Security
May 7, 2012

Network defence: Layering the security solution

The world of IT security is rapidly evolving. As quickly as new technologies emerge, the digital underground develops a new scheme. The pressure to trim costs must be balanced against the cost and harm of a data breach.   

With high-profile information thefts from educational institutions and government agencies making the news, managers are realizing that it is not enough to simply padlock the front door to their networks; they also need to put a watchdog on their database to detect and prevent breaches – both internally and externally.  

When it comes to network security, 2009 is all about efficiency – finding technologies that are easy to manage, user-friendly and make it possible to do more with less. Functionalities that have been traditionally reserved only for large enterprises are becoming available to mid-sized organizations.

The start of a new year is a good time to conduct a security check-up, review the measures already in place, learn about newly available technologies and emerging security threats, and ensure proper regulatory compliance for the future. These operational security standards vary greatly among governments, and may require security appliances to hold federal or industry level certifications.

Canadian threatscape
Government agencies are susceptible to the same threats as other users. Network threats come from external sources, but can also be introduced internally by laptops, USB keys and smartphones. Education and awareness about potential security threats and trends is paramount to resisting attack. One of the most prevalent threats is information theft or database siphoning. Successful attacks are often widely publicized no matter how insignificant the breach.  

A security flaw in Passport Canada’s website brought the reality of database attacks to light in 2007. The breach allowed users to easily view other applications – including SINs, dates of birth and driver’s licenses – by simply altering one character in the Internet address displayed in the web browser. This could have been prevented through proper coding practices. Although little harm was done, there was great publicity.

There are a multitude of more complex and nefarious vectors lurking in today’s threatscape.

As Web 2.0 use increases, vulnerabilities multiply, requiring better web application security solutions and data leakage prevention mechanisms – to prevent inadvertent release of proprietary information, resist attacks, and prevent employees from bringing back tainted data into the corporate network. Moreover, as more groups such as the University of Ottawa’s Canadian Internet Policy and Public Interest Clinic advocate mandatory reporting of data breaches to a public registry, organizations will increasingly need to deploy security applications that shore up their potential security risks and allow for easy reporting.

Evolution of technology

Securing a network isn’t as simple as choosing the latest piece of equipment; rather, it demands a customized approach that holistically considers the type of data your organization deals with alongside user habits and compliance requirements.  

There are many layers in the selection process that need to be considered before investing capital to acquire a new solution or upgrade an existing system. One of the most popular movements has been the rise of an integrated approach to network security. In the past, organizations have relied on a number of different point-solution appliances and vendors for each individual security need, leading to management headaches and compatibility issues. Consolidated security appliances, however, integrate multiple security features – like network firewall capabilities, network intrusion detection and prevention and gateway anti-virus functionality – into a single hardware platform. More advanced systems incorporate security-specific ASICs within the network security platform for performance advancement and also offer real-time security subscription services along with a suite of management, reporting and analysis products.  

This layered approach, chosen for its adaptability, increasingly forms the backbone of many enterprise, MSSP and carrier security solutions. Integrated network security appliances have also become well-known for being a simple, cost-effective way to enhance existing data networking capabilities, especially because they are scalable – meaning it’s fairly simple to turn functionalities on and off or add additional hardware to meet the growing needs of your organization. The consolidated security market is undergoing rapid expansion, as evidenced by the latest IDC Quarterly Worldwide Security Appliance Tracker, which states that this style of layered security appliance now holds 58 percent of the market share – outgrowing traditional firewall/VPN appliance sectors – and was worth an estimated US$2 billion in 2008.

Beyond choosing the right framework for network security, it is imperative to consider the features that accompany the security appliance.

  • IT has revolutionized business communications, providing an unmatched blend of reach, scalability, timeliness, efficiency and overall effectiveness. To protect these vital tools, security should not stop at the perimeter. Organizations need to consider a comprehensive security portfolio that addresses database, email, client and mobile devices in addition to traditional network security solutions to protect against a diverse, overlapping and ever-expanding array of threats.
  • Look for a security appliance capable of reassembling packets and scanning data in real-time, without compromising network speed and detection quality. With the rising adoption of 10GbE throughput, organizations will need to ensure that their security protocols work at the speed of the network without sacrificing accuracy. Constantly monitoring the computer system for malicious content as the data comes in and out of the network can stop a piece of malicious code before it compromises the network, and technological advances mean today’s appliances feature higher-throughput speeds that make scanning a truly “behind-the-scenes” function from the users’ perspective.
  • Real-time data scanning is only as effective as the rate at which the security system checks and updates users against new viruses and threats. It is important to deploy a security system that features real-time, automatic updates to ensure your security system is always equipped with the most up-to-date protection from new and emerging threats. Some appliances feature subscription services that will automatically push updates to the network, easing management and deployment of vital system upgrades.
  • Security is not a “one-size-fits-all” tool, and data security needs vary greatly even within an individual organization. Modern advances and innovation have made network segmentation – the act of splitting a larger computer network into its own subnetwork – available to a much larger audience. In the past, this technology was reserved only for large enterprises, but new appliances are now more affordable and readily available to mid-sized users. This technology is attractive because it minimizes traffic on a local network and improves both performance and security. It has also proved useful in containing network problems, as it limits the effect of a local failure on other parts of the network.
  • Organizations are looking to adopt green technologies. While some look to these technologies purely from an environmental standpoint, others are increasingly focused on their cost cutting benefits. Integrated network security solutions and virtualized security technologies, which create a flexible security layer inside a virtualized data centre rather than utilizing an additional piece of hardware, can both help o

About this author

0 comments

There are no comments for this post yet.

