The increasing speed of business is forcing enterprises to keep pace by relying on a combination of traditional electronic communication vehicles like e-mail and real-time communication methods, including instant messaging (IM), as well as Web applications, such as blogs, wikis and Web mail. Enterprises are employing and monitoring the convergence of all of these business communications applications to remain competitive, assist with integrating customers and suppliers into the value chain, solidifying relationships and streamlining operations.

Next-generation security solutions for today's enterprise networks should incorporate a consolidated, real-time platform approach.

At the same time, information sharing and collaboration in business is growing to create a complex environment with numerous external parties and partners, where private and sensitive information needs to be protected. With increasing enforcement of compliance regulations and the disclosure of privacy breaches creating real headaches for organizations that depend on customer trust and loyalty, enterprises need to balance the business requirement of sharing information with the imperative for protecting it.

As quickly as business evolves, the techniques of hackers and other cyber criminals evolve even faster. The days of teenagers defacing Web sites are over. Now the objective is to steal private financial information and remain undetected. What has emerged is really an arms race between electronic criminals and corporate security teams, with business integrity and the privacy of personal information hanging in the balance.

Businesses are also experiencing multiprotocol and multi-application attacks that are more difficult to detect. For example, a zombie network operator looking for a foothold on a network will begin by compromising an unsuspecting employee and gaining access to and control of his computer by planting malicious code onto the user's machine and having the user execute the code.

The zombie would typically start by gaining access to the address book of the individual machine and e-mailing the same attack to each address. In this scenario, these spam messages need to be stopped-enterprises cannot gamble that a user will recognize it as spam and resist clicking on a link or executing an attachment.

Hackers can then return to attack another vector, such as IM. Using search engines, hackers can find the IM handles of employees and attempt to communicate with them via the IM application. While having an IM conversation by itself is not problematic, if an employee accepts a file transfer, accepts a "smiley" or clicks on a link from this IM chat, the results could be disastrous. Preventing such risky behavior hinges on enforcing a granular policy that determines those individuals (or devices) that an employee can or cannot communicate with, what actions they can take and what can be communicated during the session.

Further complicating matters, most hackers hide behind a network of zombies that anonymously do their dirty work. Being able to block an IM request from a specific device that sent thousands of spam messages to employees clearly makes those defenses more effective. Or perhaps that device initiated a port scan of a network within the last 60 days. In either case, there is a high likelihood that the device needs to be blocked.

Today's businesses often find themselves unable to defend against these converged, multiple and blended threats with one-dimensional security defenses that focus on only one or two of the most widely used applications.

Whether protecting private information or ensuring that critical intellectual property does not leak out of an organization, content security should also consider outbound filtering and policy enforcement. Given this imperative, content security gateways can ensure valuable, sensitive or private information does not exit the boundaries of an organization.

Security has moved from simply protecting and analyzing packets into a complex problem requiring the inspection of content within the communications. Thus, the solution should not only distinguish between the different modes of communication-Web, e-mail and IM-but also inspect the content of these communications in an intelligent way, monitoring the protocol, headers, data and attachments. The solution should protect from inbound attacks, viruses, malware, spyware and scripts, while providing policies and content inspection to ensure only permitted information is leaving an organization.

Next-generation security solutions for today's enterprise networks should incorporate a consolidated, real-time platform approach that integrates and applies corporate content and access policies across applications and the network perimeter. Controlling both inbound and outbound content requires sophisticated policy controls granularly defined based on attributes of the content, senders or recipients, groups, and/or attachments-not merely based on packets. Once developed, the policies should apply to all content passing through the platform, regardless of protocol.

Six key factors define a true platform versus a set of separate software and gateway solutions devised to protect specific applications and content:

1.The platform should be multiprotocol (HTTP, SMTP and IM). Integrated attacks utilize multiple attack vectors and protocols, so defenses need to be equally integrated. The platform should also leverage an integrated, consistent policy so attacks can be correlated and controlled, regardless of which or how many transport mechanisms are used.

2. The platform should protect against inbound threats and control outbound content. Attacks can emanate from an internal point and/or information can be leaked purposely or inadvertently from an organization, thus protection is needed for both.

3. The platform should leverage the network effect. When hackers and their zombies use similar attacks launched at thousands of companies simultaneously, security providers should have a broad reach and protect many networks, leveraging the knowledge of all of these attacks to get smarter. If the same attack is seen in 20 different places, the platform generally can recognize them the next time an attack happens.

4. The platform should scale easily. Application attacks ebb and flow on a daily basis. An effective platform should be application-neutral and devote adequate resources to whatever the attack of the day is. Businesess should be able to share processing power among all applications and not force application-specific peak load sizing.

Hardware failures are a fact of life, thus the platform should be able to recover in the event of any failure.

5. The platform should be resilient. Downtime is unacceptable, thus a content security platform should always be available and redundant. Nonetheless, hardware failures are a fact of life, thus the platform should be able to recover in the event of any failure. Data cannot be lost and availability cannot be impacted.

6. The platform should embrace third-party solutions. Hackers use a network of resources to evolve and innovate, so businesses should do the same. An open environment where new defenses can be integrated quickly and seamlessly is critical to maintaining business as usual as new attack vectors emerge.

Andrew Graydon is the CTO of BorderWare, Mississauga, Ontario, Canada.

For more information (click here)

Security for remote systems

by Jim Price and Valerie Hetrick

Many IT staffs today spend significant time rolling out and updating security software applications on laptops and remote PCs. Deploying applications to systems that are frequently out of the main office, however, poses unique challenges. Some of the challenges organizations face include:

Lack of physical presence and "touch." Not only does remoteness complicate simple acts like loading software, it also makes diagnosing problems and assessing the progress of a deployment project more difficult.

