The information security landscape has changed dramatically in recent years. While the network hacker continues to pose a threat, regulatory compliance has shifted the focus to internal threats. As noted by Charles Kolodgy, analyst at IDC, “Compliance shifted security management from monitoring external network activity to managing internal user activity at the application and database level. " Whether contending with the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the Federal Information Security Management Act (FISMA), or other compliance challenges, companies must prove diligence in managing information security risk. Maintaining the integrity of security information is increasingly complex, consuming valuable resources. Service-oriented architectures are increasing the pace of application development. Networks are comprised of more applications and data with greater distribution, creating more access points to critical data. Though visibility into real-time threats and vulnerabilities is called for, most organizations lack the tools needed to transform information security data into actionable security intelligence. Security Information Management Challenges Developing and implementing an effective security information management system has many challenges. With the recent explosion of information privacy and security legislation, executives and IT groups are more accountable for security requirements and compliance auditing. Closer examination of company security postures is exposing potential vulnerabilities previously unimportant or even unrecognized, including:
- Disconnect Between Security Programs and Business Processes - Information security programs are often inadequately integrated into business processes, creating disconnect and process inefficiencies.
- Fragmented Security Information, Processes, and Operations - Information security often takes place in a decentralized manner. Separate databases and unrelated processes might be used for audit assessments, intrusion detection efforts, and antivirus technology.
- Security Performance Measurement Difficulties - Many organizations struggle with performance measurement and management, and developing a standardized approach to information security accountability can be a daunting task.
- Broken or Nonexistent Remediation Processes - Previously, compliance and regulatory requirements called for organizations to simply log and archive security-related information. Now, auditors request in-depth process documentation. Both threat identification and remediation are becoming more important.
- Abnormal User Activity and Data Leakage Identification - With today's security requirements, organizations need to quickly and efficiently add processes to facilitate incident identification and detection of anomalous behavior.
The emergence of compliance as the leading driver for information security management projects has forced organizations to refocus on securing underlying data critical to financial operations, customers, and employees. Achieving regulatory compliance is a complex challenge for organizations, with massive amounts of data and complex applications to monitor, and increasing numbers of users with access to those applications and data. Organizations need accessibility to contextual information and to understand real-time network changes, such as adding assets, and the new vulnerabilities and threats that creates. Business Services Continuity Continuity of the security management program across an organization is key to risk management and compliance success. Organizations should be able to predict where most threats might occur, and how they might impact the business. Data is constantly in motion, continually consumed by users and applications across the enterprise. Increased deployment of service-oriented applications increases the number of users with potential access to enterprise data. Service-oriented applications have many moving parts, and monitoring at the application layer is much more difficult than monitoring network activity.
Threat and Risk Management As businesses and networks grow, organizations shift their security focus from trying to address all security issues to establishing security priorities. The larger, more complex organizations choose to focus on the most damaging threats, those with the greatest financial impact, and those security issues that can cause the most disruption to business processes. Previously, the focus for security organizations has been on stopping threats from outside the enterprise. Yet data leakage and inappropriate user activity from inside the enterprise are often bigger threats, since the potential hacker is so much closer to the data. Organizations today are forced to reconsider their approach to managing risk from insiders. Security Performance Measurement Given that organizations cannot manage what they cannot measure, the need for security information event management and benchmarking are key aspects of an effective security decision support solution. Organizations need to understand their security posture at any point in time, and then have the ability to use that as a security baseline to measure against. Also, executive management needs a fast, straightforward, and credible way to have visibility into the organization's security posture.
Unified Network and Security Management Too often, identifying, managing and eliminating threats across the enterprise is a fragmented and ineffective process for businesses and can lead to damaging outcomes. Taking a trial-and-error approach can result in network and application outages, lost data, lost revenue, potential compliance violations, and frustrated users. To meet compliance needs and maintain business services continuity, organizations need a coordinated response across a unified infrastructure. Paul Stamp, Senior Analyst for Forrester Research, states, “When security incidents like a worm outbreak or a system compromise occur, information risk management needs to coordinate the response, providing timely advice regarding the appropriate response actions. Moreover, they need to make sure that the different teams involved in IT security that need to plug the security holes communicate effectively and get the job done as efficiently as possible. " Security Information Management: The Backbone of Security Decision Support
Security decision support can provide a flexible yet comprehensive solution for addressing risk management and compliance challenges. An enterprise-class SIM platform can translate raw data into actionable security intelligence that can facilitate decisions regarding appropriate mitigation and remediation. Security metrics enable management to take decisive action. SIM also accelerates incident response with a consistent work flow. SIM technology enables collection and interpretation of security information from strategic applications and compliance-related assets, as well as from perimeter devices. Security information is made available to individuals and technology domains across the enterprise, while supporting IT governance, enterprise compliance, and risk management initiatives.
Organizations should have processes in place that automatically identify not only external security threats, but especially internal threats, since most vulnerabilities lie within an organization's perimeter. Though businesses rely on perimeter defenses to ward off viruses and worms, unintentional internal data leakage is common. Both the perimeter and internal security information can be managed together to uncover security threat patterns. Through an integrated, comprehensive approach to security management, companies can gauge whether they are improving their overall risk posture. Conclusions Please register to download the full report, along with conclusions.
netForensics transforms all security-related information into actionable intelligence, enabling more than 450 enterprises and government agencies to better respond to security threats, maintain compliant operations, and ensure the continuity of key business processes.
By harnessing the power of our award-winning Security Information Management (SIM) platform that manages more security information events at more organizations than any other product in the marketplace, we help customers deliver security management solutions that rely on the availability of timely and relevant information security information.