Escolar Documentos
Profissional Documentos
Cultura Documentos
Measurable Results
Introduction
Most organizations acquire security tools in a reactive manner. This results in
inconsistent security that doesnt meet organizational goals. A Security Plan
eliminates this problem, preserving resources.
On average, plan development takes 8 months and costs $108,000; a major
inhibitor to plan adoption. This solution set eliminates those costs.
This solution set addresses Security Planning is three steps:
Executive Summary
IT Security Planning is costly and time consuming. Using the Secure
Network Design and Roadmap tool is a cost free and quick way to
create your organizations ideal network design and tool
implementation roadmap.
Involve the business side in IT Security Planning, it is not only an IT
Exercise. Involving the business results in:
Better business buy in.
Easier cost validation for new security tools.
More insight into future business directions.
Getting
Started
Why perform
security
planning?
Planning and
requirements
gathering
The Value of
Plans
How
deployments fail
plans.
Determine Implementation
Order**
Regulatory Pressure:
Business Requirements:
10
Not Meeting
Business
Requirements
Inappropriate Tools in
Place
Info-Tech research shows that
companies with no formal IT
Security Plan in place show
significant randomness in the
tools they choose and the order
in which these are
implemented.
Example: A financial
organization that needs to meet
specific compliance
requirements purchased
Content Filtering and Data
Leakage Protection systems
after implementing baseline
tools when they should have
implemented a Management
System next to monitor all of
the tools they already had in
place. The high cost of the
Management System caused
them to look for cheaper tools
first. This misalignment resulted
in the organization failing to
provide conclusive reporting for
security auditing purposes. 11
12
13
Sensitive data
and
confidential
information
must be
rigorously
protected to
prevent it from
being stolen or
lost.
Organizations
that have
sensitive data
will need to
implement
Data Leakage
Protection,
Intrusion
Detection and
Prevention and
Encryption.
Remote
workers need
access to the
same tools that
they use when
physically
present in the
office.
A business that
needs to be
running 24/7
has very
different needs
from one that
is open from 9
to 5.
Virtual Private
Networks
(VPN) and
Network
Access Control
(NAC) are two
essential tools
for securely
supporting
these
employees.
To ensure that
the business
has access to
the internet
and other tools
that they need,
dual firewalls
are required in
order to
minimize
downtime in
the case of a
failure.
Online
businesses
cannot afford
to have their
websites
unavailable to
their
customers as
this likely
represent a
significant loss
in revenue.
Online
businesses
must have dual
routers in place
to minimize
downtime in
the case of a
failure
14
15
16
The importance of
roadmaps
Compliance vs.
Security
Ideal
implementation
orders
17
N=
33
N=
33
Takeaways:
Takeaways:
18
Baseline Tools
Baseline tools are those that should
be implemented in the same order,
regardless of the company and
whether they focus on security or
compliance.
19
20
Gateway
Firewall
Endpoint
Anti-Malware
Gateway
Anti-Malware
Required by
all
companies.
Required by
all
companies.
Required by
all
companies.
Should
always be
the first
security tool
implemented
.
Essential on
all endpoints
to protect
them from
infection
from viruses
and malware.
Detects and
blocks
malware as it
enters and
exits the
organization.
Basic
Network
Segmentatio
Required by
n most
companies.
This is the
most basic
network
structure, it
is a network
segmentation
that
separates
users from
servers.
Blocks
Firewalls
monitor the
Blocks
unwanted
data
unwanted
inbound and
traversing
inbound and
outbound
outbound
traffic.
the corporate
network,
traffic.
looking
for tools are those needed by all organizations, regardless of their priorities or focus.
Baseline
security
suspicious
The activity.
baseline tools should ideally be implemented in the order above to ensure basic security protection is
available .
The vast majority of companies surveyed by Info-Tech for this study implemented these baseline tools
first.
21
Management
System
IDP
Necessary for
organizations
that house
sensitive
data and for
those with a
low tolerance
for risk.
It prevents
intrusions
into the
corporate
network from
unauthorized
third parties.
Consolidates
the reporting
and
notification
functions of
all security
tools.
