Blog / Your New Security Guard
Have you ever been doing your job, everything is going fine, suddenly out of nowhere your brain suddenly goes “Oops!” and it takes you a little bit to figure out exactly why? The feeling that
“Oh, I’ve done something wrong, but I’m not exactly sure what” The other day I had one of those moments.
In the last Newsletter, I talked about RSS feeds as a tool to stay informed. Towards the beginning of the article I mentioned using a Holistic Approach to Security.
It occurred to me that some of the readers of this Newsletter may not actually know what a Holistic Approach to Network Security means. I figured it would be worth explaining, since it is currently one of those buzz phrases that is being thrown around a lot. So once again, it is time for those learning caps.
Traditional Network Security is designed much like boarders on a country. Think of customs and immigration as an example. The primary purpose, is to keep tabs on the perimeter and watch the traffic that goes in and out. For a computer network, it includes things like firewalls and intrusion-protection devices, antivirus scanners and other equipment mostly located at the edge of your network. Each device or service is setup to watch for specific things (Viruses, bad traffic, etc.). The Security may also include monitoring of important internal resources, like servers and file shares, but again the equipment is setup to look for specific events, like loss of service. If no alarm is triggered, then it is assumed there are no problems.
A Holistic Approach to Network Security still includes perimeter defenses of the same nature. It also includes internal monitoring, the same as traditional Network Security. The key difference is not in what gets setup, it is how everything is monitored. Rather than only looking for specific bad events (this file is a virus, this email is spam, etc.) you are also looking for “suspicious activity”. If the phrase sounds a bit vague that’s good, because it is.
The best way to think of this would be to imagine yourself as the Security guard for a building. At the end of the day, the alarm system is armed. The alarm system includes things like door alarms, cameras, motion sensors, etc. Whatever it takes to keep tabs on the entrance ways and important areas of the building. If motion detectors go off, it means there is an intruder. If a door gets opened after hours, it triggers an alarm. This equipment can be compared with firewalls and other Security devices you install in your network, mostly on the perimeter. Now in addition to this Security, every once and a while the Security guards go on their rounds. They look at the doors to make sure things still look good and nobody has tried to force their way in. As they walk around, they may notice a few things that seem “odd or out of place”: An internal door here is open, a light there is left on, there’s a van parked out front. These things on their own don’t mean much, no intruder has been found and no alarm has been triggered, but these things together tell the guards something is wrong, so they sound the alarm.
That’s the essence of a Holistic Approach. Rather than simply being focused on individual problem events, you look at the bigger picture and try to find things that are abnormal.
The idea is that rather than waiting for something specific (obvious and potentially costly) to go wrong, you also keep a proactive look-out for things that are out of the ordinary. One of the nice things about computers is that their behaviour is highly predictable, so if something seems out of place, it usually means there’s something wrong. It may be a simple issue of a misconfiguration or malfunctioning equipment … but may also be the warning signs of an attacker.
So, Holistic Security sounds great, doesn’t it? It’s the right way to do it, for sure. But you should remember, getting a camera system installed is a one-time expense, just the same as a firewall. Periodically you need to repair some equipment, but the ongoing costs are low. Adding a Security guard is an additional and ongoing expense and the cost adds up over time. That’s where companies tend to have the problem. Some of them can’t (or won’t) justify the cost to get someone qualified to monitor their equipment; others simply can’t find someone qualified. Whatever the reason, not everyone can or will commit to improving the Security of their company in this way.
And there you have it folks, Holistic Security in a nutshell. Hopefully, this fixes my oops and is of benefit to everyone, at the same time.
Thanks
Dave White
Trinus Technologies Inc