In the book of thankless jobs, information-security professionals would be listed alongside such occupations as “manager of making sure no salmonella contaminates the beef” and “executive in charge of avoiding hours-long flight delays.” In other words, people only realize the singular importance of your task when you’ve failed.
Worse, because security threats mutate so rapidly, a security manager must be utterly paranoid about this thankless job. The good news? New tools are making life easier for security teams. Three security technologies have hit their stride in 2006:
Security information management software, which gathers reams of information to paint a picture of an enterprise’s overall security health and exposure.
End-point security software, which can enforce corporate policies on desktop computers about what behavior is and isn’t allowed, and ensure that all machines on the network are configured to meet security requirements.
Intrusion prevention systems, devices that proactively block unwanted network traffic without requiring any manual intervention.
To be sure, each of these technologies and the concepts underlying them aren’t brand-new. But the products have passed out of the early-and-interesting phase. As they’ve grown more mature, enterprises have embraced the tools in greater numbers.
Take end-point security. Andre Gold, director of information security for Continental Airlines, doesn’t need to be sold on the importance of securing desktops. He still remembers the day SQL Slammer, a network-based worm that targeted Microsoft servers, spread across the Internet in 2003.
“I was watching CNN and they said, ‘The worm has disrupted Continental’s schedule.'” On that day, then, Gold was on the hot seat for two thankless jobs.
Gold and his team scrambled to fix the issue then, but there’s been a never-ending need to strengthen end-point defense. Last fall, Continental beefed up the security software running on 20,000 desktop systems. The software they used, McAfee’s Policy Enforcer, scans all computers before allowing them on to the network, looking to make sure no known spyware is infecting them and that they have the most recent virus definition file updates. “I want to do hygiene checks on all the computers connecting to our network,” Gold says.
This is the more tactical concern for security professionals: putting out fires, or making sure the fires don’t flare up to begin with. Security information management tools can help here, too, by red-flagging the biggest potential problems in the computing infrastructure so operational teams can zero in on the critical risks. But at a higher level, the analysis provided by security information management software can also justify the resources a company has allocated for data security.
Bruce Forman, director of information security at Genesis HealthCare, uses ArcSight’s security information management software to make sure his team is monitoring events as they happen. The Kennett Square, Pa.-based company, which operates 200
nursing centers and assisted-living communities, has an information-security staff of three in an information-technology department of 150.
The software collects between 1.5 million and 2.5 million events per day, which include everything from log-in attempts on Windows servers to the amount of data blocked by a firewall (indicating, perhaps, a hacking attempt).
But Forman also uses the data and analysis provided by ArcSight to justify expenditures on security projects. “Security is a very difficult thing to show an ROI [return on investment] on,” he says. “If nothing bad is happening, what’s the value?”
The reports he generates for Genesis HealthCare’s senior management show that, for example, antivirus software has saved the company money because those machines may otherwise have been down or data deleted from them. “You’re justifying the security function you provide as well as the security tools you’re using,” Forman says.
In the sections that follow, you’ll find more about how information-security professionals stay off the hot seat by using these three technologies in their own companies, along with tables summarizing key product vendors.
3 Key Security Tools:
Security managers need cutting-edge technologies to get a 30,000-foot view of their operationsand to wage the ongoing battle against network attacks. They include:
Next page: 1. Security Information Management