Defence in Depth
Without a clear idea about which IP assets most need protecting, CIOs may put their security dollars in the wrong places. "Most large organizations have all done basic blocking and tackling — firewalls, antivirus products, et cetera," says Amit Yoran, CEO of network forensics company NetWitness and former director of the US Department of Homeland Security's National Cyber Security Division. But as with cybercrime generally, perimeter defence goes only so far. Companies need a cyberdefence strategy that is multilayered with different types of protection at each layer.
One strategy, called "defence in depth", derives from the military technique for slowing down rather than trying to stop the advance of an adversary. The model applies when the question is not if, but when, hackers will break in. "If you reinforce one area, [attackers] will look to another," says James Lewis, director and senior fellow with the Centre for Strategic and International Studies. "The job is to reduce the chance that they'll be able to get in."
On the network, defence in depth means traditional perimeter security is supplemented with advanced intrusion detection systems, segmented networks with tighter security around some information, demilitarized zones for public data and security audits. But a good defence-in-depth strategy takes its multilayered approach to people, processes and technology as well.
The approach enables IT security teams to get beyond dealing with hackers as if playing a game of whack-a-mole and treat the problem more like a chess game, says Jim DuBois, general manager of information security and infrastructure services security for Microsoft. DuBois has worked at Microsoft for 14 years and lived through a public incident in 2000 when hackers, who The Wall Street Journal reported were traced to Russia, allegedly accessed some of Microsoft's key applications and source code. (DuBois was not part of the security group at the time. A Microsoft spokesperson argues that the incident was not portrayed accurately in the media, but that it reinforced the importance of security controls and helped drive adoption of several projects, including smart cards for remote access and a public key infrastructure — which allows for the secure and private exchange of data in unsecure environments.)
"The thought process is no longer making sure nothing bad ever happens," says DuBois. "There may be a bug in the Cisco code or someone might misconfigure a device. If [attackers] get at that chess piece we left unprotected, what will we do?" Microsoft has moved toward host-based controls, meaning they protect the data on a device or a network. "You have to protect everything, not just important data. Controls are more onerous than they need to be," says DuBois. He wants to get more granular. His goal is to secure the data itself, not the hardware or applications in which it resides, with next-generation digital rights management tools.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Controlling storage costs with Oracle database 11g
Achieving the impossible: Unlimited application scalability
The state of Middleware
Data grids and service-oriented architecture
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
How to improve employee productivity in small and medium businesses
Enterprise Wireless WLAN Security
Solve Exchange Mailbox Storage Issues Once and for All
- White PaperWhat you don’t know can destroy your business. It’s hard to imagine modern business without the internet but in the last few years it has become fraught with danger. Read on to discover how internet security can give your business a competitive advantage.
- White PaperView this webcast and discover the drivers for changing network design practices, why many organisations are changing their approach to network architecture and how enterprises should be moving forward with open architecture multi-vendor network solutions. Register now and learn how your business can maximize the business value of the enterprise network.
- White PaperJoin industry expert Martin Tuip to discover best practice strategy for the archival and removal of .PST files using email archiving. Learn how to ensure long-term email records are there when needed, and reduce the risk to your business and clients.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
SOA What? Why You Need SOA Governance Framework 04 December, 2008 08:32:00
Adopting services oriented architecture (SOA) in your enterprise without thinking through IT governance can cause something like the Gold Rush in the 1800s; extreme rates of growth and minimal law and order which produce unexpected outcomes. - +
The Myth of Cloud Computing 04 December, 2008 08:25:00
Why the rapid spread of virtual technology is becoming a security riskWhy the rapid spread of virtual technology is becoming a security risk. - +
Who Pushed Vendors Toward Better Security? 04 December, 2008 09:38:00
Hint: It had something to do with pressure from customers and government agencies, writes Oracle CSO Mary Ann DavidsonHint: It had something to do with pressure from customers and government agencies, writes Oracle CSO Mary Ann Davidson. - +
CPO & CISO: A Comprehensive Approach to Information 04 December, 2008 08:42:00
GE CPO Nuala O'Connor Kelly advocates greater CPO/CISO cooperation to place the right value on information assets.GE CPO Nuala O'Connor Kelly advocates greater CPO/CISO cooperation to place the right value on information assets. - +
Virtually every Windows PC at risk, says Secunia 04 December, 2008 08:00:00
Almost all PCs scanned by patch tool have an unpatched app; 46% have 11-plus.More than 98% of Windows computers harbor at least one unpatched application, and nearly half contain 11 or more programs at risk from attack, a Danish security company said Wednesday.
F-Secure: Growth In Internet Crime Calls For Growth In Punishment 05 December, 2008 13:00:00
International researchers gather in Sydney to preview the clever web 05 December, 2008 09:48:00
Borderless corporate networks to shift focus to secure content management in Australia in 2009 04 December, 2008 16:06:00
IDC Says Asia/Pacific Excluding Japan IT Market Will Remain The Bright Spot... 04 December, 2008 15:04:00
MySpot SOS "Panic Button" Smartphone Application could save lone worker lives 04 December, 2008 13:34:00
|
||
|
||
|
|
||
|
Discover the advantages of an open architecture multi-vendor network solution
View this webcast and discover the drivers for changing network design practices, why many organisations are changing their approach to network architecture and how enterprises should be moving forward with open architecture multi-vendor network solutions. Register now and learn how your business can maximize the business value of the enterprise network.
Buying Guides
Latest Products
Buying Guides