Organizations
that need to
meet
stringent
compliance
requirements
need this tool
for reporting
purposes.
Encryption
Prevents
unauthorized
third parties
from viewing
and
accessing
sensitive
company
data by
making it
unreadable
without the
proper
decryption
key.
Enhanced
Authenticatio
n Required
when an
organization
supports
remote
workers.
Ensures that
remote
workers will
have full,
secure
access to the
corporate
network.
Spending time and money on a formal security plan is essential in order to ensure
compliance with state mandates
- Team Member, Education Services
22
1
0Data
Leakage
Protection
Organizations
that house
sensitive and
confidential
data must
have this in
place.
These
systems
prevent the
purposeful or
inadvertent
transmission
of data
outside of the
enterprise.
11
Content
Filtering
Proper
content
filtering
restricts the
type of
information,
data, and
code that can
enter the
organization
via the
Internet.
12
Tier Network
Segmentatio
n First separate
user and
server
networks
attached to
core network.
Then
separate
these
networks into
trusted and
untrusted
users and
servers.
13
Internal
Firewalls
Regulates
and restricts
traffic to and
from servers
containing
sensitive
data.
Access to the
server is
based on a
set of predefined rules.
23
Content
Filtering
IDP
Necessary for
organizations
that house
sensitive
data and for
those with a
low tolerance
for risk.
It prevents
intrusions
into the
corporate
network from
unauthorized
third parties.
Proper
content
filtering
restricts the
type of
information,
data, and
code that can
enter the
organization
via the
Internet.
Data
Leakage
Protection
Organizations
that house
sensitive and
confidential
data must
have this in
place.
These
systems
prevent the
purposeful or
inadvertent
transmission
of data
outside of
the
enterprise.
Encryption
Prevents
unauthorized
third parties
from viewing
and
accessing
sensitive
company
data by
making it
unreadable
without the
proper
decryption
key.
24
1
0Enhanced
Authenticatio
n
Required
when an
organization
supports
remote
workers.
Ensures that
remote
workers will
have full,
secure
access to the
corporate
network.
11
Tier Network
Segmentatio
n
First separate
user and
server
networks
attached to
core network.
Then
separate
these
networks into
trusted and
untrusted
users and
servers.
12
Internal
Firewalls
13
Management
System
Regulates
and restricts
traffic to and
from servers
containing
sensitive
data.
Consolidates
the reporting
and
notification
functions of
all security
tools.
Access to the
server is
based on a
set of predefined rules.
Organizations
that need to
meet
stringent
compliance
requirements
need this tool
for reporting
purposes.
Management tools are purely for the effectiveness of monitoring and support. The tools and
processes themselves are the real risk mitigation agents.
- CISO, Manufacturing
25
26
27
Summary
Formal security planning saves time and money and improves
the security stance of the organization.
There are three steps in creating a security plan:
1. Planning and Requirements Gathering
Not only an IT exercise. Get this business input at this stage. Determine what the
organization needs now and in the future and plan accordingly.
28
Appendix I
Description of security solutions
Info-Techs standardized security architectures use up to fifteen different security
solutions:
Gateway firewalls
Dual gateway firewalls
Internal firewalls
Gateway anti-malware
Endpoint anti-malware
Dual Internet connections
Segmented networks
Tiered networks
The following slides describe these tools. Each slide shows a sample security
architecture diagram and highlights the position of the tool in question in that
diagram. The slides also indicate the relative (low, moderate, high) cost, time and
skill requirements for each tool.
Low cost indicates something that should be affordable by most enterprises while high cost
may be affordable only by larger enterprises.
Low time indicates a deployment on the order of days to weeks while high time indicates
deployment on the order of months to years.
Low skill indicates a deployment that requires no specialized expertise while high skill
indicates a deployment that requires significant expertise.
Info-Tech Research Group
29
Appendix I-a
Gateway Firewall
Firewalls are a baseline security
protection mechanism required by all
organizations, regardless of their size of
perceived threats. Firewalls regulate the
inbound and, in some cases, the
outbound flow of traffic. They can be
deployed singly or in pairs.
