|
|
|
|
|
February 2003 Edition
|
|
|
Free
30-minute Technical Consultation
Investigate, Learn, Protect.
If you're looking to deploy an IDS or IPS, then e-mail consult@TopLayer.com for a free 30-minute technical phone consultation. We'll answer your questions and help you evaluate your security requirements.
|
|
Security Insight brought to you by
|  |
|
|
Security Expert FAQ
Critical Answers to Your Security Questions
Mike Paquette
V.P. product management
Q: What are the biggest challenges with regards to network security today?
Paquette Answers: “There are many challenges facing network security managers, but there are two clear challenges that are impacting all organizations,regardless of size: Dedicated resources and the increasing sophistication of attacks and intrusions. As companies look to streamline operations and reduce expenses, many companies are cutting back on their IT budgets. This presents a major challenge for companies, as yesterday’s security technology is rapidly becoming obsolete for protecting against the latest cyber attacks. Organizations are realizing that traditional firewalls and intrusion detection devices are unable to adequately protect critical resources.”
Q: Why don’t firewalls protect the network?
Paquette Answers: “It is important to understand what firewalls do well, and what they are not designed to handle. Firewalls are quite effective at providing policy-based access control via IP addresses and TCP/UDP ports, essentially creating a boundary between critical resources and the outside world. They’re also useful for Network Address Translation (NAT). However, typical firewall deploy-ments leave ports open to intruders and unwanted traffic, and don’t effectively block HTTP worms, DoS attacks, and protocol anomalies. When firewalls are loaded down with extra plug-ins to try to address these issues, the firewall itself can become a performance bottleneck and cause reduced availability.”
Q: Don’t typical nIDS (Network Intrusion Detection Systems) provide the required protection?
Paquette Answers: “Network intrusion detection systems are valuable in helping to identify attacks, intrusions, and unwanted traffic, but do not provide the actual protection needed to keep critical resources secure. Because of the manual intervention necessary, typical nIDS deployments result in an unacceptably long MTTC (Mean Time to Correct) or MTTM (Mean Time to Mitigate) when intrusions and attacks do occur. Well-intentioned security staffs are frustrated trying to extract accurate event information from large IDS log files typically cluttered with many false positives. Properly identifying attacks becomes extremely difficult and often result in real attacks being completely missed amongst all of the false positives!”
Q: What should an organization look for in a network security solution?
Paquette Answers: “Organizations should look for a solution that both detects and prevents intrusions, rather than one that simply detects intrusions and notifies a human to take action. One way to think about intrusions and attacks is to compare them to illness. In medicine, we pay doctors to diagnose our illness or condition and then prescribe a course of treatment. Ideally, it would be less expensive and more pleasant to prevent illness in the first place. To manage the health of networks and attached resources, organizations pay security staff to diagnose problems (using IDS) and prescribe and implement a plan for correction and/or mitigation. Clearly a lot of time, money, and energy could be saved if a pro-active approach was taken that did not allow the network or resource to get “sick” in the first place.” “Companies are now recognizing that it costs much less to prevent attacks than to repair the associated damages related to successful attacks to a network. This is the idea behind Intrusion Prevention and the underlying mission of what is being done at Top Layer.” Intrusion Prevention Systems overcome critical weaknesses of network intrusion detection technology (nIDS). For years, the philosophy behind network Intrusion Detection could be summarized as "Detect as many attacks and intrusions as possible, and report them, so that others may take action." In contrast, network IPS have been designed with a new philosophy: "Take decisive action on those attacks or intrusions which can be accurately detected." Learn more with White Paper entitled, “Beyond IDS: Essentials of Network Intrusion Prevention”
Mike Paquette, vice president of product management for Top Layer Networks, is a frequently quoted industry spokesperson addressing protection of organization's valuable network assets.
We'd like to answer your network security questions. Please submit your question to questions@TopLayer.com . We will have one of our security experts respond.
[PRINTER FRIENDLY VERSION]
|
|
| |
|
|
|
Copyright ©2003 Top Layer Networks. All rights reserved.
Corporate Office: 2400 Computer Drive, Westboro, MA 01581, 508-870-1300 phone, www.TopLayer.com
You received this newsletter because you have expressed interest in Top Layer products, requested our white papers, or are a Top Layer customer. If you wish to be removed from this newsletter distribution, please click on the Remove button.
|
|
|
| |