|
Monitoring Technology
By implementing authentication and authorization technology, a business can ensure that specific e-business resources
such as applications and databases are protected from unauthorized access.
Even so, there is a need for monitoring technology that can keep track of potential security problems for the network as
a whole.
Malicious attacks on business Web sites have become a well-publicized phenomenon. Successful attempts to penetrate
the security of business systems, or bring Web sites to a halt by generating huge amounts of traffic, regularly make
headlines. It may not be possible to completely eliminate the business risk caused by such attacks. However, it is possible
to take advantage of new technology that can help minimize the risk by identifying the threat and enabling the organization
to react quickly. To protect themselves against attacks, organizations have traditionally implemented a variety of technologies
at the network boundary. These include:
- Firewalls aimed at excluding attackers by admitting only certain types of network traffic
- Intrusion detection systems that monitor the network or specific resources for anomalies such as the presence of unauthorized traffic
- Filters to remove viruses before they spread to thousands of desktops
In addition, specific network elements such as Web servers, routers and application servers may attempt to detect problems. As a network grows, so does the number of these devices. Each of these products generates information designed to alert administrators to potential dangers. This, however, rapidly leads to an overload of management information. Network problems may result in streams of alerts being generated by multiple products that detect the problems.
Though each specialized product may be effective at sensing the problem, there is no coordination between them. In addition, not all alerts can be relied on to accurately indicate a real problem. Products such as intrusion detection systems generate numerous “false alarms” in an attempt to warn of network anomalies. The result is that floods of alarms often swamp administrators. Dealing with this consumes large amounts of administrators’ time and hinders them from determining the real causes of the problems. This poses a considerable risk, because of the delay in being able to react to the original network intrusion.
|
|
However, technology is now available to ameliorate this problem. New monitoring tools correlate all of the information from these data sources and help determine and prioritize which are the most important events. To be most effective, the solution needs to interface with a wide range of security products and other sources of network alarm data and interpret the alarm messages coming from them.
Because the number of potential data sources is vast and growing, this is not an easy task.
Once the applications are online, it is vital to ensure that access control lists are kept up to date and in step across
multiple applications, and to make sure that as security policies change, those changes are simultaneously reflected across
the whole e-business environment. Each of these steps is an opportunity for error, inconsistency or delay, and can result in
security loopholes. An alternative approach is now possible. Technology is available that provides a security infrastructure
for all of an enterprise’s Web-based applications, eliminating the need to code and maintain security logic for each
application. This approach has been accepted as a standard method for developing mainframe applications for years, but the
technique is only now being extended to Web applications.
|
|
The technology correlates alarms from each of these devices to present administrators with a clear view of the real problem.
The goal is to identify which alarms refer to the same problem and to eliminate the overhead caused by dealing with false
alarms.
|
|
Automating responses to routine problems:
Some events, such as the detection of a virus in incoming email, can be clearly identified by the monitoring technology,
and therefore can be handled with a routine response. For this type of event, the technology can be set up to take automatic
action, saving administrators considerable work in dealing with unambiguous everyday problems.
|
|
Manageability:
Because this technology is integrated with an
enterprise console, it can use the administrative features of an enterprise
management system. These include the ability to delegate different management
problems to different administrators. Administrators and security managers also
can use capabilities of the enterprise management software to analyze network
security by viewing historical reports of network data.
|
|
Conclusion:
Enterprises that take advantage of e-business can reap
the rewards of increased revenue, streamlined processes, and closer ties to
suppliers and customers. However, the increased reliance on Web-based
applications and the desire to open up networks to partners and customers
inevitably generates greater concerns about the complex area of Internet
security. These concerns are likely to grow, as the Internet becomes an even
greater part of everyday life. Implementing an effective Internet security
strategy is not easy. Still, new technologies enables businesses to make the
security of Web-based applications much more manageable. These technologies
provide ways to centrally implement policies to enforce security for all
e-business and legacy applications. In addition, they accomplish this while
retaining the flexibility to allow specific users and groups access to only the
applications they need. By using these technologies, organizations will be able
to implement approaches to e-business security that is as strategic as their overall
approaches to e-business. Simply buying key technologies will not automatically
solve problems. Expertise and careful implementation strategies are as critical
as ever. When dealing with multi-faceted problems, organizations will find
considerable benefits in seeking the help of experienced consultants and
implementation partners. With the right help and technology in hand, Internet
security may not seem as daunting a task.
|
|
|
Back |
|
|
|