ZIFFPAGE TITLECleaning the StreamBy Baselinemag | Posted 2005-05-23 Email Print
Sometimes, security projects get the go-ahead a little too late.
Weather Channel Interactive took a deliberate approach when it adopted the technology last year. The media company uses intrusion prevention appliances from 3Com's TippingPoint division to protect Weather.com and its other Internet sites. At first, the boxes simply sat there and watched data fly by. Slowly, administrators began blocking certain kinds of activity (such as invalid Web browser requests that might indicate a hacking attempt).
"We wanted to dip our toe in the water," says Carlton Houston, senior systems administrator for Weather.com.
There was no specific incident that prompted the project, Houston says. Rather, Weather Channel Interactive sought to stop bad data from hitting its Web servers, a step that has incrementally reduced its usage of processing and bandwidth. "It was really more about sanitizing the traffic," he notes.
But intrusion prevention is also about reducing the risk that a single event will bring down your systems or those of your partners, says Chris Rein, chief of operations and infrastructure for the state of New Jersey's Office of Information Technology. His group provides central information-technology services to the state government's 16 branches. "We touch a lot of other governments and banks, so we need to be sure we're protected," he says.
Still, he concedes, justifying the cost of new security projects to state budget committees is often an uphill battle: "Everybody can understand a power plant is a critical asset that needs to be secured. It's quite difficult sometimes to demonstrate that the data we've got needs to be protected, too."
WesCorp's Hoff has developed a way to express security expenses in terms of "reduction of risk on investment," a metric that compares the cost of an information security system to the value of what it's protecting. For example, Hoff might calculate what it costs to detect vulnerabilities in a system that generates $3 million as a percentage of the total revenue opportunity. "A lot of this is just rational, risk-management stuff," he says.
Information security professionals stress that intrusion detection and prevention systems, while important, are just tiles in a broader mosaic of protection.
The Federal Communications Commission is planning to deploy an intrusion prevention system in 2005 within an overarching project to centralize the FCC's information security functions into a six-person group, according to Marc Noble, the agency's acting computer security officer. "You have to secure the enterprise inside and out, and that starts with policy and training," he says.
The FCC now uses ISS' RealSecure intrusion detection software, as well as Tripwire's package for detecting system-configuration changes and nCircle software to check for security vulnerabilities in servers and network devices.
"It's not one tool," Noble says. "It's many tools."