Network Security: The Path Ahead
Melissa Stevens 270005B76W MELISSAS@US.IBM.COM | | Tags:  firewall siem security network-security ngips ngfw ips
0 Comments | 3,381 Visits
Guest post by Brian Fitch, Product Manager for IBM Security.
People spend a lot of time pondering what the future will hold. For those of us working in network security, we daydream about a future full of integrated security technologies that will simplify our jobs. But is that just wishful thinking? Do you think it’s more likely that we’ll end up with more of the same- point solutions working independently that just create more work and frustration? While you sit back and consider these questions, I’ll also ask you to think about one more issue- how will future technologies affect the network group vs the security group? Will they create new challenges as security solutions often impact, and disrupt,network traffic?
Technologies are needed to facilitate information sharing between Security and Network Groups
The path ahead for network security requires tools that both network groups and security groups can use to work together in information sharing. Information sharing is needed by the network operations groups so they have a constant awareness of the state of their network. They need to know where and why packets are being blocked? What is the functional status of the security devices on my network? Likewise, the security group needs information on incoming traffic and its origin as well as traffic exiting and its destination.
Security Groups care about network traffic, too
Security groups need to identify the sources of all traffic entering their networks. They need to know the reputation of the source of the traffic. They need to know where that traffic is going to and what is happening once the source reaches the target. Is this a legitimate e-shopping transaction or is this an SQL Injection attack that is underway? A good way of answering this question is through the use of tools that not only monitor and analyze network traffic but also ones that monitor the database activity. As the path forges ahead, security should demand that the technologies used for risk mitigation be able to correlate data and provide high confidence answers to the behaviors being seen. An example of this might be when an attack is seen by detection devices on the network level and corresponding data mining activity is reported by host monitoring solutions.
…and Network Groups need to know how Security is impacting the network
Furthermore, as security groups use more complex tools and continue to intrude in the network group’s territory, the need for a “what’s happening” report on the network is paramount. Network teams must have insight into security’s activities and the actions that security technologies are taking with regards to affecting network traffic. They should demand information feeds from the security technologies. This could be via SNMP or a portal that they can access to see the status of the security technologies. Ideally, network and security both will be able to make use of a Security Information and Event Management (SIEM) platform to meet their respective data needs. Should both groups be involved in decision making? Absolutely.
Maybe the future isn’t so far away
Fortunately, solutions are already coming to market that help both parties, meaning a better network and security operational framework is on the horizon. Next Generation Firewalls (NGFW) and Next Generation Intrusion Prevention Systems (NGIPS) both focus on consolidating a myriad of technologies into single platforms. The path ahead requires that the network group and security group cooperate on acquiring new solutions for the enterprise so that both groups’ needs are fulfilled without overly complicating our IT infrastructure.
Read more: New IBM Network Security Appliance Launched
More about the author: Brian Fitch is Product Manager for IBM Security.
He has been in the information security industry for over 12 years. Brian currently manages the GX IPS and XGS NG-IPS line of appliances. Prior to his product manager role, Brian was an Internet Security Systems (ISS) Systems Engineer for a decade.