Be the first to comment. Click here.

Security
 
Governments around the world are increasingly relying on cloud-based IT services...
 
For a few years now, there’s been a throwaway metaphor bounced...
 
According to a 2018 study led by Dr. Michael McGuire, Senior...
 
Cloud technology is a game changer! Successful implementation in both the...
 
For over two days at the end of January this year,...
 
Earlier this month I had the privilege of testifying as an...
 
Canadian Government Executive Media, (CGE) publisher of Canadian Government Executive magazine...
 
In the last few years, we’ve seen various federal governments warning...
 
Canadian Government Executive is excited to announce the agenda for TechGov...
 
In the wake of the WannaCry outbreak, corporate executives, IT professionals,...
 
Facebook Pages can be an essential tool for businesses and charities,...
 
Cybersecurity professionals have sounded the alarm for years, and they are...
 
CBC deserves full credit for exposing the presence of IMSI catchers...
 
Security professionals have an obligation to communicate risks and recommendations to...
 
Over the decades, technology has been grafted into governments around the...
 
In this episode, J. Richard Jones talks about being candid about...
 
Criminals have reportedly threatened to take over 250 million Apple accounts...
 
In this episode, hear more about how Canada is a prime...
 
While the incoming administration of President-elect Donald Trump is being buffeted...
 
In the world that we are living in today, free and...
 
The RCMP adopted a new media strategy earlier this month by...
 
What would tomorrow’s cybersecurity look like? That’s an intriguing question to...
 
Terrorism operates with deadly regularity. In June 2016, a gunman who...
 
Just as the federal government has begun consultations on cyber security,...
 
Efforts by the government to counter the radicalization of young Canadians...
 
Canadian healthcare organizations and businesses in the financial industry are the...
 
Global market trends are accelerating to increase the pressure on commercial...
 
A recent report suggests several strategies how governments and the private...
 
The latest information from IBM Cloud covers: Consolidating Complex Environments Consolidating...
 
IBM Cloud is the first cloud provider to use Intel TXT...
 
Signaling a realignment of Canada’s involvement with NATO, Prime Minister Justin...
 
United States President Barack Obama, speaking before Parliament last night, urged...
 
Yes, according to the former head of the Canadian Security Intelligence...
 
Early this morning, Philippine police confirmed that the severed head found...
 
The challenge is clear: a fast-paced industry pressures organizations to simultaneously...
 
As populations grow and age, the demand for services increases. As...
 
The agency responsible for safeguarding the Pentagon and several other buildings...
 
By Michael Murphy Not all assets can and should be equally...
 
Government agencies, international businesses, as well as, European organizations that comply...
 
The Royal Canadian Mounted Police (RCMP) is poised to launch an...
 
One of Canada’s largest integrated oil companies said it is not...
 
Associates of Russian President Vladimir Putin, the king of Saudi Arabia,...
 
Now more than ever, organizations in both the public and private...
 
The Federal Bureau of Investigation announced that it has managed to...
 
IT organizations, especially those in healthcare facilities and government institutions that...
 
Last year, the Canada Revenue Agency rolled out a pilot program...
 
Strong cryptography is clearly required to protect sensitive government, business, and...
 
As the battle between the FBI and Apple continues to escalate,...
 
“I don’t think that backdoors into encryption is going to increase...
 
Hackers are zeroing in on users of SSL/TLS encryption and no...
 
Meet Bob Heart.  He is an outstanding employee who works hard...
 
The CEO of Google Sundar Pichai has come out in support...
 
A new study released yesterday, Securing the C-Suite, Cybersecurity Perspectives from...
 
Application, operating system, and device logs contain essential security information, but...
 
Yesterday, Ontario Supreme Court Justice John Sproat ruled that the Peel...
 
I wrote about accountability more than a year ago. Recently, a...
 
Intelligence agencies have had widespread and long-running programs to gather, analyze...
 
What concerns me is whether or not we’ve got the balance...
 
One of the consequences of the Information Age in which we...
 
In March of 2011, the east coast of Japan was rocked...
 
BYOD is hot! But is it for you? If yes, which...
 
Protecting critical infrastructure from cyber threats is the shared responsibility of...
 
In numerous interviews with senior military commanders over the past several...
 
In early February, James R. Clapper, the U.S. director of national...
 
The widespread adoption of mobile devices as enterprise-level tools is occurring...
 
CGE Vol.13 No.2 February 2007 Public security, once a task relegated...
 
CGE Vol. 14 No.4 April 2008 In recent years, policy makers...
 
The changing face of public and personal privacy in the face...
 
The announcement regarding the establishment of Shared Services Canada (SSC) was...
 
What role should governments and public servants play in safeguarding personal...
 
L’univers de la sécurité des TI évolue rapidement. À mesure que...
 
The world of IT security is rapidly evolving. As quickly as...
 
There was probably a day in spring of AD 72 that...
 
Cyber attacks don’t have to look highly sophisticated. Hackers are purposely...
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
Governments around the world are increasingly relying on cloud-based IT services...