Network performance, high availability, and uptime are must for not only running the day-to-day operations of an enterprise, they are also critical for a successful business. Network downtime not only costs money and loss of precious time, it also mars an enterprise's reputation among its business partners and customers. Many times, the entire business strategy of an enterprise depends on how its network performs. So, when the network is the business for an enterprise, nothing can be more nightmarish than an insecure network. On the other hand, enterprises today have many more users (both internal and external) accessing their networks than they had in the past. Most of these networks are connected to several more networks, including the Internet, and many of these networks are accessed remotely.

Networks are expanding in one more sense-they are running myriad applications that in turn drive many of the businesses that these enterprises deal in. This growth and expansion of enterprise networks, and increasing reliance of businesses on them, has given rise to new challenges of securing these networks. As the security environment worsens due to a complex set of threats and vulnerabilities, network security must be dealt with at different levels and in a much more comprehensive manner than it is being done today. There is also a growing need to look at the entire paraphernalia of internal security from a fresh perspective. Addressing internal security challenges is not going to be easy, given the current network environment-there are thousands of systems to be protected and hundreds of Mbps of traffic that needs to be inspected and mediated. The application environment too is changing fast with thousands of new applications based on hundreds of new protocols coming up

However securing a network and thereby guaranteeing its high performance, availability, and uptime isn't a difficult task provided security managers do the right thing. The challenge is to know what those right things are.

Key Threats
Growing frequency of attacks: According to latest SANS statistics, the average time between worm infection attempts is 13 minutes. This means that if you've just installed an operating system on your computer, you have 13 minutes to fully patch it or protect it behind security devices, before it will be infected. Enterprises today have to deal with ever increasing threats to their networks in the form of new worms, viruses, DoS, and DDoS attacks. It has become easy to the launch attacks today, with sophisticated tools being freely available on the Internet.

Phishing: This is emerging as big threat to information security especially in the financial sector. Phishing (pronounced fishing) is the act of sending an e-mail to a user falsely claiming that it is from an established, legitimate enterprise. Such mails usually ask for private information from the addressee, information that will be used for identity theft. Also referred to as brand spoofing, phishing tricks consumers into disclosing personal and/or financial information. The e-mails appear to come from companies with whom consumers may regularly conduct business (e.g., banks, credit-card companies). These mails often contain links to fake websites of the established companies. When users go to the website, they come across trademarks of familiar brands they often deal with. The website then instructs the consumer to re-enter their credit card numbers, ATM PINs, or other personal information.

Spyware: According a survey conducted by WatchGuard amongst 2000 IT managers globally, two-thirds of those surveyed believed spyware will be the number one threat to network security in the coming months. Spyware is a growing category of malware that installs on a computer without the user's knowledge and it can secretly gather information about a person or organization. It ranges from adware to tracking agents to software designed to hijack a Web browser to a different destination.

Key Challenges
Most enterprises today have deployed one or more security products on their network. However the core issue is to first build the information security guidelines in accordance with their business needs. Once the guidelines are formulated, they should be translated into a framework of policies and processes. The network security architecture can then be developed in accordance with these. The architecture must be based on open standards and be flexible and scalable. It should also allow integration of new security technologies, which the organization may want to leverage in order to gain business advantage.

While the Internet offers tremendous value by opening up new levels of integration with partners, suppliers and customers-it also exposes business systems to new forms of malicious attacks. In the era of unbounded networks, security boundaries have blurred where data flows across the information value chain. In addition to that, new threats have emerged as also the quantity and virulence of attacks. As long as technology continues to evolve, malicious code will be right behind. The nature of viruses, trojans, and worms makes it virtually impossible to stop infiltration completely, though there are ways to reduce, if not eliminate them.

Operations are a constant challenge. Controls are easy to implement and easy to get budgets for. Operationally keeping a readiness state 24x7 will be a challenge. This means keeping track of all vulnerabilities, threats, and even legislations. This means applying the myriad patches releases by vendors without increasing the windows of exposure, keeping check of all DAT files, and turning on firewalls and IPS etc. These are daily tasks as are employee awareness, password security, access controls, etc. The IT team has to scan systems and applications for vulnerabilities, monitor the firewall and traffic on networks for intruders, scan files for viruses, monitor mail and Web access for inappropriate content, and notify when key system files have been modified. This is a herculean task. Indeed, keeping up with the thousands of IT security threat alerts (most of which are probably irrelevant) is one of the biggest sources of information overload.

