internal wired and wireless infrastructure remains confidential irrespective of the access mode.

A Threat Defence solution is a collaboration of security solutions and intelligent networking technologies that identify and mitigate both known and unknown threats from inside and outside an enterprise. The Firewall for example guards the edge of the network and prevents attacks and access control while Intrusion Detection/Prevention patrols the interior of the network and monitors traffic.

Enterprises also need to effectively and securely manage who and what can access the network, as well as when, where, and how that access can occur. Deploying a complete Trust and Identity Management solution will allow enterprises to secure network access and admission at any point as well as isolate and control infected or unpatched devices. They can streamline the security management of remote network devices and leverage and enhance the value of existing security and network investments.

Closer home

As Indian enterprises connect with global networks it is important for them to protect themselves against security threats. A look closer home shows Indian organizations are investing in network security. As per a recent Frost & Sullivan Report, India is the second fastest growing network security market in the Asia Pacific Region. The market is expected to be US$ 1.42 billion by 2010 at a Compounded Annual Growth Rate (CAGR) of 25%.

Bank and Financial Institutions (BFSI) followed by the Service Provider and Software export companies were the three largest verticals in terms of adoption. Large enterprises are also a major contributor but revenues from the Small and Medium Business (SMB) segment is expected to grow at a higher CAGR of around 35.1%. While local enterprises make these investments they need to ensure that they have a holistic view of security and a comprehensive self-defending network security approach.

To summarize, networks are growing in complexity and enterprises need to look for solutions that will allow them to integrate security in every aspect of their network, thus creating an end-to-end integrated security system. To protect themselves from next generation virus threats and succeed in a global economy a self defending networks approach is an imperative that enterprises can not afford to ignore any longer.

(The author is vice president (business development) Advanced Technologies, at Cisco India & SAARC)