A s the complexity and amount of threat increases, the menace cannot be fought just with complex solutions that most enterprises don’t understand. Network security can be best ensured by following a process, assessing and determining risks, designing a security policy, building a security architecture based on that policy and then looking for tools that are aligned with the policy. An enterprise must constantly change and monitor the security policy and system in accordance with the changes in the external environment and the business model it follows.

Technology Options

n Integrated Security Devices: On one hand, companies like NetScreen Technologies are delivering highly integrated network security systems integrating various security elements like firewall, IDS, DOS, VPN and QoS et al. On the other hand, networking vendors such as Cisco Systems are integrating security modules into their standard networking products. Having security measures embedded directly into network elements will ensure a certain degree of inherent protection in any communications network. From there, network managers can determine for themselves how to balance their degree of vulnerability with openness, cost, and administrative considerations by activating the security options that make sense for their organizations. Then there are vendors like Avaya, who in order to address the security needs of converged voice and data networks are promoting the concept of converged security that delivers security as an integrated component of multi-service networks. A number of semiconductor vendors are now offering high-performance security processors, capable of handling multi-gigabit streams—significantly increasing the options open to both network operators and equipment vendors. Products range from simple security accelerators that are used with external packet processors to fully integrated devices with clear traffic on one side and encrypted traffic on the other.

n Emulating the Human Immune System: Taking a cue from the human immune system’s functioning, some companies have come out with solutions that block and neutralize damaging attacks from viruses, worms, and other form of attacks, while allowing legitimate system behavior for every application on every server in the network. Take for example Sana Security’s Primary Response application security platform named Sana Profile (SP). SP learns normal application behavior by observing code paths in running programs. Vulnerabilities, in the form of software bugs, misconfigurations, injected code and other forms of attack, force applications down unexpected code paths. The SP technology immediately identifies these anomalous code paths as being outside of normal application behavior, and stops them by blocking system call executions. It effectively protects all server applications, including custom applications. And, it continually learns legitimate changes within applications, producing minimal false positives.

n IDS versus IPS: The days of intrusion detection systems (IDS) could be numbered. Leading security vendors are working to replace IDS with intrusion detection and prevention systems (IPS). As a proactive tool, IPS would not only help detect an attack but also halt one in progress. In the current security environment, IDS have been found to be inadequate as they are reactive tools. Security companies are also positioning vulnerability assessment tools as successor to IDS, because they scan a company’s networks and machines and suggest patches and fixes.

Typically, an organization will need firewalls, anti-virus software, intrusion detection system (IDS) and a content-inspection solution to secure its networks. Depending on the need and circumstances, it may also need virus scanners, VPN clients and VPN routers, PKI and application software enabled with socket-level security.

n Single-box Solutions: If an organization is looking at deploying a minimum level of security (and ready to live with some of the risks and threats), it could settle for a box or two having multiple security functions. Even though a single security appliance that would include all the above is still a year or two away, there are, for example, firewall appliances that come bundled with several other security functions like VPN, IDS, anti-virus, blocking, management and bandwidth management. Similarly, there are other boxes, which will have other important functions like content inspection. Notwithstanding the fact that an all-in-one security box may not be effective for all enterprises, the approach could still have benefits for some organizations. The single box approach would simplify product selection, product integration, and ongoing support. As most enterprises find it difficult to retain their security staff, single-box solutions are the best way out as most of them can be easily installed and managed by even nontechnical people. They can be easily managed remotely also. Another important benefit that ‘all-in-one’ box solution could entail is that it could help them overcome the problem of supporting too many different operating systems and heterogeneous platforms. Today, firewall or VPN appliances come with embedded operating systems. As such, users do not need to worry as to which operating system they should use to maximize the performance of the appliance.

n Functions-oriented approach: If organizations are looking at higher security levels that could involve deployment of several security features, the one-in-all box approach won’t work. First, there are no boxes available today, which could have all the key security functions in them. A complete security solution would include elements like proxy servers/firewalls, IDS, virus scanners, VPN clients and VPN routers, PKI, and application software enabled with socket-level security. Of course, no vendor offers all this in one box. Besides, there is still a strong opinion that each device is specifically designed for a specific function, and does the job optimally.