Securing the weakest link

Written by Jas Tremblay | Updated: Oct 30 2009, 04:13am hrs
In todays hyperaware world, managed network security services (that is, network security services provided to an enterprise by a capable third-party vendor) represent less than 1% of the overall security equipment and services market. The convergence of a broad spectrum of security technologies creates new opportunities for intelligent, real-time connected security capabilities. The ultimate goal of real-time connected security is to use all available data sources in real-time to detect and respond appropriately to security threats or abnormal situations. New innovations at the silicon, software, and system level are required to make this happen.

Enterprise security is a funny thing: On one hand, it is a necessary part of any healthy business and requires significant diligence. On the other, the more you learn about the threats that network security protects against, the more you likely dont want to know. In todays marketplace these concerns fall into four major categories: company security, personnel security, fraud & theft protection and disaster avoidance.

The protection of critical information infrastructure is one of the most compelling of all. The sheer volume of transmitted information can be overwhelming: 30 billion text messages and 40 billion e-mail messages are transmitted across the network every day. Eight exabytes of IP traffic is generated globally every month. Employees represent a major investment for all companies, and like all assets they must be protected for both business and compassionate reasons. Concerns that fall under the topic of personnel protection include building surveillance and security, physical security of parking lots, dining facilities, remote buildings and office space, personnel privacy and secrecy of communications, security of computer assets, and physical and network security for remote workers.

Its a well-known fact that 80% of all retail credit-card theft is perpetrated by employees inside of companies, not by outsiders. This kind of activity must be anticipated and programmes for dealing with it must be put into place to cover issues associated with financial liability on the part of the company.

Threats that result from either force majeure or so-called acts of god can have disastrous impacts on enterprise operations, particularly if the company has done nothing to plan for their eventuality. A huge amount of money is spent on equipment, security personnel, consulting services and passive alarm service. These are critical and necessary expenditures, but given the new threat models presented to businesses, we believe that the spending can be shifted to enable real-time connected security, which can reveal a new and more effective way to use existing, in-place technology.

Real-time connected security is designed to deliver fast, coordinated security solutions. It has four elements that contribute to its overall effectiveness. First, it is an integrated and managed solution that reduces the cost of deployment, even though the deployed service is highly complex. Second, it offers a more robust and comprehensive suite of security capabilities that address each of the four areas mentioned earlier. Third, it facilitates interworking among the disparate elements of a comprehensive solution, thus making threat detection faster and more accurate while at the same time increasing the pace of threat resolution. In the final analysis, this constitutes multi-source detection, the result of which is coordinated, focused impact.

The architectural structure of a real-time connected security deployment has four functional layers. The bottom-most layer is a converged and highly secure IP infrastructure that is critical to support the convergence of multiple security applications. Layer two of the model addresses the two types of assets that are to be protected. Data-in-flight is a data being transported in real-time across a local-area network, wide-area network or wireless network and is, therefore, susceptible to unauthorised interception and modification or theft. Data-in-flight also covers data that is being transported within the confines of a storage area network (SAN). The second data type is data at rest, which refers to data that is warehoused in an accessible archival storage facility or on a user device such as a handheld. Both data types have their frailties and must be encrypted and inspected for abnormalities before application processing.

So what does this model look like in actual practice Ultimately a real-time security solution displays three seminal characteristics. First, it is fast. It has the processing and analytical capability to operate in real-time, detecting threats as they occur, responding immediately, and rapidly correlating multiple threat postures.

Second, it operates in an integrated fashion. Not only it provides surveillance across enterprise operations and detection of abnormal events, it coordinates various response elements to provide a focused and effective response, often attacking the threat in a variety of ways to ensure its resolution.

Finally, as it is designed around a converged infrastructure, it helps to reduce the cost of security compliance.

Real-time connected security is not only a set of functions; it also presents the service provider with an opportunity to monetise the functions described as a hosted solution. The opportunity to converge all of these results in a far more intelligent approach to securing the edge. Branches and SMBs will look to farm out the process, and service providers should be at the front of the line when that happens.

This potential for differentiation translates into a collection of capabilities including the following: the ability to correlate disparate, seemingly unrelated threat profiles and determine a best-case approach to their resolution; the ability to offer IP-based alarm monitoring, maintenance and response; the coordination of communications among different constituencies including employees, customers, upstream partners, lateral supply chain relationships, state and federal authorities, and professional security organisations such as CERT; the provisioning of end-to-end storage security for both data-in-flight and data-at-rest scenarios; and finally, the consulting services around disaster avoidance, disaster recovery and scenario planning.

The innovations translates into an ultra-secure network and data storage environment within which traffic on all links (data-in-flight) and all archived data (data-at-rest) is encrypted, all data is inspected for threat profiles before being processed for transport or storage, and complex and capable analysis and decision-making engines are distributed across the network to ensure that the real-time processing of security threats is a reality.

The writer is director, enterprise & SMB marketing, LSI Corporation