In-Depth
New Threats Unite Security and Systems Management Professionals
To effectively address new security challenges, IT organizations need to tighten coordination and integration between security.
by Lubos Parobek
New security threats emerge daily, forcing enterprises and IT organizations to alter their strategies for keeping corporate systems and data secure. Not only are attacks increasingly numerous, but they're diverse. This, combined with a more mobile and distributed workforce, has made traditional security strategies inadequate. To effectively address new security challenges, IT organizations need to tighten coordination and integration between security and systems management.
Over the past several years, the threat environment has changed dramatically. First, the number of attack vectors employed by hackers has grown significantly, whereas in years past, the vast majority of attacks were delivered via e-mail. Today's attacks come from a wide range of sources, including Web sites, removable media (USB drives), public WiFi networks, mobile devices, instant messaging clients, and also Web 2.0 applications.
Second, the number of vulnerabilities these attacks are targeting have almost doubled, growing from 2,500 in 2004 to over 5,500 in 2008 according to the NIST National Vulnerability Database, February 27, 2009. The makeup of vulnerabilities has also shifted away from the operating system and into applications, including browsers (IE, Firefox, Safari), media players (Quicktime, Real Player, Windows Media Player), and document viewers (Adobe Reader). In fact, during the first half of 2008, only 6% of reported vulnerabilities were in operating system components (according to a July 2008 Microsoft Security Intelligence Report).
Further, an increasingly mobile and distributed workforce has exacerbated the security challenges posed by these threats. The days of most systems residing securely behind the corporate firewall are long past. Today, most organizations see a large number of their PCs operating outside the corporate firewall on a regular basis, including laptops used by sales personnel, knowledge workers and remote workers. These laptops are exposed to a broader range of attacks since they are regularly connected to a variety of public networks, and can't benefit from the traditional perimeter defenses implemented by security organizations.
Why Systems Management and Security Management Silos Don't Work
Traditionally, security management has focused on setting up a secure perimeter around an organization's PCs and servers using firewalls, Web, and e-mail filters, and intrusion prevention systems (IPS). This proved effective when most PCs were desktops and remained behind these defenses but is inadequate when large numbers of laptops are moving in and out of the corporate network.
This reliance on perimeter defenses also meant that the security team did not focus enough attention on endpoint security. Often their involvement was limited to specifying endpoint security products, such as anti-malware and VPN software. That left systems management with security responsibilities that they were ill-prepared to handle, such as determining the criticality of vulnerabilities. Increased mobility, vulnerabilities, and attacks mean that the entire network is at risk unless systems management and security can collaborate to better protect the endpoint.
How Security and Systems Management Convergence Improves Security
A critical element of any comprehensive security strategy is reducing the attack surface that hackers can exploit to compromise corporate systems. This requires robust defenses at both the perimeter and the endpoint. Reducing the attack surface eliminates potential entry points that a hacker can use to compromise a network.
Although it is easy for the security team to deploy and implement perimeter security solutions such as firewalls and IPS appliances without the help of the systems management team, the same cannot be said of endpoint protection. The deployment and configuration of security updates and applications such as patches and security utilities (anti-malware, VPN) to PCs and servers requires the help of the systems management team to ensure all updates are successful.
Successful deployment requires that security updates are tested and deployed alongside non-security updates and pass through the defined change management process of an organization. Failure to have systems management deploy security updates not only creates a security risk if the updates fail, but also can generate user and production system downtime if failed updates cause system crashes.
Similarly, the systems management team needs the security team's expertise to effectively protect the endpoint. A prime example is patch management. In the past, many organizations simply deployed all patches as they were released, regardless of severity or impact. However, the explosion in recent years in the number of vulnerabilities and their related patches has made this approach infeasible.
Deploying large numbers of patches is disruptive to end users and may destabilize servers handling mission-critical applications. Therefore, the systems management team needs the security team's expertise to evaluate the criticality and urgency of reported vulnerabilities. This security evaluation allows the systems management team to make intelligent decisions about which patches to deploy and when to deploy them.
Interestingly, this patch scheduling also allows the security team to determine if they need to implement temporary defenses at the perimeter using IPS for particular vulnerabilities until the patch is deployed. Other areas of collaboration include application blacklisting and whitelisting, defining and enforcing endpoint security application settings, and defining and enforcing device policies (USB, WiFi, etc.).
The Right Tools Make Collaboration Easier
Naturally, tools that coordinate security and systems management make both teams more efficient in securing endpoints. New full PC life cycle tools are now available that include the capabilities that security and systems management administrators need to manage and secure the endpoint. For instance, these new tools include vulnerability solutions that allow security to assess and prioritize vulnerabilities, so systems management can easily deploy patches. This saves both the teams' time and effort by improving communication and reduces the need to administer multiple tools.
Similarly, these new tools allow security administrators to define security policies, such as approved applications and devices, then allows for systems management to implement these security policies. These tools allow the security patches, updates, and policies to be deployed alongside other changes, such as application upgrades and configuration changes. This allows systems management to use one integrated tool and change management process for all endpoint management, which reduces errors and down time and allows for greater efficiency.
Summary
Today's threat environment requires robust defenses at both the perimeter and the endpoint. New attacks emerge daily that can compromise laptops connected to public networks. As those laptops come back into the corporate network they can provide the perfect "back door" into an organization for a hacker. By working together, the security and systems management teams can deliver a much more secure endpoint than they ever could working apart, and thereby keep all the doors to the network shut tight.
Lubos Parobek is vice president of product management for KACE, with expertise in leading the development and launch of products into emerging technology markets. Lubos has over 10 years of experience in hardware and software product management and marketing across multiple technology domains including networking, mobile, security, and systems management. Lubos holds a BS in Industrial Engineering from Cal Poly, San Luis Obispo, and an MBA from the Haas School of Business at UC Berkeley. You can contact the author at lubos@kace.com