Attacks on the enterprise are getting increasingly sophisticated. Current solutions available do not seem to be adequate given the innovativeness, precision and persistence of these attacks in different forms and of different dimensions. Organisations thus want to increase the sophistication of their employees and also of the solutions to be deployed given this backdrop.
Computer 10: Lesson 10 - Online Crimes and Hazards
Safeguarding the Enterprise
1. 1
Safeguarding the Enterprise: a new approach
Sanjay Sahay
Introduction
Attacks on the enterprise are getting increasingly sophisticated. Current solutions
available do not seem to be adequate given the innovativeness, precision and
persistence of these attacks in different forms and of different dimensions.
Organisations thus want to increase the sophistication of their employees and also of
the solutions to be deployed given this backdrop.
Facts & Challenges
Research shows that 55% of the breaches requires months to years to contain
(Verizon 2010 Data Breach report), 16% of breaches are discovered via active and
deliberate action. Only 24% of APT malware is detected by an anti-virus solution.
(Mandiant 2010) Logs are at the heart of monitoring and use of logs for the right
purpose and in the right directions can come handy immensely. Mining of logs throws
up data which the professional can make a meaning of. The signs are there, we just
need to get better in recognizing them.
This is the challenge of safeguarding the enterprise. “We watch these attackers and
we know them. Some are very fast moving…, if you lose track of them in your
system, you can lose them for months if not forever. The impact of damage cannot
be gauged at a later date and real impact would remain unknown forever. This brings
us to the primary question of why safeguard the enterprise. The enterprise has to be
safeguarded primarily for two reasons the first being the physical security, it cannot
exist in a vacuum and the second being the safeguarding of the data.
Structure
During the course of this article I will take you through my definition of a
safeguarded enterprise, the new approach – Gartner White Paper, goals, security
risks and key success factors, security architecture, data center, connectivity and
application, application data security life cycle, security information and event
management, single sign on, the future- cloud computing and the final thoughts based
on the discussion gone through this article.
2. 2
What is a safeguarded enterprise
Safeguarded Enterprise is the sum total of a clear – cut perception,
appropriate/integrated planning, documentation, meticulous execution ad
dynamic/robust maintenance of enterprise security policy at awareness, attitudinal,
physical, systems, processes, application and data dimensions throughout the
enterprise creating a near fail safe enterprise.
Silo
Silos have ruled the world till we realized what a silo is and the way it feeds like a
termite on a system, which is an integrated system, for namesake. So was the case
of security in the Enterprise Business Architecture. Business, information and
technology (BIT) were the three components. The new approach emanates from a
Gartner White Paper in the year 2006 titled ‘Incorporating Security into the
Enterprise Architecture Process’. This led to the creation of Enterprise Information
Security Architecture with four critical components of Business, information,
technology and security (BITS). BIT changed to BITS and security became a design
component itself.
S E a new approach
Enterprise Information Security Architecture
• Architecture• Architecture
• Architecture• Architecture
Business Information
SecurityTechnology
3. 3
In the midst of the clamor for a fail safe data regime which would be nonetheless be
a mirage, the importance of physical security should not be diluted. My visit to
Indian IT companies in Bangalore has helped me confirm by belief that physical
security stands at par with data security though the two are distinctly different
thought processes, are different in execution and would remain to be complimentary
for all times to come. 9/11 has been a watershed in modern human history, the
location of the Taliban attack Ground Zero as is its called was a rubble of what was
best of the companies in the world housed in the World Trade Center towers 1 & 2.
Whatever come may… physical security will always count, whether on land, in air or on
water. This does not in any way bring down the importance of the Disaster Recovery
process of our state of art data centers which were able to retrieve nearly all the
data which was physically located on the servers and computer systems in the two ill
fated buildings.
Goals
The goals of Enterprise Information Security Architecture is to provide a structure
that is coherent and cohesive. As the business motive is predominant in a business
enterprise, the business to security alignment in critical. Any disconnect would be
critical to profitability and at times to the existence of the enterprise itself. The
details ought to neatly spelt out, top down which should be synchronous in itself and
synergize with the business strategy. At the end of the day, this approach helps
establish a common language for information, for its free flow, clarity of
communication and timely and effective response mechanism for information security
within the integrated enterprise.
