Home page logo

basics logo Security Basics mailing list archives

Re: Security Simplification
From: Paul daSilva <pdasilva () polr org>
Date: Wed, 21 Feb 2007 17:20:41 -0500

A good starting point would be to bring together all of your layers of defense, helping to reduce the amount of time various folks spend on tedious processes. Also consider technology updates in your organization that provide new and enhanced features. Not knowing what you do or what you have currently in place, here are some suggestions:

If you have a decent Anti-Virus product deployed on each end-point, make sure you deploy a management console to centralize the installation of software agents and virus definitions updates. This also gives you a centralized quarantine, and you can enforce the corporate policy by ensuring all end-points are protected and up to date. Monitoring the alerts from this system will help you tackle the fewer issues now arising.

If you purchased a very decent Anti-Virus product, leverage your licensing agreements to deploy Anti-Spyware and other bundled products. Maybe even look into deploying a decent Firewall on each PC, with central management and enforcement.

Deploy Intrusion Prevention (IPS) technologies, which will help block bad traffic that gets past the firewall. Putting in another layer of defense like this will hopefully reduce a number of problems.

Deploy a Vulnerability Management solution to help with patching efforts, and giving you a console with your current risks. Newer products and services (like ISS) provide Virtual Patch technology, which means that if the vulnerability scanner correlates an existing vendor advisory with an exposed system, the scanner talks to the IPS devices on the network to block any attempt to take advantage of that vulnerability.

Deploy a Security Event Monitoring solution that can pull together and correlate the logs of all your Firewalls, IDS/IPS devices, Vulnerability scanner, Anti-Virus console, etc. Now you can stop wasting so much time watching different screens for red alerts -- a good solution will weed out the junk and present you only with the important risks.

Create an Incident Management and Emergency Response services team, who can focus on issue resolution in a timely manner.

You will find that by being on top of your overall risk posture will help your security organization do a better, more efficient job, and helps your team provide more value to your company.


oligarchicalrule () gmail com wrote:
If you were told by a VP to simplify security for your organization, what you think would be a starting point?  It's seems 
vague.  We run Windows servers/desktops that are built on the same images.  We use Cisco switches/routers/etc.  I'm not 
really sure where to start.

This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse. Arm your enterprise with BigFix, the single converged IT security and operations engine. BigFix enables continuous discovery, assessment, remediation, and enforcement for complex and distributed IT environments in real-time from a single console. Think what's next. Think BigFix.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]