More variables.In a typical organization, mobile users connect using several types of virtual private networks (VPN) and remote-access clients, from unreliable public hot spots, slow home wireless networks and even dial-up connections, at unpredictable locations.

Additional security and policy requirements. Not only do mobile systems require more security software than their LAN-based cousins, but they also need additional policies enforced, such as the use of VPNs, connecting from public hot spots and complying with network access control requirements.

In addition, mistakes involving a large population of mobile users are expensive to fix. This puts a premium on planning, thorough testing and intelligent use of resources.

Deploying software to mobile systems requires more testing because the inevitable mid-course adjustments and fixing of mistakes can take longer to implement. Developing a realistic schedule and correctly setting expectations for senior management is critical.

The ideal situation would be to refresh the entire population of mobile systems at one time and install a standard image on every laptop. While this is rarely possible, there may be an opportunity to capture many of the same advantages by planning around a major event where many mobile workers are assembled in one place.

Taking into account the timing of other software implementations and upgrades is also necessary. Even routine activities like updating Windows patches or applying service packs to other applications can interfere with the deployment of a new security application. If a major release is coming up in a month or two, it may make sense to delay the initial implementation rather than doing an implementation and then an upgrade.

Mobile systems tend to be more unpredictable than LAN-based desktop systems. Employees outside of the office feel free to make more changes on their systems. Furthermore, usage and connectivity scenarios are far more varied.

Therefore, testing deployments with systems on the corporate LAN is not sufficient. The deployment should be tested with systems in the field. Find testers with multiple images, language packs and installed applications.

Use a sample of workers from different departments in the company with different usage patterns. Have them take the laptops home, use them on the road and try multiple Wi-Fi hot spots and 3G connections. Create test scripts that can be used by the pilot testers and make sure they are executed on a systematic basis.

Plan on a thorough pilot program before rolling out applications to large population groups. Problems identified during the pilot phase are less expensive to fix than problems identified after an application has been sent to hundreds or thousands of remote systems. If bug fixes are made during the deployment, make sure all pilot users restart their testing from the beginning to make sure that the fix does not introduce any new problems.

Installing on remote systems often requires users of widely varying technical skills to take specific actions. Even "silent" installations can affect system and network performance, especially in locations with low-bandwidth connections. This means the user community should be told specifically what to expect, especially about long download times and actions they should take to support the installation of software on their systems.

Jim Price is a communications professional services consultant and Valerie Hetrick is a communications manager, customer engineering, at Fiberlink, Blue Bell, Pa.

For more information (click here)

The virtual security reality

by Matthew Franko

Virtualization gives companies flexibility with time, money and space. It allows them to house 15 to 20 virtual machines (VM) on one physical machine. The extrAa security issues that VMs create, however, can cause management headaches. First, there are the issues that are unique to virtualization itself.

Because of the potential for an attack through a compromised VM, the underlying operating system's security requires extra attention, along with the permissions and access it has granted to the hosted VMs. If VM-A, for example, which resides on the same physical server as five other VMs, is compromised and the physical server has allowed too much access and permissions, then further attacks from VM-A could result in the remaining machines being compromised.

In other words, hackers have everything needed to gain access to an entire network by breaking into one VM.

Hardware failure has an extreme effect inside a virtual environment. If the physical machine that hosts the VMs were to fail, every server located on that machine would suffer, as opposed to a non-virtual environment where each server's failure is isolated to only itself.

The recovery procedure for hardware failure should define proper handling of VMs, use of backups and where to restore them. This will prevent any unintended archiving of a virtual machine that can be lost and not traced.

Then come legacy problems, such as failing to establish proper operation procedures, not documenting system details, setting incorrect permissions, not creating recovery plans and outdated patching, that are amplified (and multiplied) by virtualization.

The fixes for these legacy problems are the same as the fixes for the problems with physical networks. First, proper policies and procedures should be instituted. This practice is commonly overlooked when dealing with VMs because system administrators do not go through the checks customary when manually installing a new server. Instead, they just copy and paste new servers onto the network and overlook common practices, such as security.

The policies and procedures should also define and document a specific time to back up or copy systems, which will allow any "off time" copying to be identified and/or treated as a security incident. They should also do the same for hard-drive space, processor speed, RAM allocation, passwords and any defaults installed or changes made.

Failure in this area could cause a problem of shared resources. This is exclusive to a hosting environment, where a company could theoretically view another company's information if their resources overlapped.

Another problem is the way most companies handle their VMs. The machine or person in charge of the machine will back up the systems or make copies, as needed. The lack of a standardized backup process can become an issue because unauthorized copying of the machines for malicious intent could be easily overlooked.

Most companies usually decide to have experts install a virtual system, but then these same companies often fail to hire experts to properly secure or assess the security of the virtual system. This can lead to a flurry of problems that quickly multiply every time a VM is copied within the virtual system.

Security needs to be a priority from the start. Be sure that practices, such as hardening and patching management, are in place and applied to each VM. Failing to follow this approach will provide vulnerabilities for hackers to exploit.

From an infrastructure-management perspective, the proper policies and procedures, as well as normal security practices, can help minimize the risks surrounding network security. Performing regular internal and external penetration tests as part of an all-encompassing security architecture also is important. This will validate the security of the physical and virtual parts of the network.

Penetration tests provide a detailed assessment of a network's security at a given time. This will allow staff to see what state the network is in at the current time and provide a mitigation plan to get to the desired state. The cost for penetration testing can range from $10,000 to $30,000 a year, depending on the size of the organization.

Matthew Franko is the public relations manager for SecureState, Cleveland.

For more information (click here)