Home
> Cover Story
E-security
moves towards simple managed solutions
By
Brian Pereira
Enterprises
are now more aware about security and are looking for sophisticated
solutions that are easy to manage and implement
enterprises
are looking for comprehensive solutions that are simple
to implement and manage. solutions providers are addressing
this requirement with Managed Services
Not
long ago the word 'Hacking' was limited to the vocabulary
of security experts and computer engineers. Today hacking
incidents feature on the front pages of our dailies. The
casual reader may sit back in awe, engrossed in stories
about hacked police websites. But for organizations with
large enterprise networks, every hacker's exploit is a dreadful
reminder that network security cannot be 100 percent foolproof.
Three years ago, organizations would buy off-the-shelf security
products (mainly anti-virus and firewalls) and have their
in-house engineers configure these for "maximum security."
But as their networks grew or meshed with public networks,
the number of entry points and threats also increased, calling
for increased expenditure in manpower and infrastructure.
Today companies want multiple layers of defense and go in
for Intrusion Detection Systems (IDS), authentication, firewalls/VPN,
virus protection, encryption, content filtering, vulnerability
management etc. But as security solutions grow in complexity,
organizations find it increasingly difficult to implement
and manage them. The enterprise network security industry
is now addressing this issue with managed solutions. Suddenly
consultants and security experts are in demand indeed enterprise
security is "serious business," as a security
consultant puts it.
"Corporations
have historically been concerned about protecting their
internal data from accidents, but only recently have they
realized that their data is vulnerable to (external) attack
and is worth protecting, even at a high cost," says
KA Ramprasad, Deployment Engineer, Apara Enterprise Solutions.
Hacking incidents have increased so there is more awareness
about security within the enterprise, informs Milind Dikshit,
Practice Head (Security Consulting), Bangalore Labs India.
"Electronic security measures in today's corporate
world is limited to anti-virus and firewall solutions. But
the increase in security breaches, despite the deployment
of anti-virus products and perimeter-security products,
and news-making attacks on well-known websites, has led
to an increase in the awareness of the various aspects of
information security," says Dikshit.
The growing threat and concerns about security have resulted
in a demand for security solutions and services. A recent
IDC study projects that the market for IT security will
explode at a rate of 1,400 percent in the next four years.
Worldwide revenues for security-related commodities will
grow from $66 million last year to $952 million by 2004.
IDC expects this colossal growth to be driven by concerns
about protecting intellectual property that develops as
companies' e-mail, Internet traffic and content increases
in volume and complexity. The increasing number of xSPs
(ISP, ASP, Security Service Providers etc) providing these
services will also contribute to the rate of growth.
Many consulting firms and security solutions providers are
now jumping at this opportunity. In addition to offering
new security products, they are moving into the security
consulting and services space too. Traditional anti-virus
companies like McAfee and Symantec have joined the ranks
of enterprise security companies to cater to the security
requirements of enterprises.
"Until
three years back we were perceived as a retail company,
but today the growth is really in the enterprise security
market," says Joy Ghosh, Country Manager (India), Symantec.
"Through a series of acquisitions
we have evolved into an enterprise security solutions company
with a full complement of security products. We have also
recruited more security experts."
Even as corporations around the world take a more serious
stance on security, the security solutions providers listen
carefully to their requirements, revise strategies, pour
millions of dollars into R&D, and then develop innovative
products and services with tighter security. There are plenty
of hardware and software security solutions, but in order
to be really effective they must be properly configured.
Today enterprises are looking for comprehensive solutions,
but they must be simple to implement and manage. Security
solutions providers are addressing this requirement in a
number of ways, the foremost being Managed Services.
Managed Services
The opportunity in the Managed Security Services (MSS) space
is big. In its report 'Where the Investment Dollars will
go in 2001,' the Yankee Group predicts that the managed
security service provider market will grow to over $2.6
billion by 2005.
MSS lets organizations concentrate on core competency rather
than worry about security or spend exorbitantly on security
infrastructure. With MSS an organization can count on the
technical expertise and knowledge of outside security experts
to remotely manage firewalls, VPNs and intrusion-detection
systems. This can be done at two broad levels: firstly the
managed security service provider (MSP) can remotely administer
a security infrastructure at the organization's site via
the Internet. In this case the MSP may host the firewall
or other backend systems at its site. Secondly, the MSP
can provide On-site security management services at the
organization's site, just as third parties conduct facilities
management (FM) for organizations. The organization may
choose to outsource its security entirely, leaving the management
and maintenance of its security systems totally in the hands
of a consultancy firm.
Says Viswajeet Deshmukh, Country Head (India), Network Associates
(NAI), "As networks expand, organizations will need
to increase expenditure on trained manpower to manage security.
At the same time these organizations want to lower cost
of ownership. So we thought of an ASP model for managed
services and a year back we invested $33 million in McAfee.com."
Through an initiative called McAfee ASaP, Network Associates
offers remote Web-based managed services designed to ensure
security of enterprise networks in the areas of anti-virus
and firewall protection, VPN capabilities, and vulnerability
assessment.
Symantec Security Services offers remote managed services
out of its network security centres in San Antonio (US)
and Epsom (UK). A team of security specialists in San Antonio
can monitor a bank's network in Hong Kong, and keep a watchful
eye for intrusions. All this is done via the Internet, with
local support.
Companies like Securify and RipTech, which were traditionally
into consultancy, now offer Managed Security Services. Even
networking equipment giant Cisco has stepped into this area.
And of course other security companies like Baltimore Technologies
and ISS have also entered this space.
Though much is happening in the Managed Security Services
space globally, the concept is still to catch on in India.
