The cyber world is continuously evolving. Organisations and consumers alike are witnessing complex threats, which possess the ability to disrupt business operations, resulting in information leakage and also cause serious financial losses.
For instance, a recent newspaper report stated that a 19-year-old boy from a small town in India successfully hacked the website of a leading Indian PSU. His rationale was to expose the loopholes in security systems; even amateur hackers such as him could access or steal confidential data from the corporate network.
This is not an isolated case and many ‘ethical’ hackers worldwide have revealed the various vulnerabilities that exist within corporate networks. As a result, organisations need to proactively develop strategies to maintain business continuity, provide infrastructure wide threat visibility and protection, and simplify day-to-day network management. The entire security infrastructure — network, systems, and management — must work in unison to proactively defend against a wide array of threats, and reduce the mean time to respond and mitigate them in case of an event.
Organisations are now in a threat era which has advanced dramatically. Hackers are adapting faster and posing serious threats even before software and operating system vendors can develop patches and workarounds. Threats have also assumed a global nature. There were newspaper reports that stated that Sony PlayStation Network underwent a security breach, which compromised the personal data of a staggering 77 million accounts. Company executives eventually apologised and admitted that they had not taken the requisite safety measures to prevent such an intrusion. Other incidents include the LinkedIn password breach and Skype which was compromised by a malicious spam. This indicated that in addition to broad-scale worm and virus outbreaks, IT organisations need to protect against network threats that are specifically designed to avoid detection and can bypass traditional defences.
Employees knowingly or unknowingly put organisations at risk by regularly flouting IT policies. Cisco’s Connected World Technology Report revealed startling attitudes toward IT policies and growing security threats posed by the next generation of employees entering the workforce; a demographic that grew up with the Internet and has an increasingly on-demand lifestyle that mixes personal and business activity at the workplace
The need for next-generation security is but obvious. However, the ‘next-generation firewall’ is the most commonly misinterpreted term for next-generation network security. Such firewalls are still relatively restricted, providing only application and user ID awareness and are unable to offer insights about the activity that takes place within an organisation’s network. For instance, IT can easily decipher which employees actively surf social networking sites such as Twitter, Youtube and Pinterest.
However, knowing that the majority of their network traffic is the result of playing games on Facebook and setting up a mechanism to curb that, is a different challenge altogether. Next-generation firewalls are also unable to offer the level of granularity required in such cases as the entire application is either completely allowed or disallowed. This also means saying no to new devices and applications. So, it is vital to adopt a framework that allows IT to deploy a security mechanism which provides for an end-to-end network intelligence and includes information about the local network, near-real-time global threat information and helps create effective security policies.
Most organisations have tools in place that can be used as a starting point to develop a robust threat prevention architecture. Technology can be introduced in phases as and when the security strategy for the company gets revised.
The four mantras for creating a robust infrastructure are: maximise the efficacy of existing security infrastructure, fortify the remote sites of the organisation, enhance threat visibility and self-hacking.
From viruses to phishing to hijacking to intrusions, the evolution and complexity of threats must be addressed in a way that helps IT departments make quick decisions based on the intelligence available across the entire IT infrastructure. It is important to have a network that provides accurate, detailed threat analysis, prevents, detects, and mitigate threats to help ease the burden of information overload. This helps the IT department respond and remediate in a much shorter time span. Governance is also critical to the success of a wholesome security practice. Without formal governance, companies cannot define a clear path for moving the organisation successfully and strategically, from a managed world to an unmanaged or “borderless” world where the security perimeter is no longer defined and IT does not manage every technology asset in use in the organisation.
( The author is vice-president, Sales (Security), Cisco India and SAARC countries )