Viruses, worms and other malicious code often exploit vulnerabilities found between the cracks of the various software layers of an organization’s security system infrastructure.
However, faced with increasing pressure to do more with less, IT departments often don’t have time to ensure full integration of the point products. One alternative to integrating separate security products is to install products that combine the functions of several point products – such as antivirus, antispam filtering and Web content filtering – into a single software package.
In theory, this approach provides tighter system security, lower admin overheads, lower maintenance costs and a substantially lower price point. But this is an oversimplified view.
The issue isn’t software integration per se, but how you deploy your security software.
Security rationalisation has more to do with strategy than product. Rather than saying “We need a firewall, antivirus software, content filtering and URL blocking,” examine the points of vulnerability that these products address and see which software approach would be more appropriate – single point product or integrated solution. As a rule of thumb, it’s best to deploy single point products at the gateway and integrated software for content. For example, firewalls are singular in their purpose: they patrol network ports, and inspect and reject undesirable IP packets. Deploying an integrated product for the job would slow down network traffic as the software would be performing several functions at the gateway. In this case it’s best to install an optimised best-of-breed product. Similarly, URL blocking is best handled separately along with content analysis. When checking e-mail you need to scan for viruses, filter for spam and block hoax e-mails. If these functions are dealt with separately, the same e-mail needs to be opened three times to be checked by different software programs. This is slow and inefficient. That said, the security landscape is becoming ever more complex. Worldwide, blended threats, phishing and a myriad other scams have soared in recent months. If organizations are to improve their defences against e-mail fraud and malicious code, IT security needs to be strategy-led. Security software can only do so much. To deal with the social engineering tactics used by phishing scams, organizations need to educate their users and have policies to assist in identifying these scams. By taking a rationalized view of IT security, pattern matching can be used to identify trends in activity and provide better protection. A more strategic, holistic approach will let systems administrators respond to threats more effectively.
Daniel Zatz is senior security consultant, Computer Associates Australia