Cover Story: Enterprise Security

Protection for the enterprise

The rate at which security breaches occur in enterprises is increasing by the day. Here are the strategies that security solutions vendors and consultants have to address this problem

Has the concept of enterprise security changed? What are the products and strategies vendors have to protect the enterprise? Here's what leading security vendors and consultants have to say.

Allied Digital
Sunil Bhatt, Chief Technology Officer, Allied Digital

Although general awareness about IS security has increased in the user community, the awareness on internal security threats is low. The growth at which internal security breaches occur is much higher than external. Few large organizations have implemented security solutions to protect themselves from internal threats. Implementing security solutions like PKI, smart card and biometric authentication systems is the current trend in the enterprises.

IT Security is not just about products, but also concerns processes. The methodology adopted by most security vendors is to start with risk assessment of the customer's IT/IS infrastructure and suggest products and services. Security vendors often educate customers about external & internal threats to its IT environment. But even after implementing world-class IT security products, enterprises are not (completely) protected as the products are not regularly updated or patched. Many security companies provide managed security services to customers, and this is one way to ensure that products are updated. Managed services include remote monitoring of firewalls & IDS, log analysis services, patch management services etc.

Computer Associates
Rajendra Dhavale, Consulting Director, CA India

CA's overall security management strategy is to encourage and educate organizations to move away from today's 'conventional fragmented security toolkits.'

It's time to shift to more holistic, end-to-end security, most essential for organizations in today's highly complex enterprise
environments.

Deploy security solutions that provide comprehensive threat management, identity management and access management across the full range of platforms, applications, and the multi-vendor resources found in today's heterogeneous enterprises.

Cisco
Avinash Purwar, Business Development Manager, Cisco

Indian enterprises can no longer allow a single hacker or worm to play havoc with business systems. Organizations that are running business critical applications on their network have realized this. Indian companies today are realizing that Securing Networks is not only about products but evolves around a philosophy called Corporate Security Policy.

Cisco takes a defense-in-depth approach to network security design. This type of design focuses on the expected threats and methods of mitigation, resulting in a layered approach to security where the failure of one security system is not likely to lead to the compromise of network resources.

IBM
Sunil Jose, Country Manager - Tivoli Software, IBM India

One should deploy security management solutions that provide foundational capabilities to protect an organization's infrastructure. In many ways, security is a horizontal requirement, providing an infrastructure of support across all applications and systems. Look for multi-platform support, enhanced management controls, security life-cycle management, and security infrastructure building blocks.

Lanner India
P K Jain, Managing Director, Lanner India

Security vendors and security consultants should understand the needs of customers. They should then pitch the best suitable product to them and provide value-addition services. Look for customized solutions.

Microsoft
Sanjiv Mathur, Group Manager, Microsoft Corporation India

The Trustworthy Computing initiative at Microsoft, officially launched in January 2002, is a long-term, company-wide effort to deliver safe, private and reliable computing experiences for everyone. The Trustworthy Computing initiative is predicated on four key pillars: privacy, security, reliability and business integrity.

While security is never absolute, Microsoft has made changes that enable customers to strengthen it, and has built a foundation for further improvement in future products. It may take us 10 to 15 years to get there, both as an industry and as a society.

NetScreen Technologies
Paul Sarrano, Senior Director of Marketing, Asia Pacific, NetScreen Technologies, Inc.

Some of the main security strategies include:

• Adopting a layered security approach
• Implementing deeper levels of protection
• Taking a ‘preventative’ approach to security
• Viewing security as an ongoing process
• Trend for integrated security platforms
• Need for highly interoperable security solutions
• Policy-based centralized management platform

Network Associates
Ashley Wearne, Area Vice President, Australia, New Zealand, South-east Asia and India

At Network Associates we have the McAfee Protection In-Depth Strategy which outlines the importance of protecting the IT infrastructure from the edge to the core. McAfee System Protection Solutions help enterprises, assure the availability and security of their desktops, application servers, and Web service engines. Look for solutions that help enterprises assure the availability and security of network infrastructure.

nSecure
Vipul Sheth, MD, nSecure Software

Security is dependent on people, process and tools. Look for tools that will help automate tasks. There are security companies that help enterprises find gaps in their environment, plan implementation, to use the right tools, and to ensure that they get value for the money spent. Such companies also help organizations educate its teams to better understand the vulnerabilities and weaknesses, and guide them in planning the appropriate actions when incidents do occur.

Nortel Networks
Sanjay Jotshi, Director-Marketing & Channels, Nortel Networks India

Today's enterprises look for end-to-end security solutions and they are looking for network protection at every layer. Earlier, they used to look for point solutions that offer security at various levels. However, now they are now looking for more comprehensive enterprise security solutions that protect their networks as well as offer them performance. The performance of networks degrades significantly because of multiple security checks being performed on the traffic flowing in and out of the enterprise network.

Nortel Networks' definition of integrated network security is based on a key tenet known as 'Security in the DNA.' This approach means that networking products will be built ground-up taking security into consideration. Nortel Networks strategy for enterprise security, called 'Unified Security Architecture,' provides a conceptual, physical and procedural framework of best recommendations and solutions for enterprise network security.

Symantec
Ambarish Deshpande, Manager, Channel and Consumer Sales, Symantec India

Symantec's strategy is to help customers proactively handle all security threats. Symantec initiated the integrated solution approach to block blended threats like Nimda, CodeRed, Sobig, Blaster etc—and launched integrated solutions with intrusion detection, fireWall, anti-virus, VPN and content filtering. Symantec also launched an integrated solution for Symantec Client Security, which has integration of anti-virus, desktop level firewall and IDS technologies.

TAS integrators
Vishwajeet Deshmukh, CEO

The Firewall market is very mature now. The new trend is that people are now going in for a second firewall to protect their main financial and database servers. This gives protection from inside threats. Surveillance and forensic solutions are also in vogue.

Trend Micro
Niraj Kaushik, Country Manager, Trend Micro India

Using Trend Micro's Enterprise Protection Strategy, not only can customers prevent the virus from proliferating but more importantly, for the first time they have an assurance in terms of speed of response. Trend Micro has also launched an automated cleaning service, independent of the anti-virus platform.

The key is a new set of products, which are complimented by continuous services like outbreak protection, Damage cleanup, SPAM prevention etc.