Achieving Network Security

Tuesday, February 07, 2012

Kevin Somppi


With changing technology, new server and software deployments, and the ever evolving attack methods used to break into systems and steal data the greatest challenges faced by security and IT administrators is trying to keep their systems secure.

Whether you have one server or 100, measuring the security status of your infrastructure and your organization’s ability to rapidly mitigate emerging threats needs to be continuously monitored and measured.

If you do not measure it, you cannot secure it. Without an accurate map of your network, there is no way to identify real world security threats and understand the true security posture of your network. So, how do you do it?

Document an accurate baseline map of your network. Each network asset needs to be identified: servers, desktops, notebooks, routers, wireless access points, networked printers, and other connected devices. This baseline provides the foundation for managing and measuring your vulnerability management program.

Your network baseline will continuously change as new servers, applications, and devices are deployed. That’s why it’s vital to have the ability to update the status of your network map as often as needed.

Using your Baseline map, classify the business value of your desktops, servers, and applications. It’s essential that networked devices be grouped and classified from what are low-risk systems, such as segmented test systems, to medium-priority systems like the notebooks used by your sales team, to the most critical systems that govern regulated information or are vital to business operations and cash flow.

Todays networks are complex, with most organizations supporting various server, operating system and Web platforms. This requires an accurate, comprehensive, and up-to-date way to identify the latest system vulnerabilities and configuration errors based on timely information and continuous monitoring of your system and network.

Reading listings of unrefined vulnerabilities is of little value when measuring security levels. What administrators need are comprehensive reports that detail vulnerability criticality and provide instant access to verified remediation solutions. These can be software vendor patches, workarounds, or other defensive strategies.

In addition to generating reports geared toward system administrators and security managers, security information needs to be collected, customized, and presented to management who must have accurate and timely information regarding the security status of the network.

An organizations ability to measure and trend security risks over time provides insight into just how agile the organization is in addressing identified vulnerabilities thus the overall network health. This trending must be  continuously up-to-dated and able to be customized when specific changes occur to the business and security environment.

Remediation Processes are a valuable IT security metric. Remediation closes the loop when security gaps are discovered during the vulnerability assessment and management process.

By understanding how quickly your organization can fix discovered vulnerabilities and configuration errors, you gain insight into the overall security agility of your organization and its ability to put both proactive and reactive measures in place. Reducing the time between the discovery of new vulnerabilities and subsequent remediation is critical.

Maintaining regulatory compliance requires comprehensive reporting to demonstrate that the network systems are secure. Robust processes and procedures must be in place to quickly address security gaps that may arise. For publicly traded companies, this can include detailed reports for financial systems as required by Sarbanes- Oxley.

In conclusion, when accurate baselines are documented, security teams can turn raw security statistics into quantifiable process improvements.

Have the number of critical system vulnerabilities decreased over time? Have the number of IT related regulatory audit findings been reduced? Have new processes reduced the number of days between vulnerability identification and remediation?

The major challenge to an organization is how do you efficiently incorporate the gathering of these statistics into the daily work-flow of security personnel.

Possibly Related Articles:
Information Security
Methodologies Vulnerabilities Network Security Configuration Analytics metrics Information Security network monitoring Remediation IT Security kevin Somppi baseline map Procedures
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.