Firewalls evaluate whether traffic can be
allowed to enter the network based on
comparison to in-place rules. Creating a
detailed and specific ruleset that
specifies what constitutes appropriate
traffic is they key to good firewall
functionality.
30
Appendix I-b
Internal Firewall
Internal firewalls work in exactly the
same manner as gateway firewalls
except that they are used to filter
internal network traffic only. They are
generally deployed to protect
particularly sensitive network segments.
Firewalls evaluate whether traffic can be
allowed to enter the network segment
based on comparison to in-place rules.
Creating a detailed and specific ruleset
that specifies what constitutes
appropriate traffic is they key to good
firewall functionality.
Cost: Low
Time: Low
Skill: Low to Moderate
Info-Tech Research Group
31
Appendix I-c
Gateway Anti-Malware
Gateway Anti-Malware detects and
blocks malware as it attempts to enter
the enterprise network. The solution can
also be configured to scan outbound
traffic for malware threats which can
limit distribution and eliminate the
reputation hit associated with spreading
security threats.
Gateway Anti-Malware can be
integrated into gateway firewalls or
deployed as separate device depending
on the needs of the organization. It
scans incoming files and applications
for signatures that match known
threats, quarantining or deleting them
when discovered.
Cost: Low
Time: Low
Skill: Low
Info-Tech Research Group
32
Appendix I-d
Endpoint Anti-Malware
Endpoint Anti-Virus/Malware is one of
the most basic security technologies that
an enterprise can deploy. The primary
function of this solution is to detect and
block malware as it is received at the
endpoint and thereby reduce the spread
of threats.
Endpoint Anti-Virus/Malware is
software that is installed directly on to
endpoints such as servers and
workstations. It scans the files and
applications for signatures that match
known threats, quarantining or deleting
them when discovered.
Cost: Low
Time: Low
Skill: Low
Info-Tech Research Group
33
Appendix I-e
Dual Internet Connection
Dual Internet connections are essential
for online businesses; those needing to
provide access to their website 24/7.
They ensure a far greater uptime
potential to ensure that clients that are
looking for the enterprise's website are
always able to find it.
Dual Internet connections require dual
front-end routers. Each connection
should be capable of handling all of the
enterprise's network traffic. If one
router fails, the other takes over all of
the functions, preventing downtime or
latency. Specialized networking will be
required to ensure appropriate
distribution of traffic in this structure.
Cost: Moderate
Time: Low to Moderate
Skill: Moderate
Info-Tech Research Group
34
Appendix I-f
Segmented Internal Network
Basic network segmentation is the first
step in network architecture complexity
for those migrating from flat networks.
At a minimum, basic network
segmentation should separate users
from the servers. This allows servers to
be protected at a higher level without
security tools having to be deployed
across the entire network.
Uses configurational rules within
network infrastructure to create virtual
network segments that have different IP
address ranges from one another. For
traffic to pass between these segments
they must traverse the switch where
security rules can be applied.
Cost: Low
Time: Low to Moderate
Skill: Low to Moderate
Info-Tech Research Group
35
Appendix I-g
Tiered Internal Network
Tiered network segmentation takes
network segmentation one step further,
increasing the granularity with which
the network is divided. Tiered
segmented networks increase security
by providing better isolation of sensitive
data and/or processes.
Uses configurational rules within
network infrastructure to create virtual
network segments that have different IP
address ranges from one another. For
traffic to pass between these segments
they must traverse the switch where
security rules can be applied.
Cost: Low
Time: Low to Moderate
Skill: Moderate
Info-Tech Research Group
36
Appendix I-h
Virtual Private Networks
Network Access Control (NAC) and
Virtual Private Networks (VPN) help
protect organizations from threats that
might be leverage by allowing inbound
connections to internal networks by
privileged devices (such as remote
laptops). VPN allows remote user to
connect to the network while preventing
session hijacking and sniffing type
attacks.
VPN creates encrypted point-to-point
communications channels through
which remote users connect to internal
network resources.
