Re: Security Simplification

[Paul daSilva <pdasilva () polr org>]

A good starting point would be to bring together all of your layers of 
defense, helping to reduce the amount of time various folks spend on 
tedious processes.  Also consider technology updates in your 
organization that provide new and enhanced features.  Not knowing what 
you do or what you have currently in place, here are some suggestions:

If you have a decent Anti-Virus product deployed on each end-point, make 
sure you deploy a management console to centralize the installation of 
software agents and virus definitions updates.  This also gives you a 
centralized quarantine, and you can enforce the corporate policy by 
ensuring all end-points are protected and up to date.  Monitoring the 
alerts from this system will help you tackle the fewer issues now arising.

If you purchased a very decent Anti-Virus product, leverage your 
licensing agreements to deploy Anti-Spyware and other bundled products.  
Maybe even look into deploying a decent Firewall on each PC, with 
central management and enforcement.

Deploy Intrusion Prevention (IPS) technologies, which will help block 
bad traffic that gets past the firewall.  Putting in another layer of 
defense like this will hopefully reduce a number of problems.

Deploy a Vulnerability Management solution to help with patching 
efforts, and giving you a console with your current risks.  Newer 
products and services (like ISS) provide Virtual Patch technology, which 
means that if the vulnerability scanner correlates an existing vendor 
advisory with an exposed system, the scanner talks to the IPS devices on 
the network to block any attempt to take advantage of that vulnerability.

Deploy a Security Event Monitoring solution that can pull together and 
correlate the logs of all your Firewalls, IDS/IPS devices, Vulnerability 
scanner, Anti-Virus console, etc.  Now you can stop wasting so much time 
watching different screens for red alerts -- a good solution will weed 
out the junk and present you only with the important risks.

Create an Incident Management and Emergency Response services team, who 
can focus on issue resolution in a timely manner.


You will find that by being on top of your overall risk posture will 
help your security organization do a better, more efficient job, and 
helps your team provide more value to your company.

HTH,
Paul



oligarchicalrule () gmail com wrote:
> If you were told by a VP to simplify security for your organization, what you think would be a starting point?  It's seems 
> vague.  We run Windows servers/desktops that are built on the same images.  We use Cisco switches/routers/etc.  I'm not 
> really sure where to start.
>   


---------------------------------------------------------------------------
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse.  Arm your 
enterprise with BigFix, the single converged IT security and operations 
engine. BigFix enables continuous discovery, assessment, remediation, 
and enforcement for complex and distributed IT environments in real-time 
from a single console.
Think what's next. Think BigFix. 

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
---------------------------------------------------------------------------