5 critical security questions that IT and corporate leaders are asking

Getting the answers to who, what, when, where and why regarding network security

The CIO-level business angle on the latest tech

Who, what, when, where, and why? When it comes to network security, these are the five critical questions that IT and corporate leaders are asking. As pressure mounts for companies to protect their information assets from unintentional disclosure and to maintain compliance with a growing number of policies and regulations, it’s becoming more important to know exactly who is doing what on the network as it is happening.

While only a human can answer the question of “why?” numerous tools individually help organizations manage and answer parts of the “who,” “what,” “when” and “where” questions. Tools like intrusion detection systems (IDS), security information management (SIM), network access control (NAC), and network behavior analysis (NBA) all provide good details that paint portions of a picture. The complete picture, however, is like one of those connect the dots drawings; the details are all there in different silos (e.g., users, assets, applications), but sometimes additional resources are required to match/reconcile results to reveal the picture in its entirety (Learn more about IDS products from our Intrusion Detection Systems Buyer's Guide; Learn more about SIM products from our Security Information Management Buyer's Guide; and Learn more about NAC products from our Network Access Control Buyer's Guide).

This is the premise behind the user identity-based monitoring and verification of Securify. An appliance called a Securify Monitor tracks all post-connection networked transactions to users to provide a view of "who" is accessing "what" applications and "where" in the network. The user identity and group / role associations are dynamically drawn from existing user directories (Learn more about identity management products from our Identity Management Buyer's Guide).

The Securify tool has two main functions: automated discovery of actual user activity and usage of business systems, and automated verification to validate that the user activity is permitted within the role-based controls and pre-built security best practice templates you’ve set for your systems. The appliance brings all the information together in one place, and you can view prioritized violations with user identities and incident details via an intuitive Web interface – as they are happening.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Who, what, when, where, and why? When it comes to network security, these are the five critical questions that IT and corporate leaders are asking. As pressure mounts for companies to protect their information assets from unintentional disclosure and to maintain compliance with a growing number of policies and regulations, it’s becoming more important to know exactly who is doing what on the network as it is happening.

While only a human can answer the question of “why?” numerous tools individually help organizations manage and answer parts of the “who,” “what,” “when” and “where” questions. Tools like intrusion detection systems (IDS), security information management (SIM), network access control (NAC), and network behavior analysis (NBA) all provide good details that paint portions of a picture. The complete picture, however, is like one of those connect the dots drawings; the details are all there in different silos (e.g., users, assets, applications), but sometimes additional resources are required to match/reconcile results to reveal the picture in its entirety (Learn more about IDS products from our Intrusion Detection Systems Buyer's Guide; Learn more about SIM products from our Security Information Management Buyer's Guide; and Learn more about NAC products from our Network Access Control Buyer's Guide).

This is the premise behind the user identity-based monitoring and verification of Securify. An appliance called a Securify Monitor tracks all post-connection networked transactions to users to provide a view of "who" is accessing "what" applications and "where" in the network. The user identity and group / role associations are dynamically drawn from existing user directories (Learn more about identity management products from our Identity Management Buyer's Guide).

The Securify tool has two main functions: automated discovery of actual user activity and usage of business systems, and automated verification to validate that the user activity is permitted within the role-based controls and pre-built security best practice templates you’ve set for your systems. The appliance brings all the information together in one place, and you can view prioritized violations with user identities and incident details via an intuitive Web interface – as they are happening.

This unified view of what business users are actually doing across complex infrastructures enables IT operations and security teams to reduce organizational risk and be more proactive instead of having to continually react to security and network issues

For example, Securify can, in real-time, help IT operations and security personnel answer the questions like the following with all the details required to take action:

* Who is on my network and what are their IP addresses?
* Is contractor access and use appropriate?
* Can we demonstrate to the auditors that only authorized users are accessing confidential data sources?
* Who is consuming my bandwidth and with what applications?
* What departments have not migrated to the new application server?
* What services and sources should be enabled across the new network security boundary?

Linda Musthaler is a principal analyst with Essential Solutions Corporation.