In-Depth
Beyond the Firewall: Protecting Information Outside the Network
Information protection has transformed from protecting the network to protecting the information -- wherever it resides.
by Brian Foster
Times have certainly changed in the world of security. In the not-so-distant past, a firewall and antivirus program were the only security tools that a company needed to protect its data.
Unfortunately, today’s security solutions are no longer that simple. Information is continually flowing within a widespread network of employees, partners, and customers who typically do not operate within the controlled sphere of a business’ enterprise network. To further complicate matters, corporate security policies and industry and government regulations continually pressure organizations to ensure that information remains secure and available while online business transactions and communications are protected.
Now, people are the perimeter. As a result, information protection has transformed from protecting the network to protecting the information, no matter where it resides.
Dealing with Multiple Data Access Points
Business data is constantly moving between an expansive range of employees, customers, and partners with varying security clearance. This business environment presents security professionals with a dilemma: organizations depend on these interconnections to accomplish critical business objectives. However, these interconnections also lead to a wide range of vulnerabilities where a security breach can occur.
These out-of-network connections are widespread and critical to an organization’s business objectives. For example, at any given time, salespeople are connecting to the corporate network through a hotel network, guests are accessing the Internet through the corporate wired or wireless LAN, mobile workers are checking e-mail and downloading attachments at kiosks, and customers are making online business transactions from home Internet connections and public wireless hot spots.
Partnerships add another dimension to out-of-network data protection. The business environment of online retailers is often characterized by a labyrinth of cyber-relationships with its own partners as well as with affiliates and subsidiaries, partners of an affiliate or subsidiary, and partners of an affiliate’s or subsidiary’s partner. The standard financial services enterprise gathers customer “trust” by forming thousands of partnerships—50 to 200 new ones each year, by some estimates.
Valuable information is vulnerable to exposure over each of these connections. Consequently, protecting information in such an environment requires the elimination of exposures not only inside the network but also across business boundaries. This includes endpoint enforcement through protection, configuration, and usage, as well as endpoint compliance, which means that all endpoints and access points must be secured all the time.
Simple user error can also put organizations and their customers, partners, and employees at risk for a security breach. Recent headlines about data breaches through laptop thefts, such as the much-publicized incident at the Department of Veteran’s Affairs illustrate this point. While the exact repercussions of this event have yet to be determined, it has already been called one of the nation’s largest security breaches to date, and the potential magnitude of its impact accentuates the often tenuous line between information protection and information exposure in the interconnected environment in which businesses and individuals work.
Threats from Yesterday and Today
In terms of security, the Internet has changed drastically since its infancy. For example, the first Internet worm was launched in 1988. It spread to just 6,000 computers, which represented 10 percent of all the computers on the Internet at the time. In 1993, Internet traffic was expanding at an annual growth rate of nearly 342 percent. The following year, a virus writer took advantage of this growth to spread malicious code by posting the Kaos virus to a newsgroup.
Those can be considered the good old days. Where yesterday’s threats were noisy and visible to everyone, today’s threats are silent and often go unnoticed. Stealth pays for today’s hacker, especially with the current price of a successful adware and spyware installation at between five and 20 cents a pop.
While earlier threats were indiscriminate and hit as wide an audience as possible, today’s threats are highly targeted and regionalized. Today’s cyber-criminals are motivated more by money than notoriety. As a result, hackers unleash quiet but sophisticated, modular, malicious code designed to commit identity theft, extortion, and fraud.
In turn, the task of containing, managing, and protecting data has become increasingly more difficult, complex, and critical. Information protection has clearly moved far beyond network security and now extends to protecting data regardless of where it is. As many businesses are learning the hard way, companies that lose the data lose the business.
Data Protection at any Location
To reduce information exposure risks, it is vital for organizations to secure both their managed and unmanaged endpoints. Since managed endpoints are within an organization’s administrative control, persistent agents can be used to implement appropriate countermeasures. This is significant because these endpoints often have more extensive rights for accessing and storing information, which in turn signals the need for tougher security measures.
Among the most effective tools for protecting managed endpoints are personal firewalls, intrusion protection, and antivirus technologies. Personal firewalls are a widely recognized countermeasure, although their effectiveness is limited to protecting at the network layer. Personal firewalls often cannot stop application layer attacks that utilize protocols and connections allowed by their rule base. Despite their limitations, personal firewalls are a valuable component of managed endpoint protection as they permit only traffic that is explicitly allowed by policy.
Intrusion protection technologies offer another layer of security for managed endpoints. Host-based intrusion protection complements antivirus by guarding against unknown attacks that operate at both the system and application levels as well as network-based threats such as worms. While some network intrusion protection solutions rely on signatures, guarding against known attacks, other solutions provide more advanced mechanisms such as vulnerability-based signatures and protocol anomaly detection to keep unknown threats out.
Another effective tool for protecting managed endpoints is antivirus software. Although antivirus tools flood today’s marketplace, the most effective protection comes from technologies that include anomaly or heuristic-based threat detection in addition to antivirus and anti-spyware capabilities. Other effective security technologies are application control, patch management, buffer overflow protection, host integrity checking, and encryption technologies.
In addition to managed endpoints, protecting unmanaged endpoints is critical to reduce the risk of information exposure. However, because these devices are outside an organization’s control, they require on-demand protection that does not impose changes or restrictions beyond the duration of a specific interaction. To that end, organizations can leverage a number of on-demand technologies, including host integrity checking, firewalls, cache cleaning, malicious code protection, and a secure virtual workspace.
Since people have become the new perimeter of defense against data loss, people must also become part of the information protection strategy. No information protection solution is effective without the cooperation of the people who actually use the endpoints. Although corporate and employee security responsibility and accountability is widely acknowledged as a vital, yet challenging, component of an information security strategy, its effectiveness is greatly enhanced when organizations carefully specify requirements and responsibilities and apply automation to ease enforcement.
In today’s highly connected business world, organizations have a wide variety of tools to choose from to protect proprietary information that resides inside and outside their network. As businesses leverage technology to manage the systems under their immediate control, as well as those upon which their employees, customers, and valued partners rely on to do business, information protection becomes a reality.
Brian Foster is a senior director of product management at Symantec Corp., where he is responsible for the direction and development of the company’s endpoint security solutions. You can contact the author of this article at brian_foster@symantec.com