Risks
The common risks which the enterprise faces today is all too well known. This can
broadly be summarized as mentioned below:
Email attachments
VPN Tunnel vulnerabilities
Blended attacks
Diversionary tactics
Download from websites
Supply chain and partners added to the network
Microsoft’s SOAP
4. 4
Renaming documents
Peer to peer applications
Music and video browsers
Key Success Factors
Awareness of the impending danger is the initiation of diagnosis and objective
diagnosis can only lead objective treatment and maintenance of a healthy enterprise
both form the point of view of physical and data security. Security awareness in all
its dimensions creates an environment where all success factors fall in place like a
jigsaw puzzle, the people, the processes and technology. One the security awareness
human platform are the two main technical components of Network Security and
Application Security. Operating system security, Patch and AV management and SIEM
are the three components of the final layer which can be termed as the operating,
functional and the analytical layer.
Security Architecture
The key success factor is the synergy of People, Processes and Technology creating a
seamless security architecture which is optimally functional and has the capability to
propel the enterprise to the next level. The people part comprises of user awareness,
guidance, administration and effective monitoring of the system. The processes part
comprises of policies, standards, guidelines and audit capabilities. Last and the most
important component in a technology driven world is technology itself manifested by
the use of IPS, Firewall, AV, DLP and SIEM.
Defense of Depth
“Defense of Depth” is a concept used to describe layers of defense strategies. The
components at each layer work in tandem to provide one cohesive security mechanism.
This layered approach also helps localize the impact if one element of the mechanism
is compromised. The defense of depth layers concentric circles begins moving
outwards with the Data at the bull or the innermost circle. The circles from the
innermost to the final outside circle are data, application, host, internal network,
perimeter, physical and policies, procedures and awareness.
5. 5
At the Core
Data Center, Connectivity and the Application are at the core of the enterprise
security. The main purpose of a data center is running the applications that handle
the core business and the operational data of the organization. Secure application
usage is the key to the creation of a secure enterprise.
Secure connectivity is the backbone. The Karnaktaka State Police broadband
networking is a intranet named KSPWAN which is a combination of 39, 2 Mbps MPLS
leased lines for big offices, 512 Kbps 1400 VPNoBB connections covering all police
stations and small offices and 8Mbps internet leased line with and aggregation
bandwidth of 32 Mbps working as a single network of 5000 computers across the
state working out of a single server located at the KSP Data Center. The choice of
intranet over internet is the first decision towards security of the enterprise which is
slowly becoming the norm in enterprises across the globe.
6. 6
S E a new approach
KSP Connectivity
Application/s is at the heart of the enterprise. An ERP created for the enterprise
aligns to all its tasks and activities also takes care of all the staff functions which
run co-terminus with the business functions. Secure ERP on an intranet is what we
are all heading for.
The Application Data Security Lifecycle (ADSL)
SE a new approach
The Application Data Security Lifecycle
Assess Set Policies/Controls
Measure Monitor / Enforce
The Application
Data Security
Life Cycle
7. 7
The diagram clearly elucidates the role of different components of the ADSL. The
lifecycle as is the case with concept and process starts with the assessment
encapsulating the configuration/usage of servers and data, test configuration,
evaluate the inherent risks and also assess how and by whom the data and
applications are used.
Setting polices and controls is the subsequent task. The policies should be
automatically created considering the right mix of business and security
considerations with the flexibility to adapt to user changes and support granular
policies and controls. Monitoring and enforcing is more important than creating the
policies itself. The separation of duties should be ensured simultaneously with user
accountability. The transaction details should be in a comprehensive manner and alerts
and blocks should be resorted to in real time. Measure is a tool, an utility which
provides the appropriate usage, levels of effectiveness and the depth of the impact
of the system put in place which is conducted by way of built in and custom reports,
roll up and drill down data, security event analysis and the compliance workflow.
Security Information & Event Management (SIEM)
SIEM, an intelligence platform helps safeguard the business by giving complete
visibility into the activities across the IT infrastructure. It fulfills the functionalities
which would be not be emanated out of single activity logs and without this software
system no correlation can be mapped or understood leave aside taking any correctional
action. Logs are the cornerstone of all activities and making meaning of the logs as
per our requirements is the real professional tool. The functionalities being attended
to by this software are asset discovery, threat detection, vulnerability assessment,
event collection, correlation, event management and log storage. The SIEM
capabilities comprise of data aggregation, correlation, alerting, dashboards,
compliance and retention.
Single Sign On
Single Sign On, SSO, is a property of access control of multiple related, but
independent software systems. Conversely, Single Sign Off, is the property whereby
the single action of signing out terminates access to multiple software systems. The
benefits we derive out of this system are as follows:
More secure
Reduces password fatigue
Reduces time spend for re-entering passwords
8. 8
Reduces IT costs – helpdesk calls pertaining to passwords etc
Security on all levels of entry/exit/access to systems
Centralized reporting for compliance adherence
Cloud – The Final Frontier
Cloud computing has turned out to be the final frontier as on date, with advantages
to so many but procedurally and technically still not seeming to full secure.
Enterprises my still take sometime to switch over to complete cloud environment.
There are large number of security issues/concerns associated with cloud computing
which can grouped into two, firstly security issues faced by cloud providers and
secondly security issues faced by their customers. The provider must ensure that
their infrastructure is secure and client’s data and applications are protected. The
customer must ensure that the provider has taken proper security measures to
protect their information.
Cloud - Virtualization
The extensive use of virtualization in implementing cloud infrastructure brings unique
security concerns for customers of a public cloud service. Virtualization alters the
relationship between the OS and the underlying hardware – be it computing, storage
or even networking. The use of this technology introduces an additional layer –
virtualization – that itself must be properly configured, managed and secured.
Specific concerns include the potential to compromise the virtualization software.
While the concerns are largely theoretical, they do exist.
Challenges
What we are witnessing today is advanced cyber threats are advanced cyber threats,
collaboration is the key in dealing with them. No single organization can respond
positively given the nature of the challenge posed on enterprises today. There is need
for the creation of an Advanced Cyber Security Center (ACSC) for cross sector
collaboration organized to help protect the country’s enterprises from the rapidly
evolving advanced and persistent cyber threats.
ACSC would strengthen short term defenses and long term capability. Actionable
intelligence to bolster an organizations defense in the short term and generate new
defensive strategies and R&D in the longer term would be the logical guiding principle.
9. 9
The near term results would be application of front line analytics, medium term
results would be the application of New “ Predictive Analytics” Development and the
long term results would true Research & Development which would throw up innovative
security solutions for the enterprise. Though it would time taking yet it would be
worthwhile to leverage on sustainable and continuous research improving the enterprise
security by leaps and bounds.
The other challenges include cloud computing with virtualization which I have already
discussed in detail. With mobility becoming the order of the day, this would remain
an area exclusive concern and most gadgets would be internet enabled where
compromising security is easier than in a closed environment.
Country standards are a must and only international benchmarking which is generally
not enforced can be relied upon completely. The protocols so created, which would
have the sanctity of the law would be universally enforced to bring into existence a
business enterprise regime in this country thriving on its protocol and enforcement
and the enterprise relying on the BITS architecture wherein security would be a
design element from the stage of the concept itself. Secure software with all inbuilt
security features has been be emphasized all throughout this article.
Conclusion
Complexity is our life and making it simple our goal. Technology gains the highest end
with simplistic products and services. The complexity of IT security gets confounded
with innumerable applications, the processing power, the world wide web interface,
cross enterprise collaboration and the like. Cloud computing, though in its nascent
stage has thrown a major challenge to IT security, the success of which would be
epochal and the IT services would take a well deserving leap forward.