talks about a different approach to achieving a solid security defense by suggesting defense at different layers.
Layer 1:
Perimeter Security
Argued to be the most oldest and most cluttered security layer, perimeter security is of course one of the main layers most commonly in use through the use of firewalls. The article discusses unified threat management appliances (UTM's) that basically seem to do it all. Webfiltering, anti-spam, antivirus, intrusion prevention systems. One of the problems it mentions is scalability of these devices, however what I would tend to argue is the single-point of failure fact. Having so many services running on a single box, has its benefits but certainly concentrates too many services on one box. Failure (of some/all) services can be very detrimental the efficiency of a network apart from the fact that no one product can do it all.
Layer 2:
Host Security
Here the key is being pro-active rather than re-active such as in the case of anti-virus products and signature based products. The article discusses the idea of white-listing software products using products such as SecureWave to secure a host machine. The article goes on to say that Of course (goes without saying) the end result is that security teams will have a very strong affinity for changes going on at the application level.
Layer 3:
Identity and Access Management
At this layer, the author discusses products that enforce role-based polices that permit / restrict access to specific networks, applications and data based on an employee's job function (RBAC) Single-sign-on is brought into perspective through comments by various people.
Layer 4:
Network Access Control
In Network Access Control (NAC), the author discusses how NAC products involves machines rather than people. The bottom line being that they offer more granular control of user identities on network resources. He talks about pre and post admission control and how they help to "muster and quarantine offending machines for remediation".
Layer 5:
Vulnerability Management
Penetration testing is the buzzword used here. Mention of the importance of knowing your weaknesses in terms of vulnerabilities is key. The way forward is to have assessment products that scan your servers / workstations testing for missing security patches that could possibly lead to a security compromise. Coders could also do with code scanners which review lines of code to identify flaws an attacker could exploit. As quoted in the article
The objective of code analysis is to "reduce the attack surface of the application itself," says Matt Moynahan, chief executive officer of Burlington
Various commercial vendors are mentioned including others like the open-source Metasploit Project which in my opinion hit the nail on its head on this layer. Another vendor worth mentioning would be
Reflex Security.
Conclusion
The million-dollar-question the author
ends with is "Can they interact?" Employing different products from different vendors needless to say makes the answer to this; rightfully; trickier, especially given the fact that up until now most technologies have existed in isolation. Whilst consolidation happens at the host layer, appliances which deal with threat management unify all these layers.
IMHO this survival guide is not exactly the guide you can survive with. The layered approach offers a good framework skeleton providing a good indication of best practices at different levels. Although strategically the approach is certainly relevant, it lacks technical punch. The layers presented are briefly explained and mostly populated with diverse but few user opinions. The mention of many commercial products induces me to think that the article points to a purely marketing objective rather than survival tips and tricks.
