e-business: Security Threat Management
By Byrne Ghavalas
The advent of the Internet and surrounding technology has opened up many opportunities for businesses that are willing to take risks and embrace the e-revolution. This revolution has changed the way we do business and companies around the world are being forced to find new and innovative ways of conducting their business online.
The adoption of the online business model presents a wealth of opportunities and cost savings to an organisation, but at the same time introduces it's own unique set of problems. Possibly one of the biggest challenges that an organisation must overcome with regards to online business is security.
The security challenge is multi-faceted and complex, with dire consequences if it is not properly addressed. Threat Management is one aspect of security that requires careful consideration, taking in to account the plethora of options available, including IDS, auditing and logging systems, and alerting services.
An effective threat management strategy will enable a company to respond proactively, allowing them to mitigate potential threats as they arise. However, more often than not, the systems implemented to assist companies in assessing and mitigating these threats, tend to provide an overwhelming volume of information (and many false alerts), reducing the overall effectiveness of the system. In addition, the technical solutions tend to be complex to install and maintain, increasing the strain on corporate security teams.
Quality information that can be delivered on time is key to any security system, particularly a threat management system. There are currently a myriad of ways to gather intelligence for a threat management system, ranging from manual trawling of web sites to automated news feeds and mailing lists.
It is only through the combination of security tools, intelligence, and acting proactively that a company can begin to survive the attacks against their online business.
Many larger businesses have dedicated resources whose primary responsibility is to scour the Internet for the latest threats relating to the organisation. These teams have to sift through information provided by recognised vulnerability alerting services such as CERT, BugTraq, UNIRAS, X-Force and SANS to name a few. They also keep track of the vendor's web sites as well as a variety of news groups and perhaps even certain underground hacker sites. After having gathered all of this information, these teams have to sort through it, classify it according to the source, validity and impact and discard all information that is not related in some way to the organisation, finally feeding the relevant alerts to the responsible persons within the company.
The gathering of intelligence is resource intensive, requiring high-level and expensive skills. Without these skills and intelligence, a company increases its risk of being compromised through possible vulnerabilities in its systems, as it is not possible to proactively fix something if one is not even aware the problem exists.
The question is therefore, "How does one acquire this intelligence without having to make a substantial investment in skilled resources?"
The answer is through the use of intelligent alerting services. A service that is able to provide configurable alerts specific to an organisation's requirements, on a timely basis, and to the right person.
Does such a service exist? The good news is that it does. There are a few organisations that provide this service as part of their managed / monitoring services. SANS and Security Focus are well known in the industry for their part in distributing quality information with regards to security and vulnerabilities.
SANS provides the Security Alert Consensus newsletter through electronic mail (http://www.sans.org/sansnews) for free. The subscription can be "personalised" by selecting the operating systems / sections to which you wish to be subscribed. The drawback is that the information is delivered weekly and cannot be further customised.
Security Focus offers SIA (http://www.securityfocus.com), an annual subscription based service, which provides an alerting service that can be customised to provide alerts through a variety of means including fax and voice. The alerts are provided as soon as the information is added to the database. The service can be fully customised to provide alerting only on products and technologies that are relevant to the organisation, and can even be tailored so that alerts for different technologies reach the correct person. This means that the team responsible for network infrastructure will not receive alerts that are only relevant to the web development team, helping reduce the overload of irrelevant information.
With new vulnerabilities being discovered everyday, an intelligent alerting service is a crucial component in the arsenal required to combat the onslaught of attacks and vulnerabilities in an online business. The proactive companies that were quick to realise the potential of the Internet and the digital revolution provided themselves with a competitive advantage compared with their rivals who were slow to adopt the technology. The companies that fail to be proactive and adopt Threat Management as a part of their security strategy will soon find themselves at a distinct disadvantage, possibly even out of the game!
