It’s a 2,000-year-old question, and as relevant to today’s IT security landscape as it was in Juvenal’s time: Who will guard the guards themselves?
We think of security infrastructure as our guardian against the dark powers who would infiltrate our network and steal our most sensitive secrets, but there’s danger in putting too much trust in technology without overseeing these tools.
Relying on firewalls and antivirus monitoring (AV) alone isn’t enough to counter today’s sophisticated, well-resourced cybercriminals. Security now depends on a holistic approach – one that not only identifies all the potential hazards, but which also links different security systems (both physical and logical) and manages the relationships between them.
That doesn’t mean that traditional technologies such as AV and intrusion detection are no longer useful. Rather, organisations should be aware that not all threats are external in origin or criminal in intent. They include malfunctions from poorly-configured devices and applications, threats from Shadow IT such as employee-owned devices, or disasters such as fires and floods.
That’s why having a monitoring and early warning system is such an important element to any serious security strategy. By monitoring all critical components, from firewalls to CCTV, antivirus to environmental sensors, organisations can spot the first signs of impending problems before a crisis occurs.
Our own security systems require their own safeguards, and this “meta-security” should incorporate five elements. First, organisations need full control and oversight of their security tools to ensure that firewalls are properly configured, backups regularly and fully undertaken, and threat detection is identifying suspicious activity on the network.
Next, they need backup systems in case conventional tools fail. We are already seeing this in new Identity and Access Management tools which work by detecting unusual behaviour, rather than scanning for known malware signatures.
Businesses also need the ability to monitor systems performance in real-time, including all hardware, software and data streams. This shouldn’t just focus on security infrastructure, but everything that affects employees’ ability to conduct their work.
Similarly, any monitoring system should watch over physical sensors, including CCTV, and notify the business when defined thresholds have been exceeded.
The final element is the ability to draw all these disparate monitoring systems into one clear, easily-understood whole, rather than a set of separate solutions. This clarity is essential if one is to gain a holistic picture of your preparedness.
Where can you buy such a multi-faceted security monitoring system? The answer is that there is no out-of-the-box solution – nor should there be. Each organisation is unique in its infrastructure mix and the threats it faces, so a one-size-fits-all approach won’t work.
What’s important is to build a monitoring solution that possesses all the necessary functions to monitor the entire IT infrastructure, including as many of the common protocols as possible: SNMP, Ping, FTP, http, NetFlow, sFlow, jFlow, WMI or packet sniffing. It should also connect every device and application via a well-documented API, which is straightforward to achieve.
Can we guard our guardians? Of course we can. The barrier is not technological; all it takes is the will to take security seriously.
Martin Hodgson, Head of UK & Ireland, Paessler – PRTG Network Monitor