Stop Network Intrusion With Unified Security System

New Delhi | Updated: Mar 30 2004, 05:30am hrs
Business enterprises are rapidly adopting e-business models that require expanded network connectivity to other corporation locations, business partners as well as to the Internet-based customers. They are expanding their network connectivity in multiple locations, integrating extranets and moving their Web servers into hosting centres. Consequently, network security continues to be the single biggest concern of businesses and content providers, when they consider their e-business or Internet expansion plans.

According to Sivarama Krishnan, principal consultant at PricewaterhouseCoopers Pvt Ltd, business enterprises are finding it increasingly complex and expensive to deploy a myriad range of point security products at these locations, keeping them updated and managing them in an effective manner to ensure real security. Traditional point products from multiple security vendors work as disparate firewalls, intrusion detection, Web screening, denial of service detection and mitigation, secure tunneling, etc. However, these solutions do not interoperate with each other effectively and network security enforcement is fragmented, leaving vulnerable gaps open for hackers and intruders, he said.

According to Frost & Sullivan, the Asia Pacifics IT network security market will grow 13.9 per cent annually over the next three years as economies, including India, surge and the threat of cyber attacks increase. The network security market is expected to be worth $994 million in 2006, up from $753.6 milllion this year, with economic expansion in China, India, Japan and South Korea expected to drive the growth. The banking and finance industry makes up the biggest share of the network security market across the region, followed closely by government agencies.

In this perspective, IT managers are reviewing the various security enforcement technologies and issues that concern the enterprise deployments. An emerging trend, according to iPolicy Networks director of marketing Gajraj Singh is that enterprises want to consolidate multiple low-end firewalls and integrate security policy management across multiple networks. Multi-layer firewalls provide comprehensive traffic inspection and application level access control. When integrated with authentication and authorisation solutions, it provides an excellent way of managing the network, resource and user level application-based security.

PortWise vice-president of strategic development Kaushik Thakkar said, traditional software-based or low-end firewall appliances cannot scale for effective security beyond a few megabits per second traffic speeds. These firewalls tend to significantly slow down the network traffic speed when speed rules are more than just basic. He added, this means larger enterprises have to deploy multiple firewalls and then load balance them, using additional networking gear.

Intrusion Detection Systems
While firewalls offer perimeter and access controls - internal, remote and even authenticated users can attempt malicious acts. Intrusion detection systems (IDS) complement firewalls and access control implementations by detecting network probing, system misuse or other malicious acts by internal, remote and even authenticated users.

However, most traditional IDS software-based deployments cannot handle network traffic at high speeds and tend to have unacceptable packet loss. Enterprises find it difficult to afford the high cost of several low-end IDS sensors across multiple locations, Mr Krishnan said.

Recent intrusion and denial of service (DoS) attacks have caused millions of dollars of losses to cyber businesses. An emerging trend therefore, Mr Krishnan said, is that e-business companies now want the ability to not only detect DoS and other attacks but also have real-time capability to prevent the hackers and deny service attacks from continuing and progressing further.

Anti Virus Control
According to a recent survey, nearly 87 per cent of all viruses are spread via Internet e-mail that can quickly infect the enterprise networks. These viruses have caused loss of productivity due to the data loss and downtime of the infected system, resulting in huge financial losses to business enterprises. To control this menace, enterprises and content providers have deployed virus scanning and removal software at each of the end user systems.

However, maintaining effective virus control requires constant update management at each of these systems. Therefore, most large enterprises have dedicated anti-virus maintenance staff in-house and the smaller ones end up taking significant time from the shared IS staff, resulting in very high operational costs.

According to Mr Thakker, with effective layered anti-virus deployment at the enterprise and data centre edge, they can keep their enterprise networks virus-free and also prevent network clogging due to worm virus, etc, thereby increasing network availability for genuine staff. Layered anti-virus deployment helps keep the network virus free and controls worm propagations, thereby effectively declogging the enterprise networks.

Need For Unified Security
Mr Singh says that the most important characteristic of network defence is in the ability to enforce security at different network layers, while operating at wire speeds performing all the necessary security applications at nodes and network level. It is also imperative to perform a complete stateful packet inspection to enforce comprehensive security rather than partial sampling solutions.

He adds that security services have started becoming more complex, it has become apparent that a new approach of security beyond traditional defence is essential. The best way to deliver complete security services is to use an integrated platform, designed for security exchange.