A clear and present danger

Because it’s difficult enforcing policy across a fleet of machines which are very rarely in the office and rarely hooked up to a network that is trustworthy, Biviano said each machine needs a subset of the overall security network infrastructure sitting off to one side of it so it’s able to defend itself against the same sort of threats as the network.

Beyond perimeter versus internal security arguments, Check Point Software country manager ANZ, Scott McKinnel, believes the biggest concern facing network and security professionals today is the weight of change and complexity. “From the network perspective it’s just the sheer complexity and the introduction of human error because of all the different components. Even if each security component is configured correctly, has the right release of software, is managed properly and does what it’s says it’s meant to do; you still have all the complex interoperability issues and patching just to keep everything current.”

The other big concern in a complex and fast-changing security environment is the capacity for human error. “Keeping your staff trained properly and giving them the time they need to do things properly,” is of prime importance said McKinnel. In the event of a breach occurring, often the very speed of events can mitigate against effectively dealing with it. “That is often the biggest risk and the way it is being addressed is that there is a lot of emphasis on management, event reporting and correlation.

“If there’s an incident or some sort of compromise, typically multiple systems will report that because the incident will trigger an event, an alarm goes off in the management system. If you’ve got multiple systems and technologies deployed all the management consoles will alarm. What event management does is correlate all the alerts and then present it in a centralised and simplified way. Your security systems are only as good as you can manage, monitor and maintain them so we’re seeing a shift in the market of more emphasis on event management and management of systems.”

Generally speaking, organisations are responding to the current security environment by implementing defence in depth strategies which cover endpoints as well as all the network access controls. While this strategy includes all the traditional IT security apparatus such as anti-virus, firewalls, intrusion detection etc, Symantec’s vice president, channels, Asia Pacific and Japan, John Donovan, said it’s also vital to be able to have a degree of trust with other people. “[This is particularly the case with business] partners with which you’re hooked into in a B2B environment. Because everyone wants open access; banks, government etc, you want to be able to get access to your own records to be able to update them, modify them etc. Networks are opening up with customers demanding access to information and with that comes risk.”

Aside from the potential for productivity issues some of the biggest security risks gaining currency are social networking sites such as Facebook, MySpace and YouTube. Websense ANZ country manager, Joel Cammisar, said over the past year various security companies have put up dummy Facebook accounts to see how many people would reply with enough credentials so that a hacker would be able to compromise their identity. “It’s been quite astounding how many people give out critical information on Facebook and MySpace kind of sites. That alone poses a security risk for organisations, but there has also been other cases where social networking sites have been used to harbour malicious code. This is a growing trend, gone are the days when mass mailing viruses make up the majority of hacking threats. The main threat vector now is the web and hackers are using a variety of means to beguile users into going to sites which are launching pads for malicious code.”

a and clear collaboration danger networking present