|
INTRODUCTION
As the nature of threats to organizations continues to evolve, so must the defense
posture of the organizations. In the past, threats from both internal and external
sources were relatively slow-moving and easy to defend against. In today's environment,
where Internet worms spread across the world in a matter of minutes, security
systems - and the network itself - must react instantaneously.
The foundation for a self-defending network is integrated security - security
that is native to all aspects of an organization. Every device in the network
- from desktops through the LAN and across the WAN - plays a part in securing
the networked environment through a globally distributed defense. Such systems
help to ensure the privacy of information transmitted and to protect against internal
and external threats, while providing corporate administrators with control over
access to corporate resources. SDN shows that the approach to security has evolved
from a point product approach to this integrated security approach
These self-defending networks will identify threats, react appropriately to the
severity level, isolate infected servers and desktops, and reconfigure the network
resources in response to an attack. The vision of the Self-Defending Network brings
together Secure Connectivity, Threat Defense and Trust and Identity Management
System with the capability of infection containment and rouge device isolation
in a single solution.
SELF
DEFENDING NETWORKS
To defend their networks, IT professionals need to be aware of the new nature
of security threats, which includes the following: Shift
from internal to external attacks Before 1999, when key applications ran on minicomputers
and mainframes, threats typically were perpetrated by internal users with privileges.
Between 1999 and 2002, reports of external events rose 250 percent, according
to CERT. Shorter
windows to react. When attacks homed in on individual computers or networks, companies
had more time to understand the threat. Now that viruses can propagate worldwide
in 10 minutes, that "luxury" is largely gone. Antivirus solutions are
still essential but are not enough: by the time the signature has been identified,
it is too late. With self-propagation, companies need network technology that
can autonomously take action against threats. More
difficult threat detection. Attackers are getting smarter. They used to attack
the network, and now they attack the application or embed the attack in the data
itself, which makes detection more difficult.An attack at the network layer, for
example, can be detected by looking at the header information. But an attack embedded
in a text file or attachment can only be detected by looking at the actual payload
of the packet--something a typical firewall doesn't do.The burden of threat detection
is shifting from the firewall to the access control server and intrusion detection
system.Rather than single-point solutions, companies need holistic solutions. A
lowered bar for hackers. Finally, a proliferation of easy-to-use hackers' tools
and scripts has made hacking available to the less technically-literate. The advent
of 'point-and-click' hacking means the attacker doesn't have to know what's going
on under the hood in order to do damage. These
trends in security are what have lead to the advent of SDNs or Self Defending
Networks as the latest verson in security control. <<back |