Proactive Network Security: Making Your Network Unassailable

he “market” for digital attacks is growing rapidly as the number of networked devices and software vulnerabilities continues to increase. Organizations are already so deluged with attacks that the current strategy of responding to intrusions no longer works because the alarms are turning into a new source of organizational white noise. Proactive network security offers a new strategy by combining five key elements: (1) detailed assessment of all the devices on the network; (2) continuous monitoring of those devices; (3) maintenance of a databa se o f known vu lne r ab i l i t i e s ; (4) evaluation and prioritization of threats based on the business value of each of the networked devices; and (5) management of corrective actions through ownership and workflow. Used in combination with reactive technology such as intrusion detection systems, proactive network security offers realistic protection by treating threats and vulnerabilities not as isolated events, but as permanent “features” of the new networked environment. INTRODUCTION Security has, of course, become one of the highest priorities of every company. Despite all the hype, the extent of the problem is not always understood. For example, a typical global 2000 enterprise security system generates over two million alerts every day. In 2002, digital attacks resulted in $42 billion worth of damage. And, according to the CERT Coordination Center (CERT/CC) at Carnegie Mellon University, the number of attacks is doubling every year. Even if you do not believe the numbers, the reality is that you or someone you know has been affected by an information security incident within the past 24 hours. Security is no longer a matter of guarding against occasional attacks. Organizations are under perpetual and continual attack. Digital attacks are now more frequent than spam. And, just as it is no longer possible to deal with spam by opening each message for visual inspection, digital attacks must be dealt with proactively. The constant flood of attacks is a new fact of life for organizations, and requires a new approach to security. T M U N I C A T I O N S , N E T W O R K , A N D I N T E R N E T S E C U R I T Y