Most companies do not have sufficient IT staff to keep patch levels up-to-date, thereby allowing even known vulnerabilities to remain exposed. Security is a moving target-it is physically impossible for any organisation to monitor, analyze threats, manage, and act upon them on a 24x7x365 basis. Signatures, patches, and DAT files must be updated regularly to: eliminate false positives, eliminate vulnerabilities, and ensure detection of the latest intrusions and exploits.

These tasks are not just time consuming but also require highly skilled security analysts who must stay apprised of any new threats and techniques. In addition to being expensive and often ineffective, providing constant vigilance in-house is a very management intensive excercise and can distract an organisation from its core business.

• Enforcing the security posture of the organization is a big challenge. Many organizations today have well-written security policies and procedures but they are not implemented and enforced properly. While a lot of this is related to people and processes, it is equally important to enforce these policies through use of technology.

• Building and sustaining high-quality resources for deploying and efficiently managing network security infrastructure.

• Managing the day-to-day network security operations and troubleshooting can be very daunting as well. Therefore, it is important to adopt technologies that are easy and cost effective to deploy and maintain in the long run.

• Ensuring a fully secure networking environment without degradation in the performance of business applications

• On a day-to-day basis, enterprises face the challenge of having to scale up their infrastructure to a rapidly increasing user group, both from within and outside of the organizations. At the same time, they also have to ensure that performance is not compromised.

• Enterprises sometimes have to deal with a number of point products in the network. Securing all of them totally while ensuring seamless functionality is one of the biggest challenges they face while planning and implementing a security blueprint.

• Conceptualizing and implementing a security blueprint is a challenge. Security is an amalgamation of people, processes, and technology; while IT managers are traditionally tuned to address only the technology controls.

Security cuts across all functions and hence initiative and understanding at the top is essential. Security is also crucial at the grassroots level as your security is as good as the weakest link. Employee awareness becomes a big concern. Management skepticism is a sure spoilsport.

Keeping abreast of the various options and the fragmented market is a challenge for all IT managers. In the security space, the operational phase assumes a bigger importance.

Compliance also plays an active role in security, hence the business development team, finance, and the CEO's office have to matrix with IT to deliver a blueprint.

What enterprises must do
• Enterprises should be prepared to cope with the growth of the organizsation, which in turn would entail new enhancements in the network both in terms of applications and size. They should plan security according to the changing requirements, which may grow to include various factors like remote and third-party access.

• Threats are no longer focused on network layer; application layer is the new playground of hackers. Attack protection solutions must protect network, services and applications, provide secure office connection, secure remote employee access, resilient network availability, and controllable Internet access.

• Conventional security products are not the ideal solution to internal security challenges. Internal security solutions must contain the threats (like worms), compartmentalize the network, not disturb legitimate traffic, protect the desktop, protect the server, and secure the data center.

• About 70 percent of new attacks target Web-enabled applications and their number is growing. Enterprises should, therefore, deploy Web security solutions that provide secure Web access as well as protect Web servers and applications. The security solutions must be easy to deploy, and they should also provide integrated access control.

Technology Options
End-to-end Security Solutions: Leading security vendors offer end-to-end solutions that claim to take care of all aspects of network security. End-to-end solutions usually offer a combination of hardware and software platforms including a security management solution that performs multiple functions and takes care of the entire gamut of security on a network. An integrated solution is one that encompasses not only a point-security problem (like worms/intrusion) but one that also handles a variety of network and application layer security challenges.

ASIC based appliances: The move is from software-based security products that run on open platforms to purpose-built, ASIC-based appliances, just like the path the routers have followed in the last decade.

SSL-VPN: Greater awareness of encryption on the wire in the form of SSL and IP-VPNs. People are increasingly aware of the security risks in transmitting data over the wire in clear text.

To address this, SSL-VPN has hastened acceptance of VPNs for end users and IT departments alike.

Intrusion Detection Prevention Systems: An IPS combines the best features of firewalls and intrusion detection system to provide a tool that changes the configurations of network access control points according to the rapidly changing threat profile of a network. This introduces the element of intelligence in network security by adapting to new attacks and intrusion attempts. Intrusion prevention has received a lot of interest in the user community. While has interest remained high, many have concerns over this technology:

-Will it be accurate or will it block legitimate traffic?
-Do I have to block everything or can I be selective?
-Do I need to start implementing prevention today or can I start with detection?
-Does it cost more to have intrusion prevention?

Most enterprises evolve in their use of intrusion prevention technology. Some will adopt blocking in weeks and rapidly expand their blocking as they see the benefits of accurate attack blocking. Others will start slowly and expand slowly. The key is to reliably detect and stop both known and unknown attacks real time.