Five Steps to Make Your Security More Proactive
While no single solution solves all problems, getting ahead of security problems can bring big rewards. Here's how to get started.
Not all security solutions are created equal. While each has its place, no single solution solves all problems. In fact, recent threats have highlighted shortcomings of an entire class of security solutions—reactive security. As you can guess, reactive security waits for a security event to occur, and then responds to it. Examples include security patches that are created directly in response to specific vulnerabilities, and signature-based solutions such as antivirus products, which rely on patterns created only after viruses appear.
Proactive security, on the other hand, protects you by default—in advance of threats striking. For example, the best personal firewall technology will keep even unknown worms from propagating across your network. The benefits are obvious: would you rather spend your time and budget cleaning up after security incidents or avoid them entirely?
In practical terms, reactive security leaves you vulnerable to zero-day exploits—by definition, there's no time to build a defense. Contrast this with proactive security, which keeps you safe against even unknown threats.
Follow these five steps to implement proactive security in your organization and "future-proof" it against zero-day attacks.
1. Assess your security
Make a list of all the solutions you have in place to safeguard your network. Include everything—from your antivirus to your security policies to the physical access to your servers. Once you have the complete list, consider which solutions actually protected you and which needed updates, patches, or other adjustments against recent threats such as Sasser, MS-Blast, and SQL-Slammer. Odds are you'll find that you have a lot of reactive security measures (antivirus, IDS, patches) that needed updates. You'll list fewer examples of proactive security (endpoint security clients, intrusion prevention systems, strong-password requirements, access rules) that protected your organization by default.
2. Extend your network perimeter
With the addition of remote and mobile users, the traditional concept of a network perimeter needs expansion. Extend the security of your network perimeter to each endpoint PC with host-based security. Installing an endpoint security solution that includes a personal firewall on each enterprise PC, for instance, can contain network infections that routinely evade reactive technologies such as antivirus.
3. Deploy enhanced authentication
Update your existing authentication to support 802.1x/EAP or other standards-based forms of compliance. Most likely, at least some elements of your infrastructure may already support 802.1x/EAP.
Updating your infrastructure may require the introduction or updating of client software, yielding these benefits:
- unauthorized users (including wireless freeloaders, contractors, and guests) can't access your network
- employees can access only the resources they should
Even if you don't specify many differences between groups' network authorization rights, you now have solid protection from an outsider breaching your perimeter and having the run of your network. And, of course, you are well positioned for future growth, as you add employees and refine your policies to be even more proactive.
4. Employ strong enforcement mechanisms
Tie steps 2 and 3 together by using the client software you've installed to develop policy to enforce compliance cooperatively with 802.1x/EAP, standards-based solutions. When purchasing, choose solutions that can support one another to provide robust security policy compliance. At the very least, you want to prevent network access by non-compliant systems—however you define non-compliance for your purposes, whether it's systems not running up-to-date operating systems or antivirus.
5. Pat yourself on the back. Then take a deep breath…
…because when the next MS Blast or SQL Slammer hit you'll be spending a lot less time remedying issues. Remember, security is a process, and policies have lifecycles. With new applications entering your network every day, there are always new risks to mitigate. The good news is that this gets easier every time.
Frederick Felman is Vice President of Marketing at Zone Labs and has more than 18 years experience in marketing software and services. During his time with Zone Labs, Mr. Felman launched several key products, helping to define
Zone Labs' enterprise product, Zone Labs Integrity.