CyberSecurity Institute

Symantec’s view is that a company’s business information is its most strategic asset and must be protected at all times.

This is not something that will be new to any business executive, especially given the number of legal and industry regulations, such as data protection and privacy, Sarbanes-Oxley and regulations regarding food safety that affect a wide variety of businesses.

This has upped the ante in the need to protect information from being altered in any way – or protecting the integrity of that information.

In order to be able to assure the integrity of business information, companies need to have the availability to scan all of the computational assets that they have in their networks to gauge the risk of vulnerabilities, security exposures and threats. This allows organisations to understand the resources that they have in place so that risk posed by security exploits that threaten the availability of those systems can be assessed.

Once the risk assessment exercise has been performed, organisations are in a better position to address those threats and can prioritise the actions that they are going to take to remediate against those vulnerabilities based on the value of the information to a company. Once a company is in the position to act on real-time security information, it is better placed to deal with incidents and disasters when they happen, and safeguard against threats in the future by establishing the policies, procedures and control mechanisms that are required for safeguarding information systems.

Using Symantec’s capabilities for monitoring and managing threats, along with real-time business reporting and analysis, companies are better able to ensure that information integrity is being achieved – taking them one step nearer to legal and industry compliance.

In line with its new corporate positioning initiative, Symantec has just announced the availability of some new products. These include the latest version of its Gateway Security Manager appliance, which provides network security capabilities including firewall, intrusion detection and prevention, antivirus policy enforcement, content filtering and virtual private network technology. This latest version extends gateway security capabilities to include mobile networks with the inclusion of a secure wireless LAN access point, making it suitable for use in remote and branch office environments as well as within the four walls of the corporate office.

Even with effective network security products, disaster can still occur, and information integrity can only be achieved if companies can recover from a catastrophic disaster affecting their networks. For this, Symantec has developed its LiveState Recovery family of products which allow full system restoration or recovery of any files on a server or desktop to ensure that information is available when needed – and hence reducing downtime to a business.

Finally, Symantec has brought out the latest version of its Enterprise Security Manager, which provides functionality for reporting on compliance with regulations, including pre-configured assessment templates designed for specific regulations, such as Sarbanes-Oxley and Gramm-Leach-Bliley.

http://www.it-director.com/article.php?articleid=12354

The real time network analysis offered by its Sourcefire 3D system can place security events in context and thereby help reduce the frequency on false alarms by up to 90 per cent, Sourcefire claims. Users can use the technology to enforce policies based on the correlation of detected threat with network vulnerability and asset data.

Sourcefire said its Real-time Network Awareness (RNA) Sensors score over vulnerability scanners because they provide constant feedback through passive detection of network activity rather than the snap shot offered by the “potentially disruptive” scanner approach.

In response the industry has moved towards intrusion prevention systems (IPS) which automatically block a subset of well-understood attacks.

Martin Roesch, founder and CTO of Sourcefire and creator of Snort, said that intrusion prevention and firewall technologies would converge. Firewalls alone can’t deal with problems like Nimda-style worms spreading across internal networks and stand-alone intrusion prevention technology fails to defend against anything other than well-known attacks, Roesch argued. “Intrusion prevention is a partial solution because the technology is purely signature based or, in the case of defending against DDoS attacks, rate based. Use of the technology can also creates a bottleneck on the network,” Roesch told El Reg.

He contrasted the intrusion prevention technology with Sourcefire 3D’s learn, block and correct approach. “Users could put our sensors inline if they wanted to. We can deliver intrusion prevention by other means,” he said.

Firewalls were traditionally designed to guard against network-level attacks – such as IP spoofing and port/network scans – but as more sophisticated application-layer attacks, such as worms and exploits of known software vulnerabilities, have become increasingly common a need has arisen to rejig corporate defences. That much is common ground between Sourcefire and intrusion prevention systems (IPS) vendors.

Leading IPS vendors, such as Top Layer, argue that rather than loading extra application-aware intelligence into firewalls better performance can be obtained by using standalone intrusion detection and prevention, such as its Attack Mitigator IPS 5500. It would argue its hardware-based technology is superior at automatically blocking attacks.

Sourcefire 3D, released in the US earlier this quarter, is available in Europe from today (28 October).

http://www.theregister.co.uk/2004/10/28/sourcefire_3d/