How to marry security and systems management
New security threats emerge every day. From large-scale virus and worm outbreaks through to phishing and social engineering attacks, the growth of malware is forcing businesses to look at their strategies for keeping IT systems and data secure. This, combined with a more mobile workforce, has made traditional approaches to security inadequate. To effectively address the new challenges, organizations need to tighten coordination and integration between their security and systems management teams.
Over the past several years the threat environment has changed dramatically. First, the number of attack vectors employed by hackers has grown significantly. Today’s attacks can come into the organization from a wide variety of sources including websites, removable media such as USB storage, public WiFi networks, mobile devices, instant messaging clients and also Web 2.0 applications.
The number of known vulnerabilities these attacks are targeting has almost doubled, growing from 2,500 in 2004 to over 5,500 in 2008. The makeup of vulnerabilities has also shifted away from the operating system and into applications including browsers (IE, Firefox, Safari), media players (Quicktime, Real Player, Windows Media Player), and document viewers (Adobe Reader). In fact, during the first half of 2008, only 6% of reported vulnerabilities were in operating system components.
An increasingly mobile and distributed workforce has exacerbated the security challenges posed by these threats. The days of most systems residing securely behind the corporate firewall are long past. Today, most organizations see a large number of their PCs operating outside the firewall on a regular basis. These devices are exposed to a broader range of attacks since they are regularly connected to a variety of public networks, and can’t benefit from the traditional perimeter security tools that organizations have in place.
Another issue is the growth of web applications and social networking tools: while these applications can make workers more productive and more efficient in their roles, it can also create new opportunity for attack. Secondly, the amount of information that users have been happy to list on social networking sites makes these kinds of attacks more believable, and therefore more effective.
A critical element of any comprehensive security strategy is reducing the attack surface that hackers can exploit to compromise corporate systems. This requires robust defenses at both the perimeter and the endpoint. While it is easy for the security team to deploy and implement perimeter security solutions such as firewalls and IPS appliances without the help of the systems management team, the same cannot be said of end-point protection. The deployment and configuration of security updates such as patches and security utilities to PCs and servers requires the help of the systems management team to ensure success. Security updates have to be tested and deployed alongside non-security updates, and pass through the organization’s change management process. Failed updates can cause a security risk and also can generate downtime due to system crashes.
Similarly, the systems management team needs the security team’s expertise to effectively protect the end-point. A prime example is patch management. In the past, the number of patches was lower, so they could be applied as and when they came through. However, the volume of new patches coming through has grown so much that this approach is no longer efficient or cost-effective. This has meant that organisations can’t keep up, leading to them undertaking “patch windows”: periods when all the necessary patches to applications, operating systems and other required updates can be applied. However, without the right systems management approach in place, it can lead to either missed patches or holes in the organization’s security.
On the other hand, the systems management team needs the security team’s expertise to evaluate the urgency of reported vulnerabilities. This evaluation allows the systems management team to make intelligent decisions about which patches to deploy and when to deploy them. Interestingly, this patch scheduling also allows the security team to determine if they need to implement temporary defenses at the perimeter using IPS for particular vulnerabilities until the patch is deployed.
Naturally, tools that facilitate the coordination of security and systems management help make both teams more efficient in securing end-points. This saves both teams’ time and effort by reducing miscommunication and the need to administer multiple tools. Similarly, these new tools allow security administrators to define security policies, such as approved applications and devices, and then allows for systems management to implement these security policies.
Importantly these tools allow the security patches, updates and policies to be deployed right alongside other changes, such as application upgrades and configuration changes. This allows systems management to use one integrated tool and change management process for all end-point management, which reduces errors and down time and allows for greater efficiency.
Today’s threat environment requires robust defenses at both the perimeter and the endpoint. By working together, the security and systems management teams can deliver a much more secure endpoint than they ever could working apart, and thereby keep all the doors to the network shut tight.