I have been in the network security game for over a decade
and I am still amazed at the number of organisations that only
think about their network security when there is a big virus
outbreak or a company such as Microsoft releases patches,writes Joona Airamo, chief information security officer
atStonesoft.
Lulled by the constant flow of patches from vendors, many of
these organisations are unaware that by the time a virus outbreak
reaches the news, then it is probably too late to prevent their
networks from being infected. Organisations that rely heavily on
security patches and other software suppliers to protect against
vulnerabilities are playing a dangerous game of catch-up.
Patching is at best a last ditch approach to security. When
vulnerabilities are found software companies will often approach
security vendors to create suitable patches. By the time
vulnerability has been discovered and the software company or
security vendors are able to develop a patch, the exploit has often
been in the wild for days if not weeks. Patching also has a major
drawback in that it often removes old patches, creating new
vulnerabilities.
Relying on patching is similar to securing a building with a
wire fence without employing a security patrol. The fence will
deter casual intruders but a determined intruder with the right
tools can cut a hole in it and enter and you can clear up after
they've been in. A wire fence with a security guard means that
anyone trying to cut a hole will be stopped before they can get
in.
The security landscape has changed dramatically over the last
few years. Yesterday's teenage hackers were interested in
demonstrating their technical know-how not financial gain. They've
now grown up and realise there's money to be made from hacking. The
only hope that companies have at staying ahead of game is to be
much more pro-active with their security. Security must be
engrained in every business process and not implemented as an
afterthought or when something goes wrong.
To stay ahead of the game organisations need to seriously
consider pro-active technologies such as intrusion prevention
systems (IPS) or at the very least firewalls which have embedded
IPS technologies. These types of pro-active solutions can identify
and stop attacks such as DDoS and malware attacks before they reach
corporate networks by analysing the actual DNA of an attack. Most
attacks have the same or very similar DNA so by identifying the
core structure, organisations are always protected, no matter how
an attack is wrapped up or disguised.
Network and security managers can no longer rely on their
software providers to keep them secure. It's all too easy to blame
vulnerabilities in software and slow patches for attacks against
the corporate network. Organisations need to take a pro-active
stance to security and use the correct technologies and look
closely at how secure all key processes are, to ensure that their
corporate environment is protected at all times. Network protection
in today's climate is all about being pro-active, in every sense of
the word.