In-Depth

Four Criteria for Choosing a Distributed Security Solution

Only distributed security can protect the borderless enterprise from today's threats.

• By Irfan Salim
• 05/26/2004

The tendency in network security has been to remain centralized and perimeter-based—quite the opposite of today's network landscape, with its mobile users, VPNs, and wireless access points. If this has happened in your enterprise, the solution is to implement distributed security.

What Is Distributed Security?

While perimeter-centric protection remains an important layer in your defense-in-depth strategy, it can no longer protect against all threats. Today, the most vulnerable parts of your network are the individual PCs that comprise it—your network's endpoints. Distributed security is a strategy that, ideally, protects each and every endpoint, whether it's on-site or remote, wired to your network or wireless. Distributed security can take different forms, but due to its very nature—distributed—it has to be installed on each endpoint. As you would expect, there's a management component that lets you administer your decentralized product centrally.

Whatever distributed security solutions you choose, make sure each is able to meet the following four criteria.

1. It employs best-of-breed client technology.

An attacker is never going to say, "I think today I'll choose the dull knife from my bag of tricks." Obviously, the attacker will always attack with the best weapons in his or her arsenal. Why, then, would you ever use anything but the best defenses, especially when the client technology must reliably perform double duty: protect the endpoint (through its core security features) and withstand direct attacks and tampering.

Further, your client technology is responsible for enforcing compliance with your specific security policies. Reliable enforcement is critical, because that's what prevents end users from opening security holes unwittingly. Stated another way, the best security policies in the world are useless without rock-solid enforcement.

2. It integrates with your existing infrastructure.

Any good distributed security solution must work with the network and security infrastructure you already have. In specific, leverage your investments in identity, authorization, and access solutions. For example, integrating seamlessly with your directory servers is mandatory; otherwise, expect errors and security holes to appear.

No security solution can conflict with your antivirus or perimeter firewall, nor any other security product. In fact, the most effective distributed security products actually cooperate with these other solutions to enforce compliance with your policies. With proper integration of best-of-breed products, you end up with security solutions that are worth more than the sum of their parts.

3. It leverages best practices in security policy authoring.

Every distributed security solution requires some amount of customization. This work falls into two categories: configuration unique to your environment (such as the names of your users and systems), and policy authoring that's fairly common from one company to the next (best practices including Outlook access policies or rules for handling patches, for example). With your limited budget and staff, you should focus on the work that's unique to your network.

For more universal policy issues, save time by implementing accepted best practices, which are often available as vendor-provided services. For years, we have seen antivirus companies provide threat signatures, but now there is also a growing market of vendors providing pre-made firewall policies, patch-management expertise, and a host of other security-specific services. Choose a distributed security solution that lets you leverage these established best practices in your policy authoring so you can achieve strong policy compliance.

4. It has powerful management tools yet is easily administered.

Any practical security solution has to be usable—for both you and your end users. You can keep your users safe, but can you do it without interfering with their jobs? The last thing you want is for your end users to find workarounds to your security. Your security policies are a major factor in this behavior.

When you craft these policies, keep in mind the concept of a policy lifecycle. Security policies evolve—don't expect perfection when you first define them. It's often a good idea to make a basic initial security policy and build upon it as you monitor your real-world deployment. That way, as you gather data on what's actually on your network, you can incrementally tighten up your policies. This lets you walk that fine line between keeping your employees not only protected, but also productive. Make sure you choose a distributed security solution with management tools that give you this power and flexibility.

Conclusion

Significant new enterprise security vulnerabilities appear almost daily. Many of these have come as a consequence of evolving from the centralized network model to the borderless enterprise. We can't (and shouldn't) put the remote-and-mobile genie back in the perimeter-centric bottle; but with distributed security, we can make our networks as safe as they are dispersed.