Effective security needs more than just appliances

25 Jun 2004

Security threats are now so widespread that they can no longer simply be handled on an issue-by-issue basis, according to network equipment maker Enterasys. In addition, this year alone has seen a 50pc rise in virus and related activity and attacks are increasingly coming from within an organisation’s network.

As more businesses allow remote working and mobile computing, the traditional approach of keeping staff activity within the boundaries of the local area network and protected by a firewall isn’t sufficiently secure any more, said Gerry Carroll, channel and marketing director, Northern Europe at Enterasys Networks.

“The majority of breaches happen because of the ‘de-perimiterisation’ of infrastructure,” he said. Employees working remotely, connected to the internet, run the risk of having their PCs or laptops infected unknowingly. When they return to the office, the network will recognise them as an authorised user. This can lead to viruses or worms bypassing the perimeter defence system such as a firewall, whereas they would normally be stopped by these security mechanisms.

Carroll argued that a way to prevent this from happening is to implement security at an infrastructural level rather than simply installing appliance devices that are designed to handle specific threats. “When a user connects to a port, software patch levels are checked and if they have the right levels they are authenticated onto the network. If not, they are allowed into a quarantined area until their systems are brought up to date. That’s the way we need to go.”

To provide this level of patch management, Enterasys has been working with several software providers including the firewall vendor ZoneLabs and Microsoft, which now issues patches on a monthly basis to fix various security vulnerabilities in its applications and operating systems. Carroll emphasised that customer networks typically comprise devices and systems from many different manufacturers and he acknowledged that, to work effectively, Enterasys security systems needed to work in a multi-vendor environment.

Carroll, in Dublin to speak at a network security seminar hosted by Complete Network Technology and Enterasys, noted that security policies were becoming increasingly linked to business requirements. “It’s about making the infrastructure a core component of the business – if the network fails [due to a security breach], there is an impact on the business.”

Adding management interfaces to security systems also allows companies to analyse more closely where attacks are originating and how successfully they are being stopped.

Carroll said that the market for this application was widespread. “It’s not a niche opportunity,” he claimed. “Public and private sector organisations are both becoming more ingrained in security. For example, you could have a public sector group providing online services and they’re asking ‘how do we secure it’?”

Organisations with remote workers, or opening new sites, need to allow that ‘agility’ within their networks, said Carroll, but not at the expense of security. “You have to open up the system, in which case you need to have intelligent infrastructure that is aware of the threats.”

However, Carroll emphasised that businesses do not have to throw out their existing systems such as intrusion detection appliances or firewall devices to attain this. “They can start tying everything together. It’s not about saying ‘everything you did in the past was bad.’ Those boxes addressed different types of threats; now there is a wide range of threats and responses. It’s an evolution.”

By Gordon Smith