How can a network ever really be "secure"?
Posted by: Andy Alsop in Links to articles, NetFlow for Security, tags: employees, end users, NetFlow for Security, network securityI find myself asking the question: “How can a network ever really be secure?” and talking about it with customers and colleagues all the time. This article “How dangerous user behavior puts networks at risk” brings this issue to the forefront. Regardless of the number of defenses a company puts in place whether it’s firewalls, Intrusion Prevention Systems, Security Information Management Systems or the like one of the biggest vulnerabilities are the users on a network.
It is becoming necessary both from what you read in the press and today’s environment to be sure that your company has the necessary “evidence” in a stockpile in addition to alerting and correlation tools for those times when you are alerted by one of your users or a network device about potentially damaging user behavior. What I mean by evidence is to retain all of that network and NetFlow data for future forensic analysis. While that data isn’t going to be able to spot the employee who loads up a thumb drive with company data and takes it home, that data is what allows network security experts in a company to address the insider threat caused by simple violations of corporate policies when it comes to what the employee does online.
The following quote from the above article does a nice job encapsulating some of the biggest problems with trying to secure a networks with all those network users:
“…targeted attacks such as phishing and whaling concern him [Bruce Bonsall, CISO at MassMutual Financial Group in Massachusetts] because they could take advantage of users not keeping up with corporate education efforts. He says technologies such as network access control and security information management…can help protect the network, but only to a certain degree.”
Entries (RSS)