6 Reasons Why You Need a Unified Approach to Threat Management

Subhasish Gupta, Country Manager – India & SAARC at Allied Telesis
The world is becoming increasingly complex with evolving threats and attacks. As a result it has become quite tough for companies to ensure complete protection for their valuable assets and resources. Earlier security systems in companies generally consisted of a firewall and anti-virus software, and maybe some local firewalls on work stations. However, as the range of attacks broadened, more points of vulnerability were identified. Many organizations started deploying multiple security devices and software like SSL gateways, VPN routers, intrusion detection devices, application security solutions etc.

While each of these solutions provides its own capabilities to do certain jobs very well, most of them are not equipped to provide the end-to-end protection that organizations need today. A network security system consisting of multiple security products has its own downsides. Therefore, it has become important for organizations to consolidate their threat management systems and adopt a Unified Approach with a Next-Generation Firewall.

Here are some reasons why you need a unified approach to threat management:

1. Each Security Product needs its Own Maintenance: Security systems have to be continuously upgraded to keep pace with the ingenious criminals who are forever finding yet more devious ways to attack networks. Any system is only as strong as its weakest link. So, a best-effort approach to maintenance of the various components is not good enough. It is important to ensure that all the separate components of the security system are up to date, all the time. Different systems sourced from separate vendors will have different user interfaces, and different paradigms of configuration and management.

2. More Products Create More Interoperability Issues: In a non-unified approach, each product operates in isolation, and has no knowledge of the requirements of the other components, or what effects its operation has on the operation of those other components. Headers might be updated, packets might be re-ordered, and fragments recombined, and so on. The alteration that one product makes to data may affect the operation of the next product in the chain, which could lead to missed attacks, false positives being reported, or even corruption of valid data.

3. More Products Will Have More Points of Failure: As stated above, a security solution is only as strong as its weakest link. If one product in the solution fails, then the protection afforded by the solution is significantly weakened. With a multi-component solution, it is both costly and technically challenging to provide a hot-standby backup for each component. Businesses face the choice of investing the time and money into establishing and maintaining a fully redundant system, or alternatively taking the risk that downtime will be experienced when one or another component fails.

4. A Silo System Misses Sophisticated Attacks: The biggest security threats today are those referred to as Advanced Persistent Threats (APTs). These are not isolated, opportunistic attempts to break into a network, or throw Denial of Service (DoS) attacks at it. Rather, they are patient, crafted, multi-step procedures for inserting malicious agents into a network, and then using those agents to perform damaging activities within the network. The detection of APTs requires correlation of several factors – such as unusual DNS activity, increased Dynamic DNS requests, traffic to sites of unknown reputation, unusual amounts of data being sent out to unexpected destinations at unexpected times, and more.

5. Plugging the Gaps Can Be a Challenge: Building a system from a collection of specialist tools is feasible if the goal of the system is well understood, and relatively unchanging. However, the business of cyber security is both very difficult to fully understand and forever changing. Building a cyber-defence system by selecting a set of tools and then integrating them brings with it the challenge of keeping fully abreast of new threats, and determining exactly which tools to update, replace or add to the system to keep ahead of the threats.

6. Each Security Product Has its Limitations: Every device or piece of software has flaws, or fails to work in exactly the way one would expect. Over time, the flaws, unexpected behaviours, or limitations of the various components become evident, and decisions need to be made about how to deal with each of these. In each case, the experience will be different – each vendor gives a different customer experience, and each product’s troubleshooting methods will be different.

As attacks grow in sophistication, the task of keeping ahead of them grows ever more challenging and time consuming. The solution to the problem of proliferating specialist-purpose security products is to replace them all with a single unified device – one that is designed from the ground up to provide security in the modern networking environment. Such a device, commonly referred to as the Next-Generation Firewall, holistically combines the full range of security tasks from multilayer filtering to virus and spyware scanning, intrusion detection and protection, SSL encryption/decryption, data leakage protection, application control etc. In a unified approach, as new types of threats emerge, the task of plugging the gaps or providing the right enhancements would lie with the security vendor.