37
Appendix I-i
Intrusion Detection & Prevention
IDP is a network alarm system. The
solution monitors traffic for anomalous
behavior and intrusion/attacks
signatures and can issue alerts, or take
independent corrective action in
response. Generally configured to
monitor inbound traffic only, the
solution can also monitor two-way
traffic flow making it useful sometimes
for the protection of sensitive internal
network segments.
IDP sensors can issue alerts to
administrative staff for manual
intervention or can initiate automated
responses..
Cost: Moderate to High
Time: Moderate to High
Skill: Moderate to High
Info-Tech Research Group
38
Appendix I-j
Content Filtering
Content filtering helps businesses avoid
legal issues by blocking unauthorized
inbound web content (websites, web
applications, file sharing sites, etc.)
from being accessed. Secondarily, these
tools block access to websites that may
host malware and other threats, directly
improving security.
Proper content filtering restricts the
type of information, data, and code that
can enter the organization via the
Internet. Administrators are able to
specify what types of content employees
are permitted to view and at what times
they are allowed to do so.
Cost: Low to Moderate
Time: Moderate
Skill: Moderate
Info-Tech Research Group
39
Appendix I-k
Data Leakage Protection
Data Leakage Protection is designed to
monitor for and block the outbound
distribution of sensitive data. These
solutions work best for protecting
against the accidental loss of
information and are especially valuable
for organizations that house
confidential or otherwise sensitive data.
Analyzes files in transit for disallowed
data by looking for keywords and data
patterns and then enforces policy-based
restrictions. Any time the pattern is
noted, the transmission can be
quarantined or disallowed and alerts
issued to both users and administrators.
Cost: Moderate
Time: Moderate
Skill: Moderate
Info-Tech Research Group
40
Appendix I-l
Network Access Control
Network Access Control (NAC) and
Virtual Private Networks (VPN) help
protect organizations from threats that
might be leverage by allowing inbound
connections to internal networks by
privileged devices (such as remote
laptops). NAC ensures that remote
devices meet the security requirements
of the network and are not injecting
threats that bypass gateway controls.
NAC uses signature based scanning to
determine the security configuration of
a device that is attempting to connect to
the network. Where the configuration
does not meet standards, devices can be
quarantined for remediation.
Cost: Moderate
Time: Moderate
Skill: Moderate to High
Info-Tech Research Group
41
Appendix I-m
Endpoint Encryption
Encryption is a "last line of defense"
type security solution and is designed to
ensure that even if systems are illicitly
accessed, any information they house
will not be subject to loss. Encryption is
typically most often applied to systems
and media that can be easily accessed
(laptops, backup tapes) or stores of
particularly sensitive data (databases).
Encryption protects data by making it
unreadable using an encryption key.
This data can only be made readable by
the use of the corresponding decryption
key. Encryption can be applied to entire
databases or to slices of data within
files.
Cost: Moderate
Time: Moderate to High
Skill: Moderate
Info-Tech Research Group
42
Appendix I-n
Enhanced Authentication
Enhanced Authentication is necessary
when passwords are not sufficient to
protect an organization's systems.
Enhanced Authentication uses multiple
factors of authentication (something
you know, something you have,
something you are) to establish a
greater level of confidence that
authenticated users are who they claim
to be.
Uses additional factors of
authentication to positively identify
users. Additional factors include second
factor (something you have) and third
factor (something you are).
Cost: Moderate to High
Time: Moderate to High
Skill: Moderate to High
Info-Tech Research Group
43
Appendix I-o
Security Management Technologies
A number of different types of Security
Management systems exist including
Security Information Management
(SIM), Identity & Access Management
(IAM) and Governance, regulation &
Compliance (GRC) software. These tools
offer heightened monitoring and into
user and system activity and can also
block inappropriate actions in some
cases.
Management systems consolidate the
reporting, notification and maintenance
functions of all of the security tools and
provide one interface to control them.
Cost: High
Time: High
Skill: High
Info-Tech Research Group
44
Appendix II
Methodology
This solution set used data collected from a survey conducted in April 2010 on the topics of
Security Policy development, deployment and enforcement. 117 responses were received.
45
Appendix II
Methodology
This solution set used data collected from a survey conducted in April 2010 on the topics of
Security Policy development, deployment and enforcement. 117 responses were received.
46