Energy Efficiency

Jeremy D'Hoinne (Europe) - The Door of your Network is Closed, What About the Windows?

2am, Sunday morning. Bob receives a text message:

"New vulnerability discovered on the system. Level: critical".

He has to go. The CSO (Chief Security Officer) of MyCompany has committed his team to a 4-hour SLA for new critical vulnerabilities. A few hours later, the system has been upgraded and Bob is back home enjoying the satisfaction of a job well done.

Unfortunately, on Monday morning, "MyCompany" suffers from a massive network outage. The fact that the intruder chose not to exploit the period of vulnerability exposed the previous day, is of little consolation: the system Bob was employed to protect, has been hacked!

Network security can be a Pandora's box, you never know what's coming next. The fact that there are so many advanced technologies available to the "bad guys" can breed a certain fatalism or tacit acceptance that we can never win this race. However, the truth is-

Most of the attacks could be avoided with simple measures

This may sound like a simplistic advertisement for some miracle product, but it's not.

The basics

According to analysts from IDC, more than 40% of network compromises are caused by an error in the configuration of the security device. This means that almost half of the troubles could be avoided if that initial configuration were more intuitive. What is the most common mistake? You think that a protection is enabled when it's not. As strange as it may seem, most network firewalls don't actually enable traffic inspection by default. This is something the security administrator has to figure out by himself. You think you've bought a modern 2011 appliance choc full of state-of-the-art protection technology? You'd better check twice it's not configured like its 90's ancestor, the basic packet filtering firewall.

Has the IT infrastructure become homeless?

If you are familiar with the network security world, you'll sometimes hear that the perimeter is dead. This is intended to mean that with so many mobile users, corporate security is outdated. While it is difficult to argue against the increased number of nomadic users, it is too reductive to suppose that every employee is either a traveling sales rep or a remote worker. Mobility adds new zones to protect (new perimeters) but doesn't replace it.

"Nice, but how can this be a mistake" you might say. Well a consequence of the "end-of-perimeter" buzz is the emergence of lax security policies - only user-based and with no physical restrictions. Therefore, access to the enterprise's most sensitive information relies on the strength the weakest user password. We still have a home but we need to take better care of it.

Some solutions might sound counter-intuitive

Last time, we were wondering if Europeans should welcome personal devices into the business infrastructure. The answer was not the obvious one. To maximize security, you might want to evaluate counter intuitive solutions. For example, Gartner has published a note recently, recommending the avoidance of dual lines of defense using firewalls from different vendors. Briefly, the added risk of mistake outweighs the expected benefit of multi-vendor security. Plus the cost-savings could even pay for additional security measures.

In an ever changing Internet world, security is more than ever a question of analyzing your infrastructure from every possible angle. In other words: check the door, of course, but don't forget there could be dozen open windows too.

By Jeremy D'Hoinne, director of product, NETASQ




« Jim Irving (Europe) - A Mobile Solution to Lone Working


Roel Castelein (Global) - Emerging Markets Leap-Frogging into the Cloud »