Network defence: Layering the security solution – Canadian Government Executive

NEWS

SEARCH

Security
May 7, 2012

Network defence: Layering the security solution

The world of IT security is rapidly evolving. As quickly as new technologies emerge, the digital underground develops a new scheme. The pressure to trim costs must be balanced against the cost and harm of a data breach.   

With high-profile information thefts from educational institutions and government agencies making the news, managers are realizing that it is not enough to simply padlock the front door to their networks; they also need to put a watchdog on their database to detect and prevent breaches – both internally and externally.  

When it comes to network security, 2009 is all about efficiency – finding technologies that are easy to manage, user-friendly and make it possible to do more with less. Functionalities that have been traditionally reserved only for large enterprises are becoming available to mid-sized organizations.

The start of a new year is a good time to conduct a security check-up, review the measures already in place, learn about newly available technologies and emerging security threats, and ensure proper regulatory compliance for the future. These operational security standards vary greatly among governments, and may require security appliances to hold federal or industry level certifications.

Canadian threatscape
Government agencies are susceptible to the same threats as other users. Network threats come from external sources, but can also be introduced internally by laptops, USB keys and smartphones. Education and awareness about potential security threats and trends is paramount to resisting attack. One of the most prevalent threats is information theft or database siphoning. Successful attacks are often widely publicized no matter how insignificant the breach.  

A security flaw in Passport Canada’s website brought the reality of database attacks to light in 2007. The breach allowed users to easily view other applications – including SINs, dates of birth and driver’s licenses – by simply altering one character in the Internet address displayed in the web browser. This could have been prevented through proper coding practices. Although little harm was done, there was great publicity.

There are a multitude of more complex and nefarious vectors lurking in today’s threatscape.

As Web 2.0 use increases, vulnerabilities multiply, requiring better web application security solutions and data leakage prevention mechanisms – to prevent inadvertent release of proprietary information, resist attacks, and prevent employees from bringing back tainted data into the corporate network. Moreover, as more groups such as the University of Ottawa’s Canadian Internet Policy and Public Interest Clinic advocate mandatory reporting of data breaches to a public registry, organizations will increasingly need to deploy security applications that shore up their potential security risks and allow for easy reporting.

Evolution of technology

Securing a network isn’t as simple as choosing the latest piece of equipment; rather, it demands a customized approach that holistically considers the type of data your organization deals with alongside user habits and compliance requirements.  

There are many layers in the selection process that need to be considered before investing capital to acquire a new solution or upgrade an existing system. One of the most popular movements has been the rise of an integrated approach to network security. In the past, organizations have relied on a number of different point-solution appliances and vendors for each individual security need, leading to management headaches and compatibility issues. Consolidated security appliances, however, integrate multiple security features – like network firewall capabilities, network intrusion detection and prevention and gateway anti-virus functionality – into a single hardware platform. More advanced systems incorporate security-specific ASICs within the network security platform for performance advancement and also offer real-time security subscription services along with a suite of management, reporting and analysis products.  

This layered approach, chosen for its adaptability, increasingly forms the backbone of many enterprise, MSSP and carrier security solutions. Integrated network security appliances have also become well-known for being a simple, cost-effective way to enhance existing data networking capabilities, especially because they are scalable – meaning it’s fairly simple to turn functionalities on and off or add additional hardware to meet the growing needs of your organization. The consolidated security market is undergoing rapid expansion, as evidenced by the latest IDC Quarterly Worldwide Security Appliance Tracker, which states that this style of layered security appliance now holds 58 percent of the market share – outgrowing traditional firewall/VPN appliance sectors – and was worth an estimated US$2 billion in 2008.

Beyond choosing the right framework for network security, it is imperative to consider the features that accompany the security appliance.

