Security threats Toolkit

Pre-emptive security prompts alarms

Ruby Bayan Tech Republic

Published: 14 Jun 2004 11:20 BST

Understand your "threat-target" situation
When asked what tool to best deploy so that network administrators can be alerted long before an intrusion wreaks havoc on the system, Tim Keanini, CTO of nCircle, called attention to the two dimensions the question needs to address: the threat environment and the target environment.

"Both (environments) are very dynamic and the advantage is defined as your ability to have more accurate intelligence than your adversary," Keanini said.

"There are non-commercial ways to track the threat environment, such as security mailing lists, public Web-portals, and IRC (inter-relay chat), but these come at the cost of your and your staff's time. Commercial products like iDefense's iALERT deliver early warning to network administrators and managers of changes in the threat environment that 'may' affect them -- new vulnerabilities, new exploits, new worms, and even geo-political events that may have relevance to an organisation's IT infrastructure. I use the word 'may' because until the network administrator has intelligence about their own systems, they don't know if this intelligence is relevant."

Keanini added, "the target environment refers to the networking infrastructure you manage." The attackers look for targets to exploit, the scope of which is not just one particular operating system or application, but the weaknesses associated with all devices connected to the TCP/IP network and all its applications.

"If you know worms depend on vulnerabilities that facilitate remote code execution, where on your network right now does this class of vulnerability exist? Where are you misconfigured?" Keanini suggested using nCircle's IP360 to find the answers.

"The IP360 takes knowledge from the threat environment and then proactively checks for these weaknesses on your target environment, making them both relevant or not, as the case may be," said Keanini. The automation allows you to perform this due diligence on a daily basis, effectively measuring security independent of attack or incident, he said.

Keanini further emphasised the importance of proactive over reactive measures when deploying solutions that aim to beat intruders to the punch.

"The environment you secure is dynamic, so how can you know how much security is enough if you don't know the current state of your environment? Proactive security measures help organisations understand their environment and their risk on a daily basis so the 'right' amount of resources can be applied for protection. Detecting your vulnerabilities and managing the corrective measures prior to any incident or loss is what proactive security is all about."