The Smart Techie was renamed Siliconindia India Edition starting Feb 2012 to continue the nearly two decade track record of excellence of our US edition.

April - 2009 - issue > Technology

Value of Integrated Vulnerability Management and Intrusion Prevention Systems

Akshay Chitlangia
Thursday, April 2, 2009
Akshay Chitlangia
Good security must be transparent, invisible, and should not hamper the core business. Most organizations approach the intrusion prevention systems as a means to stop hacking and block viruses and worms. Unfortunately, such solutions just can’t do that 100 percent of the time. It is practically not possible to be able to stop everything at the network entry and egress points. At the same time, today’s IT landscape in the modern enterprise consists of a myriad range of applications, both well-known and custom, devices procured from a varied range of vendors, susceptible guest or third party locations, and desktop and end user focused attacks.

The attack mechanisms have shifted from being simple or poorly designed to extremely stealthy, professionally crafted, and targeted malware payloads. As an end result, one requires an enterprise-wide security posture that maintains acceptable risk tolerance levels, professes operational processes that address the entire IT landscape as a whole, and leverages the appropriate technology platforms to reinforce these processes. Among the vital processes required is a vulnerability management program. This helps an organization reduce its exposure to adversaries, both from within and without. This is commonly known as ‘attack surface reduction’. (A system’s attack surface is the set of ways in which an adversary can enter the system and potentially cause damage. Therefore, the larger the attack surface, the more insecure the system.) Hence to be effective, a vulnerability management program must play a key role in managing a company’s overall security posture and risk tolerance. For the IT team, however, aggregating and correlating vulnerability and incident data will result in improving security. The vulnerability management program can show how internal activities as well as external incidents can impact the modern enterprises’ risk profile via trending, prioritization, and relevance correlation. Such an extended view into the security posture helps in gauging the success of activities such as patching, system maintenance, network redesigns, and impact of new devices or applications as well as identifying other areas for improvement.

There are three crucial steps in an effective vulnerability management program. The first step is data aggregation across various scanning tools, system policy audit tools, and device configuration assessment tools. This is followed by prioritization in remediation, by establishing clear groups of assets on geographical, operational, and technological boundaries. The third and last step is continuous analysis and improvement, to understand how the various changes in the IT infrastructure and the threat landscape affect the attack surface of the company and actively work at reducing it.

A modern IT enabled enterprise has multiple mechanisms in place to meet the requirements like asset management systems, change management processes, inline IPS devices, vulnerability assessment tools, and audit tools. However, most lose out on the first step, i.e. data aggregation across these multiple mechanisms. It may be reasoned that having all the mechanisms in place is enough to meet the defined point objectives but that eventually doesn’t provide the practically possible amount of attack surface reduction or ROI that a modern enterprise should actually expect out of the entire process.

Share on Twitter
Share on LinkedIn
Share on facebook