Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Stable Security In An Environment of Change

AlgoSec : 30 April, 2012  (Technical Article)
Paul Clark of AlgoSec sheds light on the grey area of risk and change management for firewalls
Stable Security In An Environment of Change
New applications, new users, evolving networks and new threats all combine to create headaches for both IT and security teams.  So how should both collaborate to eliminate risks when everything is constantly changing? Paul Clark, UK MD for AlgoSec explains.

“Our only security is our ability to change,” wrote John Lilly, the American physician and philosopher.  But speak to a hard-pressed CSO or CIO, and they’ll tell you that they’d happily take a lot less change in order to get better security.

Every new hire, every software patch or upgrade, and every network update opens up a security gap and increases the organisation’s risk exposure.  This situation becomes further complicated in larger organisations, which may have a mixed security estate comprising traditional, next-generation and virtualized firewalls from multiple vendors, all with hundreds of policies and thousands of rules.

Then there are unexpected, quick-fix changes for access to specific resources or capabilities.  In some cases, the change is made in a rush (after all, who wants a C-level exec breathing down their neck because he wants to access the network from his new tablet right now?), without sufficient consideration of whether that change is allowable under current security policies, or if it introduces new exposure to risk.

Add to these internal issues the ever-growing number of external threats, from malware, hacking and social engineering exploits, it’s no wonder that both IT and security teams find change, although inevitable, introduces many more challenges than they would like.  

So, how should security and IT teams work together to manage change and get better control of security-related change issues?  How should they approach updating their complex security infrastructure and policies to ensure better system availability and security?  

The first step is to ensure that IT and security teams are working in harmony with each other.  In many larger companies, routine IT operational and administrative tasks may be handled by a different team to that handling security and risk-related tasks.   Although both teams are working toward the same end, decisions made by one team may lead to issues for the other.  Sometimes these situations can be dealt with in a rush, with the full intention of dealing with any security issues afterward.  But this latter, crucial element may get overlooked.

So it’s worth recognising the potential for these pitfalls, and implement measures to help improve coordination between different teams.  You can’t always predict exactly when users will make requests to add new devices to the network, but you can certainly prepare a routine for dealing with those requests as they arise.  Bringing both teams together to prepare routemaps for these situations – and for other ‘knowns’ such as network upgrades, change freezes, and audits – helps to minimise the risk of these changes causing security holes.

To build these routemaps, it’s essential to understand your network’s topology, which can be extremely complex in multi-site, enterprise environments.  Where are the main conduits and choke points for traffic flow?  Where are the potential vulnerabilities?  How are the various firewalls on the network configured, and what security policies and rules are active on those devices?  

The answers to these questions help you to identify and target those areas with potential security gaps.  However, the pace of ongoing infrastructure changes – not to mention the speed at which external threats evolve – means that manual, periodic network and risk assessments are simply not frequent enough to enable staff to keep up.

So as well as being able to visualise the network, you need near real-time responses to network issues, and the ability to quickly access all types of firewall and apply changes in a way that is both compliant with security policies and fully auditable.  This demands automation for these critical, labour-intensive tasks.

Why automate these tasks?  Put simply, organisations cannot afford not to automate.  In 2011, we surveyed senior IT and infosecurity staff on their firewall management issues*.  66% said that human error was the primary cause of network security outages – in other words, simple mistakes being made in manually assessing or applying firewall rules or policies.  
Respondents also said that firewall management required the greatest investment of their time, as well as causing the most network disruptions.  73% cited a high number of changes as the main reason for their time investment in managing security gateways.  This highlights several needs:  a dashboard view of security, availability and compliance issues; a reduction in human error; and prioritised action points to help reduce critical risks.

Automation helps staff move away from firefighting and being bounced reactively between incidents, and helps them gain control.   The right solution can help teams track down potential traffic or connectivity issues, highlights areas of risk, and the current status of compliance with policies across mixed estates of traditional, next-generation and virtualized firewalls.  It can also automatically pinpoint the exact devices that may need changes, and show how to design and implement that change in the most secure way.

This not only makes firewall change management easier and more predictable across large estates and multiple teams, but also frees staff to handle more strategic security and compliance tasks, because the solution is handling much of the heavy lifting.  An additional benefit comes in optimising the performance of firewalls and gateways.  Don’t forget, firewalls typically process their rulesets sequentially until they find one that matches traffic.  How many rules have been added to your firewalls in recent years?  Ruleset sprawl will drain performance.  By filleting unused rules from your firewalls, and prioritising those rules that are most frequently used, you cut the amount of processing the device has to do.  

So, constant changes don’t have to be a bugbear for IT and security teams.  The ability to better manage change through automation can make a real difference to a company’s security stance.

Paul Clark is Regional Director for AlgoSec, responsible for growing the company’s presence and driving sales.  Paul has 12 years of experience in senior roles in the Infosecurity sector and over 20 years IT sales and management.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo