Join us as we explore ways to grow your business with technologybrought to you by Dell and Microsoft
10 Ways to Implement Multi‐Layered Security
Letha Wicker 16 Nov 2011 9:48 AM
How secure is your enterprise? Does your current strategy include true end‐to‐end security? Learn ten ways to better implement a multi‐layered security approach in your organization. Topics covered include: Lost laptops and smartphones, botnets, network security, messaging security, Intrusion Prevention Service (IPS), End Point
Security, and much more.
Any complex business has security holes: lots of them. And in today’s world of always on, ubiquitous computing, universal Internet connectivity, and seamless mobility it’s getting harder to identify the risks, much less closes them. Worse, a fast‐growing, global dark economy centered on disseminating and leveraging exploits is making it more difficult to predict attacks and mount targeted defenses. While classic hacker prizes like your strategic IP or customer credit‐card files are still very much at risk, your business may also be the target of less‐pointed attacks, like email or e‐ commerce denial of service, or random ‘phishing’ aimed at capturing employee or customer personal data. Bottom line: as defender, you must fight to thwart every possible attack. The attacker, however, only needs to locate one weak link to wreak havoc.
A better solution to this dilemma is multi‐layered security: implementing multiple, overlapping security solutions so that your most‐critical assets are buried deep behind several lines of defense. In theory, it’s a solid strategy, but one that large enterprises – even with comparatively great resources and large pools of specialized IT talent ‐‐ have been at pains to deploy
1. Time for an upgrade
It’s doubtful you’d still be in business if you didn’t already have endpoint security (i.e., virus and malware protection), and hadn’t given your less‐ savvy users at least one round of stern talks about “never opening strange emails.” As a next step, upgrading desktop and laptop operating systems
may be the single most effective move you can make to secure your company – not only because an OS upgrade brings online collective security learnings from prior versions, but also because the upgrade process itself tends to simplify and impose rigor: eliminating old, little‐used applications, and giving you a change‐up point for negotiating new security protocols with users.
Windows 7, for example, is at this point increasingly a known quantity, generally more stable than XP, highly compatible with legacy software, and with improved security, encryption, malware removal, automated patch sequencing, and other features built in. But how do you simplify and reduce the workload of transition, not to mention manage the licenses involved? The answer is to implement an automated solution for OS upgrade distribution and management ‐‐ one with appropriate characteristics (e.g., large file storage, session bandwidth, OS‐specific logging, policy management, etc.) to handle this specific task, which has storage, network and computational characteristics quite different from everyday patch issuance and configuration management (see below).
2. Patch Early, Patch Often
While we’re on the subject, getting a handle on OS and application patches lets you keep ahead of exploits while improving product stability and performance. Patch deployment solutions let you evaluate, select, test, aggregate, deploy, log, and audit patch history. So it reduces workload, increases assurance, and provides an important link in the technology due‐diligence chain for regulatory compliance. Because patch deployment is typically more time‐sensitive, but less storage and bandwidth‐intensive than OS upgrades, the architecture supporting these solutions is slightly different. Often, the patch‐management function is augmented by configuration and policy