Shore up your network - Got VM?
The security of all networks, wired and wireless, can be improved by employing the four pillars of network security–firewall, antivirus, intrusion-detection systems (IDS) and intrusion-prevention systems (IPS). One type of IPS is a security appliance that helps find common vulnerabilities and exposures (CVEs). This appliance is often referred to as a “vulnerability-assessment appliance” or “network-security appliance,” rather than an IPS. Sometimes it is called "Vulnerability Management (VM)."
This type of appliance helps find vulnerabilities that open the doors and windows of your network to unauthorized users. Once those vulnerabilities are removed, malicious intruders have been locked out and attacks that exploit those vulnerabilities are prevented.
Security appliances encase the security software inside a box with an already-hardened operating system. They typically sit inside the firewall and are dedicated to “scanning” (or “auditing”) the network for vulnerabilities. The best equipment operates in the background without interfering with network performance, and does not care which operating systems the network has.
The appliance should have a schedule of when to scan or audit the network and adhere to that schedule without regular manual input. It should produce reports about vulnerabilities on systems and provide instructions or code for remediation of those vulnerabilities.
The appliance should both monitor existing network assets, whether they are wired or wireless, and dynamically detect new equipment as soon as it is connected. Once the appliance detects a new system or device, it should scan or audit that system as soon as possible for CVEs that a hacker could exploit. It should also send an alert to the IT manager responsible for the network.
If the new device has any vulnerabilities, the security appliance should then be able to integrate with the firewall to block traffic to and from the new equipment (effectively quarantining it) until it has been deemed a “friendly” associate system and meets security policy guidelines. Ideally, the scan or audit of a new system should take place in a timely fashion, before the equipment has had a chance to allow a malicious intruder onto the network. Many security appliances develop reports on existing vulnerabilities; the best also offer information on ways to quickly remediate those vulnerabilities.
The security appliance should also detect when an existing asset goes down or becomes non-communicative. That functionality gives the IT manager complete control over network security, even knowledge of when a system might have been removed from the network, possibly in violation of security policy.
Complete IT security means being able to integrate information about the asset with security details. Who uses the machine? Where is it located? What is its operating system? What other software is installed on it? When was the last time it was audited? Does it have vulnerabilities?
What if the machine is removed from the network? The IT manager needs to know where that machine is at all times and the status of not only its vulnerabilities, but every aspect of the system that relates to security. For this reason, a security appliance that tracks assets also enhances network security.
This type of appliance helps find vulnerabilities that open the doors and windows of your network to unauthorized users. Once those vulnerabilities are removed, malicious intruders have been locked out and attacks that exploit those vulnerabilities are prevented.
Security appliances encase the security software inside a box with an already-hardened operating system. They typically sit inside the firewall and are dedicated to “scanning” (or “auditing”) the network for vulnerabilities. The best equipment operates in the background without interfering with network performance, and does not care which operating systems the network has.
The appliance should have a schedule of when to scan or audit the network and adhere to that schedule without regular manual input. It should produce reports about vulnerabilities on systems and provide instructions or code for remediation of those vulnerabilities.
The appliance should both monitor existing network assets, whether they are wired or wireless, and dynamically detect new equipment as soon as it is connected. Once the appliance detects a new system or device, it should scan or audit that system as soon as possible for CVEs that a hacker could exploit. It should also send an alert to the IT manager responsible for the network.
If the new device has any vulnerabilities, the security appliance should then be able to integrate with the firewall to block traffic to and from the new equipment (effectively quarantining it) until it has been deemed a “friendly” associate system and meets security policy guidelines. Ideally, the scan or audit of a new system should take place in a timely fashion, before the equipment has had a chance to allow a malicious intruder onto the network. Many security appliances develop reports on existing vulnerabilities; the best also offer information on ways to quickly remediate those vulnerabilities.
The security appliance should also detect when an existing asset goes down or becomes non-communicative. That functionality gives the IT manager complete control over network security, even knowledge of when a system might have been removed from the network, possibly in violation of security policy.
Complete IT security means being able to integrate information about the asset with security details. Who uses the machine? Where is it located? What is its operating system? What other software is installed on it? When was the last time it was audited? Does it have vulnerabilities?
What if the machine is removed from the network? The IT manager needs to know where that machine is at all times and the status of not only its vulnerabilities, but every aspect of the system that relates to security. For this reason, a security appliance that tracks assets also enhances network security.
posted by NetClarity at
11:22 AM
|
1 Comments
