- 10 Microsoft research projects
- 10 kitchen gadgets for the geek gourmet
- Verizon trounces competition
- Smartphone smackdown: Storm vs. iPhone
- FBI warns of holiday cyber scams
 |
|
||||||||||||||||||||||||
Security automation: Isn't that the very nature of the beast? After all, just about any security process can be automated. Firewalls, intrusion-detection systems and anti-virus software scan and sniff network traffic and computers for known signatures of attacks, viruses and worms. Vulnerability management systems find and patch holes, so malware can't exploit them. Remote access managers sandbox, scan and sanitize endpoints before allowing network access. And security managers get to view all of this and more from a central monitoring station.
OK, maybe it isn't an integrated monitoring station but rather a bunch of monitoring stations kludged into one console by a security administrator. That's the nature of the beast, too. The inability of different security products to share network and security information limits security automation. Limitations appear elsewhere, too. For example, intrusion-prevention systems (IPS ) lack the intuition to know the difference between a Christmas rush and a denial-of-service attack, which is why companies use intrusion prevention sparingly, or not at all. There's no way a security tool will ever be able to set policies aligned to your business' unique characteristics.
Suffice it to say, security will continue to become automated, but will never fully replace human perception, intuition and intervention. "You can build automated security models in a way to detect problems, establish countermeasures and alert a human, who can then build a filter or countermeasure to protect against that issue," summarizes John Pironti, enterprise architect and security consultant at Unisys. "In this way, there will always be a symbiotic relationship between humans and computers."
Intrusion detection, anti-virus, firewalls and anti-spam are fairly mature when it comes to automation - meaning human intervention is minimized. While these tools needed manual updates and excessive filtering, they now essentially run themselves, by automatically updating their signature files, blocking worms and viruses, scanning and parsing datastreams, and looking deep into packets to detect bad behavior, says Vick Wheatman, vice president of security practices at Gartner. Reaching that level of maturation takes five to 10 years, analysts say.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment