Trending Now

WebProWorld

WebProWorld

Menu
Search
Headline
AI Search
OpenAI Expands ChatGPT Capabilities with Integrated Search Functionality
Essential Tips for Structuring the Beginning, Middle, and End of a Novel.
Essential Tips for Structuring the Beginning, Middle, and End of a Novel
How to Write Engaging Blogs People Want to Read
How to Write Engaging Blogs People Want to Read
Why Social Media Habits Can Be Harmful
Why Social Media Habits Can Be Harmful
How to Change Your Apple Watch Face to Digital
How to Change Your Apple Watch 9 Face Clock to Digital
Drivers Who Text 23 Times More Likely To Crash
Drivers Who Text 23 Times More Likely To Crash
Social Media Will Not Replace Search
Social Media Will Not Replace Search
Guide to Improve Your Email Domain Reputation
Guide to Improve Your Email Domain Reputation
Fall Planting Guide for Eastern Tennessee
Fall Planting Guide for Eastern Tennessee

The Power of 1

Archive
webproworld

The Power of 1

When you travel through an airport, you encounter an integrated security system. Most obvious are the security agents who check your bag for weapons before you enter the gate area.

Less visible are sophisticated surveillance systems that monitor activity as you enter the terminal and while you are inside. Trained security agents watch for abnormal behavior and suspicious activity. New software matches facial patterns with profiles of known offenders. Having identified a problem – or a potential offender – they mobilize a security team, the state police or Federal law enforcement to deal with it.

Sadly, when it comes to enterprise networks, such integrated security systems don’t exist. We have the security agent (your firewall or intrusion prevention system) that checks for weapons (signatures). For many enterprises that’s about it – and it’s not enough. What if an intruder slips by the IPS with a slightly modified signature or new attack? What happens when the attack is internal? What about mis-configurations? IPSs are great at what they do, but don’t mistake a point product for a comprehensive enterprise-wide security system.

Doesn’t a security information management tool (SIM) deliver the comprehensive security blanket we need? SIM tools were a nice first try, but they don’t get the job done either. Rather than perform comprehensive surveillance of network activity, SIMs rely on second-hand event data from products like IPSs and firewalls. That misses at least half the story and guarantees the SIM will miss threats. Of greater concern, a SIM typically can’t do anything to remediate the problem once it is identified. They are more like a crime think-tank than a crime stopper. They gather data and generate reports, but don’t get much done.

Security and network administrators are looking for a unified threat management and remediation platform that:

Identifies emerging threatsenterprise-wide. Stop looking at just the few locations where you have point products. And please, don’t rely exclusively on the signatures of known attack patterns. That’s like building a modern-day Maginot line and we all know how well that worked for the French.

Isolates the threat. Tell me the perp’s name, but also give a few details on his location. Know the network cold so that the exact location can be identified along with which switch, router, IPS or firewall can best block the nasty activity.

Remediates the threat. When a problem is ripping through the network, we have to do something about it – and as quickly as possible. Be able to act on problem behavior either automatically or initiated by the operator.

Basically this is a command and control center that spans the enterprise. The solution must combine key functions that today often exist in disparate security tools. In one platform this command and control console must unite:

1. Network and Security data. This solution must see both actual network behavior and security events. By combining both, the solution will cut through the fog to provide unmatched surveillance of the enterprise.

2. Perimeter and Internal surveillance. We have been talking about it for years and now the painful reality is here: The perimeter has become porous. Enterprises need a security platform that patrols both inside and out.

3. Known and Unknown Attack Detection. Signatures are great – for well known attacks. Besides taking events from security products, however, the command and control center must also learn normal network behavior and identify unusual behavior, regardless of source and without a signature.

4. Reports and Remediation. This solution has to act quickly, solving the problem with measures that are appropriate to the nature, severity and source of the threat. It must offer a choice of automatic or manual response with gradations in between.

Companies are saturated with point products: Another one is not required. The new platform instead leverages the infrastructure that enterprises already have in place. This approach provides an integrated surveillance system for the digital world. In a world where security event managers correlate events but can’t see network activity and anomaly detection products analyze network activity but can’t see other security threats, enterprises need a platform that does both. This cuts through the clutter with one product that finds, isolates and fixes all threats. That is the Power of 1′.

This new security platform addresses today’s threats while greatly reducing the problem of managing disparate point products. It combines the functionality of network flow analysis, anomaly detection, event management, and threat remediation into one product. This integrated architecture means that IT staffs only have to look at one console to find a problem, determine whether it originates from a security event or network misuse, and resolve it. This reduces deployment and operational costs while resolving security incidents much faster. Centralized intelligence ensures that you get the most from existing investments and adding remediation doesn’t mean rolling out new equipment.

A systematic approach to security is needed to address threats effectively. Centralization of intelligence is key. In the Air Force, individual fighter jets are a lot less effective and less responsive without an AWACS (Airborne Warning and Control System) radar plane in the air to analyze data, find threats and coordinate responses. You deploy the fighter jets’ — your firewalls, switches and IPSs — but do you have the AWACS to guide them?

To get enterprise-wide security for your network, don’t just think outside the box, step out of it and replace “the way it’s always been done” with the Power of 1.

Brendan Hannigan brings over 16 years of industry experience to his role as executive vice president of product engineering and marketing for Q1 Labs. He was previously vice president of marketing at Sockeye Networks (a route-optimization firm acquired by Internap), where he led all marketing and product management functions. Hannigan also served as director of network research at Forrester Research, he oversaw the firms most successful practices, covering enterprise networks, security technology and public network services. Before Forrester, Brendan served in a variety of senior product-development roles at Digital Equipment Corp., Wellfleet Communications and Motorola. Brendan graduated with honors in computer science from University College, Dublin, Ireland. For more information on Q1 Labs, visit www.q1labs.com, or email info@q1labs.com.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top