Also organizations are moving slowly towards outsourced
security management. Only a few ISPs and security solutions
companies offer managed services here, and for various reasons,
on-site security management continues to be the norm.
"Managed
Services are still some time away and will coincide with
bandwidth availability," says Vikram Watwe, Chief Security
Architect, MIEL e-Security. "The basic problem here
is the connectivity between the service provider's site
and the customer."
Adds Avinash Kadam, Chief Executive (Assurances and Global
Services) MIEL e-Security, "Today organizations are
not outsourcing security entirely and are still trying to
understand how outsourcing will be beneficial."
Confirms Symantec's Joy Ghosh, "Right now most organisations
want to keep security infrastructure at their own site.
In fact we are in talks with clients for onsite security
and will send our security experts to the client's site
to manage their security infrastructure."
Single Console
The management of security systems can also be simplified
by having a single console. Today there are different consoles
for various security components. In a typical scenario,
there would be one console each for a firewall, IDS, anti-virus,
content filtering, vulnerability management and so on.
"Our
customers tells us they want to manage all this through
a single console and we are working towards this,"
says Symantec's Joy Ghosh. "A single console gives
a snapshot of the entire network."
NAI's Vishwajeet Deshmukh says a single console can offset
the shortage of trained manpower. "As the network expands,
companies will find it expensive to hire more personnel
to manage the added infrastructure. With a single console
you can sit at one location and manage all the firewalls
on the network."
Unified management
As networks grow, authentication systems and security solutions
get distributed,
making administration a complex and costly affair. A new
breed of policy management tools is simplifying management
through a unified interface for all security products across
the network. This helps reduce implementation time and management
complexity, thereby lowering the total cost of secure computing.
IBM's Tivoli SecureWay Policy Director for instance, unites
core security technologies around common security policies.
It provides access control for TCP/IP and other applications
based on the same, consistent
security policy.
A solution from Kyberpass lets customers
use solutions from different PKI (Public Key Infrastructure)
vendors, and simplifies user administration.
Security Appliances
Another approach to simplifying management of security is
to use pre-configured, hardware-based security solutions.
Security appliances are more secure since they run their
own software rather than depend on a server-based operating
system. They are also faster since unnecessary software
layers have been stripped off.
Today one can buy boxed solutions for firewall, anti-virus,
VPN etc. Symantec for instance offers VelociRaptor, a Firewall/VPN
appliance, McAfee is offering gateway protection for e-mail
with its Webshield E-appliance series.
Says KA Ramprasad of Apara Enterprise Solutions, "Increasingly,
customers want a single device to handle both firewall and
VPN features
as well as provide traffic shaping capability to properly
allocate
WAN bandwidth and deliver quality-of-service assurances.
Companies that offer associated networking technologies,
such as switches and routers, are including firewall technology
in their devices."
With plug and play functionality security appliances are
intended to offer quick implementation and simplified installation.
But first generation security appliances are just hitting
the market and it remains to be seen if these will be truly
plug and play.
Futurewatch
While the focus today is on multi-layered security solutions
that are simple to manage and implement, tomorrow's solutions
will be smarter and more proactive (See 'The future of network
security').
The retina and fingerprint scanners seen in Hollywood movies,
may not be as common as card- or token-based authentication
systems, that are fast becoming popular. But yes, security
(and that haughty hacker) will certainly be foremost in
every CIO's mind.
Brian Pereira can be reached at brianp@rediffmail.com
The
future of network security
As organizations get more conscious about network security,
we will see new practices and trends in the coming years.
Security solutions will get more complex, there will be
multiple layers of security and organizations will outsource
their security requirements. Here are some trends we can
expect to see:
Outsourcing: Large companies will outsource their
information security requirements, primarily intrusion detection,
monitoring and response, and 24x7 management. "This
is primarily because despite new training programs, the
shortage of security personnel, especially certified intrusion
analysts, will worsen as nearly three million new computers
are added to the Internet every month," opines Milind
Diskshit of Bangalore Labs.
Appliances: Network Security appliances will offer
improved plug-and-play functionality. We will see more box
solutions for firewalls, anti-virus, VPN, IDS and encryption.
Firewalls: Organizations will begin to move from
a single firewall to a network of distributed firewalls
and substantially outsource firewall management to organizations
(often ISPs) that can offer 24x7 management.
Personal firewalls will gain prominence especially with
mobile workers.
Proactive IDS: Intrusion Detection Systems are going
to get more proactive. New IDS systems will be smart enough
to understand how an application should behave and also
prevent hackers from manipulating the application remotely.
The administrator will create rules for each application,
describing how it should behave. Agents will monitor all
logins and will intercept system calls and prevent unauthorized
file or registry edits from taking place. All this will
minimize false alarms and also intercept malicious code
before it does any damage.
Anti-virus: Worms and viruses will spread more quickly
and take over entire networks. They will change identities
and be more evasive. To keep up, the next generation of
anti-virus products will move from traditional pattern/character
matching detection techniques to behavior-blocking technologies.
There will be better and faster distribution systems for
virus definitions and submissions.
Wireless: Security in the wireless space will gain
more significance. End-user devices will prove vulnerable
but transmissions will get extensive protection through
encryption.
Encryption: PKI will continue to steadily evolve
and improve. In the next few years, this will become a prominent
authentication mechanism. "PKI infrastructure and Certification
Authorities will be considered as the base requirement for
authentication," opines Rajeev Wadhwa, COO, Global
E-Secure.
Network Design: Companies will redesign their networks
to include security from the ground up and in all layers
of the OSI model.
<<
>>
