There is an art and a skill to building an effective network security framework which requires a process, methodology and a set of tools that is right for your environment. The 'art' of good security and compliance requires an integrated and layered approach that can continuously monitor and evaluate all IT System activity in real-time to identify potential risks and threats from both internal and external sources.
The process, methodology, and tools come together within this layered approach to providing the network appliance security needed to effectively and efficiently protect the environment and ensure a secure and compliant state. One of the best-known examples of a formal security standard which utilizes a layered security approach is the PCI DSS. PCI compliance requires the adoption of all proven best practice measures for data security in order to protect cardholder data.
What is the Art of Layered Security?
The technology should be 'layered' to maximize security - including Perimeter Security, Firewall, Intrusion Detection, Penetration & Vulnerability Testing, Anti-Virus, Patch Management, Device Hardening, Change & Configuration Management, File Integrity Monitoring, Security Information and Event Log Management
The project should be delivered in a phased approach - understand the scope and environment, groups and types, priorities and locations to build up a picture of what 'good looks like' for the environment. Track all aspects of change and movement within this scope and understand how these relate to the change management process. Start small and grow, don't bite off more than you can chew
Utilize an integrated ecosystem of tools - events and changes happen all the time. Ensure the systems have the intelligence to understand the consequence of these developments and what impact they may have had, whether the change was planned or unplanned and how it has affected the compliant state.
File Integrity Monitoring vs. Anti-Virus
File integrity monitoring works in a 'black and white' change comparison for a file system. FIM detects any changes to configuration settings or system files. In this way, FIM is a technology prone to false alarms but is utterly comprehensive in identifying threats.
For each file, a complete inventory of file attributes must be collected, including a Secure Hash value. This way, even if a Trojan is introduced to the file system, this can be detected.
Anti-Virus technology works by comparing new data to a database of known malware 'signatures' and is, therefore, less prone to false alarms. However, by definition, therefore, AV can only detect known, previously identified malware and as a consequence is 'blind' to both 'zero-day' threats and 'inside man' threats. Similarly, the Advanced Persistent Threat or APT favored for both Government-backed espionage, and highly orchestrated intellectual property theft initiatives will always use targeted malware vectors, used sparingly to avoid detection for prolonged periods of time. In this way, Antivirus is also a weak defense against the APT.
The Art of Layered Security for any kind of network appliance determines that both technologies should be used together to provide the best possible protection against malware. Each technology has advantages and disadvantages when compared to the other, but the conclusion is not that one is better than the other, but that both technologies need to be used together to provide maximum security for data.
State of the art in File Integrity Monitoring
State of the art in FIM for system files now delivers real-time file change detection for Windows and Linux or Unix. To detect potentially significant changes to network system files and protect systems from malware, it is essential to not just only run a comparison of the file system once per day as has traditionally been the approach, but to provide an alert within seconds of a significant file change occurring.
The best File Integrity monitoring technology will also now identify who made the change, detailing the account name and process used to make changes, crucial for forensically investigating security breaches. It is good to know that a potential violation has occurred but even better if you can establish who and how the change was made.
NNT is a leading provider of PCI DSS and general Security and Compliance solutions. As both a File Integrated Device Technology and network appliance security services provider, we are firmly focused on helping organizations protect their sensitive data against security threats and network breaches in the most efficient and profitable manner.
NNT solutions are straightforward to use and offer exceptional value for money, making it easy and affordable for organizations of any size to achieve and retain compliance at all times. Each product has the guidelines of the PCI DSS at its core, which can then be tailored to suit any internal best practice or external compliance initiative.
0 comments:
Post a Comment