  • IT has revolutionized business communications, providing an unmatched blend of reach, scalability, timeliness, efficiency and overall effectiveness. To protect these vital tools, security should not stop at the perimeter. Organizations need to consider a comprehensive security portfolio that addresses database, email, client and mobile devices in addition to traditional network security solutions to protect against a diverse, overlapping and ever-expanding array of threats.
  • Look for a security appliance capable of reassembling packets and scanning data in real-time, without compromising network speed and detection quality. With the rising adoption of 10GbE throughput, organizations will need to ensure that their security protocols work at the speed of the network without sacrificing accuracy. Constantly monitoring the computer system for malicious content as the data comes in and out of the network can stop a piece of malicious code before it compromises the network, and technological advances mean today’s appliances feature higher-throughput speeds that make scanning a truly “behind-the-scenes” function from the users’ perspective.
  • Real-time data scanning is only as effective as the rate at which the security system checks and updates users against new viruses and threats. It is important to deploy a security system that features real-time, automatic updates to ensure your security system is always equipped with the most up-to-date protection from new and emerging threats. Some appliances feature subscription services that will automatically push updates to the network, easing management and deployment of vital system upgrades.
  • Security is not a “one-size-fits-all” tool, and data security needs vary greatly even within an individual organization. Modern advances and innovation have made network segmentation – the act of splitting a larger computer network into its own subnetwork – available to a much larger audience. In the past, this technology was reserved only for large enterprises, but new appliances are now more affordable and readily available to mid-sized users. This technology is attractive because it minimizes traffic on a local network and improves both performance and security. It has also proved useful in containing network problems, as it limits the effect of a local failure on other parts of the network.
  • Organizations are looking to adopt green technologies. While some look to these technologies purely from an environmental standpoint, others are increasingly focused on their cost cutting benefits. Integrated network security solutions and virtualized security technologies, which create a flexible security layer inside a virtualized data centre rather than utilizing an additional piece of hardware, can both help o

About this author

0 comments

There are no comments for this post yet.

Be the first to comment. Click here.

Security
 
Earlier this month I had the privilege of testifying as an...
 
Canadian Government Executive Media, (CGE) publisher of Canadian Government Executive magazine...
 
In the last few years, we’ve seen various federal governments warning...
 
Canadian Government Executive is excited to announce the agenda for TechGov...
 
In the wake of the WannaCry outbreak, corporate executives, IT professionals,...
 
Facebook Pages can be an essential tool for businesses and charities,...
 
Cybersecurity professionals have sounded the alarm for years, and they are...
 
CBC deserves full credit for exposing the presence of IMSI catchers...
 
Security professionals have an obligation to communicate risks and recommendations to...
 
Over the decades, technology has been grafted into governments around the...
 
In this episode, J. Richard Jones talks about being candid about...
 
Criminals have reportedly threatened to take over 250 million Apple accounts...
 
In this episode, hear more about how Canada is a prime...
 
While the incoming administration of President-elect Donald Trump is being buffeted...
 
In the world that we are living in today, free and...
 
The RCMP adopted a new media strategy earlier this month by...
 
What would tomorrow’s cybersecurity look like? That’s an intriguing question to...
 
Terrorism operates with deadly regularity. In June 2016, a gunman who...
 
Just as the federal government has begun consultations on cyber security,...
 
Efforts by the government to counter the radicalization of young Canadians...
 
Canadian healthcare organizations and businesses in the financial industry are the...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
The challenge is clear: a fast-paced industry pressures organizations to simultaneously...
 
As populations grow and age, the demand for services increases. As...
 
By Michael Murphy Not all assets can and should be equally...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Now more than ever, organizations in both the public and private...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
As the battle between the FBI and Apple continues to escalate,...
 
Please to view this Content. (Not a member? Join Today! )...
 
Meet Bob Heart.  He is an outstanding employee who works hard...
 
A new study released yesterday, Securing the C-Suite, Cybersecurity Perspectives from...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Yesterday, Ontario Supreme Court Justice John Sproat ruled that the Peel...
 
I wrote about accountability more than a year ago. Recently, a...
 
Intelligence agencies have had widespread and long-running programs to gather, analyze...
 
What concerns me is whether or not we’ve got the balance...
 
One of the consequences of the Information Age in which we...
 
In March of 2011, the east coast of Japan was rocked...
 
BYOD is hot! But is it for you? If yes, which...
 
Protecting critical infrastructure from cyber threats is the shared responsibility of...
 
In numerous interviews with senior military commanders over the past several...
 
In early February, James R. Clapper, the U.S. director of national...
 
The widespread adoption of mobile devices as enterprise-level tools is occurring...
 
CGE Vol.13 No.2 February 2007 Public security, once a task relegated...
 
CGE Vol. 14 No.4 April 2008 In recent years, policy makers...
 
L’univers de la sécurité des TI évolue rapidement. À mesure que...
 
The world of IT security is rapidly evolving. As quickly as...
 
Cyber attacks don’t have to look highly sophisticated. Hackers are purposely...
 
The announcement regarding the establishment of Shared Services Canada (SSC) was...
 
There was probably a day in spring of AD 72 that...
 
The changing face of public and personal privacy in the face...
 
What role should governments and public servants play in safeguarding personal...
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
Earlier this month I had the privilege of testifying as an...

Member Login

Forgot Password?

Join Us

Password Reset
Please enter your e-mail address. You will receive a new password via e-mail.