I have been in the network security game for over a decade and I am still amazed at the number of organisations that only think about their network security when there is a big virus outbreak or a company such as Microsoft releases patches, writes Joona Airamo, chief information security officer at Stonesoft.
Lulled by the constant flow of patches from vendors, many of these organisations are unaware that by the time a virus outbreak reaches the news, then it is probably too late to prevent their networks from being infected. Organisations that rely heavily on security patches and other software suppliers to protect against vulnerabilities are playing a dangerous game of catch-up.
Patching is at best a last ditch approach to security. When vulnerabilities are found software companies will often approach security vendors to create suitable patches. By the time vulnerability has been discovered and the software company or security vendors are able to develop a patch, the exploit has often been in the wild for days if not weeks. Patching also has a major drawback in that it often removes old patches, creating new vulnerabilities.
Relying on patching is similar to securing a building with a wire fence without employing a security patrol. The fence will deter casual intruders but a determined intruder with the right tools can cut a hole in it and enter and you can clear up after they've been in. A wire fence with a security guard means that anyone trying to cut a hole will be stopped before they can get in.
The security landscape has changed dramatically over the last few years. Yesterday's teenage hackers were interested in demonstrating their technical know-how not financial gain. They've now grown up and realise there's money to be made from hacking. The only hope that companies have at staying ahead of game is to be much more pro-active with their security. Security must be engrained in every business process and not implemented as an afterthought or when something goes wrong.
To stay ahead of the game organisations need to seriously consider pro-active technologies such as intrusion prevention systems (IPS) or at the very least firewalls which have embedded IPS technologies. These types of pro-active solutions can identify and stop attacks such as DDoS and malware attacks before they reach corporate networks by analysing the actual DNA of an attack. Most attacks have the same or very similar DNA so by identifying the core structure, organisations are always protected, no matter how an attack is wrapped up or disguised.
Network and security managers can no longer rely on their software providers to keep them secure. It's all too easy to blame vulnerabilities in software and slow patches for attacks against the corporate network. Organisations need to take a pro-active stance to security and use the correct technologies and look closely at how secure all key processes are, to ensure that their corporate environment is protected at all times. Network protection in today's climate is all about being pro-active, in every sense of the word.
This was first published in October 2009