If you’ve already read through Sourcefire’s Agile Security Manifesto and the 12 principles that deliver viable security in the real world, you’ll already be familiar with this point. While I was working with some very smart people on that document (far smarter people than myself, I must add), I was conscious of one point that I really wanted to make sure was included. This brings us to manifesto point #8, “Every environment is unique. You must be able to adapt your defences to fit your needs...and do so quickly."
I have worked with organisations for many years to help define achievable network security goals and design solutions that help them get there. At the start of the process we go through it’s common to hear statements from the network team along the lines of, “We’ve got a standard n-tier network” or, “It’s just a normal client environment,” however let me make one important point up front right now:
No two operational networks are the same, and they never will be.
This is such an important fact that I’m continually shocked that people choose to ignore it. It’s also vital to understand that, from a security standpoint, a network barely even resembles itself a few months down the line. New systems, new software, new users, new vulnerabilities, new attackers, and new patches create a constant state of flux. This leads to a security challenge that continually evolves and is out of joint with the project-focused delivery of security we frequently see today. You can’t deliver ongoing security by the implementation of a short-term project; it is critical that we all understand that the goal posts move continuously.
So, with it understood that every environment is unique and always changing, we are left in a situation that no security technology will match your requirements off-the-shelf. Sure there could be some overlap, but never a perfect fit. The ability to tune a security device to your unique need is vital, and the ability for the device to configure itself is ideal to lower the ongoing efforts of managing security as things change.
Sourcefire has, of course, invested a large amount of development effort in creating solutions to this situation over the years. Snort is arguably the most flexible and configurable security engine available, and when this is linked with the visibility delivered by our awareness technologies, automation can get you a long way towards this goal with minimal effort.
Failure to tune a security system to your business’s needs at the time of installation leads to a suboptimal or failed deployment. Failure to continually adjust its configuration as the situation changes not only makes protection go stale, but also opens up exposures you likely don’t expect masked with a false sense of security.
You must adapt your security technologies to match the current environment they protect. In fact, if you are still forced to configure things manually and can’t leverage automation to do this for you, stop reading this blog now and go get started!
0 comments:
Post a Comment