Security Basics mailing list archives
Re: Security Simplification
From: Paul daSilva <pdasilva () polr org>
Date: Wed, 21 Feb 2007 17:20:41 -0500
A good starting point would be to bring together all of your layers of defense, helping to reduce the amount of time various folks spend on tedious processes. Also consider technology updates in your organization that provide new and enhanced features. Not knowing what you do or what you have currently in place, here are some suggestions:
If you have a decent Anti-Virus product deployed on each end-point, make sure you deploy a management console to centralize the installation of software agents and virus definitions updates. This also gives you a centralized quarantine, and you can enforce the corporate policy by ensuring all end-points are protected and up to date. Monitoring the alerts from this system will help you tackle the fewer issues now arising.
If you purchased a very decent Anti-Virus product, leverage your licensing agreements to deploy Anti-Spyware and other bundled products. Maybe even look into deploying a decent Firewall on each PC, with central management and enforcement.
Deploy Intrusion Prevention (IPS) technologies, which will help block bad traffic that gets past the firewall. Putting in another layer of defense like this will hopefully reduce a number of problems.
Deploy a Vulnerability Management solution to help with patching efforts, and giving you a console with your current risks. Newer products and services (like ISS) provide Virtual Patch technology, which means that if the vulnerability scanner correlates an existing vendor advisory with an exposed system, the scanner talks to the IPS devices on the network to block any attempt to take advantage of that vulnerability.
Deploy a Security Event Monitoring solution that can pull together and correlate the logs of all your Firewalls, IDS/IPS devices, Vulnerability scanner, Anti-Virus console, etc. Now you can stop wasting so much time watching different screens for red alerts -- a good solution will weed out the junk and present you only with the important risks.
Create an Incident Management and Emergency Response services team, who can focus on issue resolution in a timely manner.
You will find that by being on top of your overall risk posture will help your security organization do a better, more efficient job, and helps your team provide more value to your company.
HTH, Paul oligarchicalrule () gmail com wrote:
If you were told by a VP to simplify security for your organization, what you think would be a starting point? It's seems vague. We run Windows servers/desktops that are built on the same images. We use Cisco switches/routers/etc. I'm not really sure where to start.
--------------------------------------------------------------------------- This list is sponsored by: BigFixIf your IT fails, you're out of business - or worse. Arm your enterprise with BigFix, the single converged IT security and operations engine. BigFix enables continuous discovery, assessment, remediation, and enforcement for complex and distributed IT environments in real-time from a single console. Think what's next. Think BigFix.
http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/ ---------------------------------------------------------------------------
Current thread:
- Security Simplification oligarchicalrule (Feb 21)
- Re: Security Simplification Tyler Krpata (Feb 22)
- RE: Security Simplification David Gillett (Feb 22)
- RE: Security Simplification Donald N. Kenepp (Feb 22)
- Re: Security Simplification Stan (Feb 22)
- Re: Security Simplification Matt Moore (Feb 22)
- Re: Security Simplification Paul daSilva (Feb 22)
- Re: Security Simplification Matt Moore (Feb 22)
- Re: Security Simplification Isaac Perez Moncho (Feb 23)
- <Possible follow-ups>
- RE: Security Simplification Nhon Yeung (Feb 22)
- Re: Security Simplification Christian Kopacsi (Feb 22)
- Re: Security Simplification simonis (Feb 22)
- Re: Re: Security Simplification aaarugrat (Feb 23)
- Re: Security Simplification Henry Troup (Feb 23)
- RE: Security Simplification Herb Steck (Feb 23)
- Where is the head and tail? WALI (Feb 26)
- Message not available
- Where is the head and tail? Harshal Mehta (Feb 28)
- RE: Security Simplification Herb Steck (Feb 23)