 |
||||
|
|
Business Strategy
Converged Voice, Video
Special Report: That Was
|
|
|
|
||||
The coupling of multiple agents, such as firewall, antivirus, VPN, host IDS and host-vulnerability assessment products, may lead you to believe that integrated suites are necessary. In many cases, they're not. Yes, the desktop firewall has to let the VPN client function properly, and the HIDS has to see activity on the host without interruption by the firewall. But these are implementation issues for the most part, because the firewall, VPN and HIDS, for example, are all trying to monitor or shim the IP stack.
More important than integration is that the products are running and current when a mobile computer connects to the internal network over a VPN or is connected directly after being off the network. Worms that had no way to enter a network over the network firewall were carried in by mobile users. If your patched mobile systems were using current antivirus software and you had the proper desktop firewall controls, worm propagation would have been unlikely.
Be wary of products that claim to do it all. Standalone products tend to be more robust and thorough than general-purpose multifunction appliances. And with multiple standalones, you can choose and implement the solutions you need. In a recent reader survey conducted by our sister publication Secure Enterprise, only 11 percent of respondents said they standardize on a single vendor for security; the rest use best of breed.
Although traditional network protection aims to keep intruders away from the perimeter, the host bears the brunt of most attacks. Firewalls are important, but they can't tell you anything about what's happening within the computer. HIP (host intrusion prevention) products, such as Cisco Security Agent, Network Associates Entercept and Computer Associates eTrust Access Control, go beyond firewall technologies by controlling access to system resources by applications or users.
Unfortunately, only Cisco Security Agent, which features a full set of configuration tools, is designed to run on the desktop. The other downside of this category is that few HIP products prevent applications from executing harmful actions such as stopping a database from executing a SQL query to drop a table or add a user. Entercept's database protection supports only Microsoft SQL Server 2000.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
