Advanced technologies aim to protect network assets

You have installed firewalls at the perimeter of your network, rely on intrusion-detection systems to keep the bad guys at bay and have anti-virus software running on your desktop machines. And it's still not enough.

Experts say that as hackers step up their efforts to attack your network you should consider more advanced technologies and policies to defend your territory.

That's where more advanced technology will come into play. Security-information management (SIM ) systems that centralize correlation, reporting and management for multi-vendor products likely will become standard options from many vendors.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

You have installed firewalls at the perimeter of your network, rely on intrusion-detection systems to keep the bad guys at bay and have anti-virus software running on your desktop machines. And it's still not enough.

Experts say that as hackers step up their efforts to attack your network you should consider more advanced technologies and policies to defend your territory.

That's where more advanced technology will come into play. Security-information management (SIM ) systems that centralize correlation, reporting and management for multi-vendor products likely will become standard options from many vendors.

SIM products use data-aggregation and event-correlation features similar to those of network-management software and apply those features to event logs generated from security devices such as firewalls, proxy servers, IDSs and anti-virus software. Also, SIM products can translate Cisco and Check Point  alerts into a common format so the data can be correlated.

NetForensics is working on software that gathers information generated by all the different point-products - such as firewalls, IDSs and anti-virus tools - to decipher what unauthorized activity might occur on a network and automatically take steps to protect it.

"This overarching system will give a bird's-eye view of what's happening on the network, not the current worm's-eye view" presented by point products, says Anton Chuvakin, security specialist at NetForensics.

The system will draw from a knowledgebase to detect whether an attack has worm- or virus-like characteristics and take relevant measures to protect the network.

Chuvakin says security professionals might not be happy letting the system decide on and apply the necessary security procedures, and says the first generation of the software will offer suggestions instead. After a year of using the product, users should feel comfortable letting the system make decisions by itself, Chuvakin says.

He says that this system would also incorporate network forensic tools, which gather information after attacks have occurred to help network executives investigate how they happened and the nature of the attacks. SIM would proactively help stop attacks, and if the attacks were successful the network forensics tools would mine the information about the hacks to beef up the system's knowledgebase and theoretically help stop the next attack.

Similarly, Internet Security Systems (ISS) is planning a system of preventing network attacks before specific threats are publicly identified (see story ). ISS' Proventia Enterprise Security Platform will block threats based on advanced knowledge of vulnerabilities that ISS researchers glean by working closely with software vendors. The system will include security agents for the desktop and server that will continuously perform assessments to report security vulnerabilities back to an ISS management console.

Although many of these overarching systems are in development, Chuvakin says it's worthwhile for companies to continue investing in point-products that address particular parts of the network. This is especially important as the network perimeter become distorted.