Combating ComplexityBy Tony Kontzer | Posted 2011-06-14 Email Print
Recent breaches lead IT security professionals to more innovative approaches to cyber-security.
To combat that complexity, Boyd opted for a novel approach by removing the school’s intrusion-prevention system and traffic-shaping gear, consolidating those functions in its SonicWall firewall. The move reduced the amount of time the school’s four-person networking team spends on pinpointing the location of security issues.
For example, one of the most common issues Boyd sees involves students who download malware disguised as updates to Flash or QuickTime and then bring the malicious files to campus. Whereas network traffic previously passed through too many hops for the school to maintain the kind of visibility and control it needed to block every instance, Boyd now can configure the firewall to detect any suspicious Flash or QuickTime issues and block the malware from entering the network.
Since making the change in its security architecture, the school hasn’t had a single firewall-related failure or outage, according to Boyd. He now plans to test SonicWall’s ability to monitor encrypted traffic.
Once it has that capability, Berry College’s security setup will represent a significant innovation, says Alex Holden, a senior intelligence investigator with IT security consultancy Cyopsis and a former chief information security officer at a major brokerage firm. Consolidating monitoring functions at the firewall not only eliminates the overhead required to maintain multiple security systems, but also ratchets up security effectiveness, he says.
“When you put all your eggs in one basket—assuming there is proper redundancy—there is less chance of failure,” Holden says. “It’s also easier to see the state of the network and declare it to be incident free.”
While innovative products and configurations are important components of today’s IT security strategies, it’s equally important that companies of all sizes participate in joint efforts to combat the evolving array of cyber-attacks, says Ron Plesco, CEO of the National Cyber-Forensics & Training Alliance, a nonprofit that serves as a conduit between private industry and law enforcement.
Plesco says the growing practice of voluntarily—and anonymously—exchanging information on breaches, particularly with others in the same industry, increases the odds that a company will become aware of a threat before it arrives.
“You’ve got to stay up on the offense against you if you want to keep your defense sound,” Plesco says. “Unless you are aware of the current threats, you’re not going to be able to harden against them.”
Plesco doesn’t have to sell Berry College’s Boyd or Dallas Telco’s Doan on this concept. Boyd says he’s actively researching a couple of regional groups in Atlanta and would even consider forming a local group if it were not for time constraints.
Meanwhile, Dallas Telco is already part of the Secret Service’s North Texas Electronic Crime Task Force, and Doan says he always gets helpful tips and suggestions at the group’s quarterly meetings. The fact that the task force was already aware of every scam or hack attempt he’s reported has only strengthened Doan’s belief in the collaborative model.
“You can’t protect against everything,” says Doan, “so you need all the sharing of information you can get.”
Ultimately, such sharing may prove to be this era’s most important IT security innovation.
Christopher Porter, principal of Verizon’s risk and intelligence team, offers organizations these security tips:
• Change default access control settings: Two-thirds of all hacking attacks in 2010 were exploitations of default applications credentials.
• Deploy strong firewalls wherever you don’t allow remote access.
• Be consistent about monitoring logs and validating that nothing suspicious is going on.
• Have processes and policies in place so the organization is prepared to respond decisively to a breach.