SECURITY

Smarter Security Needed to Fend Off Smarter Attacks

Frank J. Ohlhorst | Date: 07-08-11 | Comments

Staying ahead of the threat curve is the key to preventing breaches.

It is no secret that attacks on corporate IT are becoming more sophisticated and threats are growing exponentially. Take, for example, the recent attacks on Sony�s PlayStation network, as well as attacks that have shut down USDOE Labs, which show the level of sophistication and the effort individuals put into breaching security.

In the past, most attacks and malicious service interruptions were little more than pranks or limited in impact. Today, the threat landscape has changed. Now, nefarious individuals are seeking financial gains with their attacks, recognizing the value of data and personal information.

That has led to attacks that are more focused and targeted - and harder to discover. After all, today�s cyber-thieves are not seeking fame, they're seeking fortune. And the best way to have fortune without fame is to cover your tracks.

Fighting those enhanced and targeted threats is becoming a bigger challenge for most IT departments. Simply put, the security technologies of the past are becoming less effective for protecting corporate resources. Ironically, those same technologies offer the best ideology for protecting against future attacks.

Take, for example, the firewall, a piece of technology that was relied upon to protect a network from unauthorized access. The ideology behind the firewall was relatively simple: block ports that should not be open and inspect packets for anomalies. Somewhere along the path to improved security, the firewall lost its way. Numerous other devices came on the market to supplement the firewall, including appliances such as intrusion detection/prevention units, anti-spam, anti-malware and so on. All these products add layers of protection to the network.

However, this approach has introduced latency into the network and also requires a great deal of administrative overhead to maintain signatures, policies and rules. Worse yet, it doesn�t always work to protect a network from a targeted attack.

Perhaps the answer falls with the axiom of "something old is now something new." Today�s firewalls are evolving into what some refer to as next-generation firewalls � firewalls that go beyond the simple blocking of ports, handling secure tunnels and packet inspection. Next-generation firewalls are at their core application-aware. In other words, they have the ability to detect application-specific attacks and enforce application-specific granular security policy for both inbound and outbound traffic.

With next-generation firewalls, the security posture of the network edge changes. Activity within applications is monitored and security policy is directly applied to that activity. This allows a more granular control of how an application is being used and what data is traversing the network based upon the applications request. When application-awareness is paired with encryption and user validation, most attacks can be identified and blocked at the edge of the network before any data is compromised.

What�s more, a next-generation firewall gives additional insight into what, exactly,is happening on a network and becomes a powerful forensics tool as well as a device that can help classify network usage, traffic loads and identify (and more importantly, block) rogue applications.

The promise of next-generation firewalls lies with the ability to neutralize intrusions and attacks before data can be accessed. The technology lends itself well to forensics, network monitoring and overall situational awareness for administrators. After all, how many times has a CIO or CTO asked a network manager what applications actually are running on the network and receive an answer that borders on a guess?