I wanted to write about the Layered Security principle, which I've been familiar with for a couple of years. I can definitely say that this model will exist forever. Before I explain in detail what layered security model is let me explain why this model becomes more and more popular. In the past, viruses and exploits were written for fame and from disorganized students, which wanted to become famous with their “script kiddie” style viruses and attacks. They were easy to catch and deal with, because of their simplicity. But nowadays, 27 years after the first known virus spread “in the wild” – Elk Cloner, which was written by the 15-year-old student, viruses and exploits are written for money. The cyber criminals don’t want to become famous and watch themselves on TV, what they really want is MONEY. That’s why today’s threats are rapidly evolving and hard to catch. Let’s give an example with Conficker worm. On first look it’s a network worm, which spread itself via NetBIOS service, which was exploited so many times before that I wasn’t really surprised. On second look, it opens higher number of consecutive ports and of course if only one machine in the network is infected it can infect all clean machines. It has also an update mechanism, so when a code update is initiated, the AV software cannot catch it (Conficker variations A, B, C, D), because there is no definition for it. Some of the security vendors were acting very quickly and their Anti-Conficker actions were adequate enough to help their customers clean the infection. Yep, very good example for rapidly evolving, hard to catch and written for money threat. That example can teach us on only one thing – a naked Anti-Virus program is not enough to secure our endpoints.
So what Layered Security is, and how it can help us tighten the security in our organisation? This model gives us is a better understanding of how should we approach, in order to have real security. There are many schemes and pictures about it, but the essentials are as simple as the picture below:
The first layer should always be security policy, approved for implementation in your organization. The policy should be discussed carefully, implemented and then strictly followed. I know Symantec from many years and I can say that they have a product for every single layer of that security model. If you look at the portfolio, you can really get lost there, because there is a product for every single branch of IT security industry. To prove that, let me show you which Symantec products applies perfectly for Layered Security model.
Web filtering – one thing that I like here (and not many vendors have it) is that we can choose from two solutions: software and hardware. If you have a dedicated box or you have a virtual infrastructure you’ll probably go for the software solution – Message Labs Web Security, which is working with Symantec AV engine. If you like the reliability of a dedicated hardware box, you can go for Symantec Web Gateway – a powerful combination of software and hardware optimized for best performance.
E-Mail filtering – Same applies here, hardware and software solutions are available for implementation. One thing that I want to mention here is Symantec Mail Security for Exchange. I have some experience with it and I definitely can say that this is the fastest mail filtering solution developed for Exchange servers (and we know how slow actually Exchange is. It totally beats by functionality and speed Mail Marshal (Marshal) or Group Shield (McAfee) for Exchange. Let’s go further and look at
Anti-Virus and Firewall for PC and servers – We all know how great is Symantec Endpoint Protection 11. To be honest, I wasn’t a big fan of the previous version - Symantec AV Enterprise Edition 10 and there are many reasons behind it. But my first experience with SEP 11 was really good. I was amazed form the Intrusion Prevention module as well as the Firewall. Most of the big vendors in IT Security, for some reason, does not have firewall for Windows based servers (which is quite odd), but Symantec has it! Reporting features are also good organized, and now I monitor my hosts with 5 reports, generated every week.
Anti-Virus for mobile devices – I don’t know a modern company without Windows Mobile or Symbian devices. And many of you may ask this question – Why I need security for my mobile or PDA? Because you are using Internet to communicate with your HQ or family. If cyber criminals want to steal data from your organization, they will not test only your HQ computers for vulnerabilities, but every single device which has connection with your company. And BOOM! We have unsecured Windows Mobile device. It’s an easy one!
I want to open brackets here and add another layer – Encryption. Encryption has become more and more popular and especially products that encrypts whole disk drive. Let’s give an example with the SFO laptop that was stolen a year ago from San Francisco International Airport. This laptop was containing unencrypted personal information about 30 000+ passengers and I really do not believe that this was by accident. It could happen to you, and you can lose your business if you data is not encrypted. Symantec Endpoint Encryption has capabilities to encrypt the whole HDD of your mobile computers and you can protect your sensitive data even your.
Backup and Archiving – When we talk about Backup and archiving I cannot miss “The Big Four” – Net Backup, Backup Exec, Storage Foundation and of course Enterprise Vault. I have experience with most of them (except Storage Foundation) and I cannot find a better portfolio in this branch. Some people will say – Ok, they are good but this is group for security articles. Yes it is, but if a hardware failure or disaster occurs in your organization and you don’t have backup of your data, your business is as good as dead. That’s why I consider backups as part of my security policy implemented in our organization.
The last thing that I want to mention with regards to security that, we should look every day after it, in order to have adequate response on today’s threats. Information has become business and cyber criminals would not hesitate to steal it from poorly secured networks. I’ve seen companies losing their business in days, just because they didn’t have security policy in place. Symantec helps us to achieve Layered Security, with their one-stop security solutions, so we no more need to know 5 different products from 5 different vendors and at the end we still don’t have fully implemented security policy. So act proactively and build your networks with security in mind.