Multilayer security

When it comes to security, most networks today are like an egg — hard on the outside and gooey in the middle. Once a hacker or exploit has penetrated the perimeter defenses, the typical network has few systems for intercepting malicious traffic and alerting administrators.

As IT managers grapple with network security in the shadow of increasingly sophisticated exploitations, many are realizing that security is a complex problem that cannot be solved with a single technology, such as an intrusion prevention system (IPS) or deep packet inspection devices. The current model of protection is evolving into a layered approach that includes a multivendor combination of hardened border appliances supplemented by intrusion detection systems.

How these systems are interrelated is very important to effective implementation. The relationship between these systems and the actual hands-on management can create hidden gaps in network security and obscure data that would otherwise indicate an attack. Intrusion detection is not enough; attack detection external to hardware systems must be part of the security fabric.

“We have found that by tempering network security systems with a professional intuition, we are able to help a new generation of network security executives understand how their networks react to evolving security threats,” said John Clarke, general manager of I-TRAP Internet Security Systems. “Between actual directed attacks and automated vulnerability exploits, is has been proven that the axioms of good network management will alleviate a very high percentage of network risk. The administrators just need to know what their network is telling them. That is what we do, help them listen.”

Clarke goes on to say that most organizations make large investments in appliances that monitor networks in a very isolated mode — from the inside looking out. This can lead to questions about the validity of data being reported from gear that cannot identify whether incidences occurring are anomalies to the specific network or a new threat that is making appearances across the enterprise landscape. A new level of service that is arising in the market is verification monitoring. This is generally considered a low-cost solution, one that provides noninvasive monitoring across networks and is designed to be an extra set of eyes on a network. Although it would be nice to believe that organizations review their logs on a frequent and timely basis, the fact is most organizations don’t have the resources to do it. This creates great opportunities in the small and mid-size business market for companies like I-TRAP, which can monitor networks 24/7 with supplied customer-premises equipment and provide live first-responder support to network professionals.

The math is simple to understand. Using a cost-effective outsource organization for monitoring functions allows network staffers to focus on maintenance and development. Using a monitoring service also makes it easy to track down policy violations and bandwidth hogs like spyware, peer-to-peer file sharing, unauthorized instant messaging and other possibly unwanted programs.

Started in 2002, I-TRAP was the first solution to combine an intrusion detection system (IDS) and external-to-the-firewall attack detection system for up to one-tenth the subscription price of current solutions. The I-Trap service monitors corporate network traffic for a variety of exploitations and intrusions through signature, statistics and anomaly detection. This allows network administrators to verify that security firewalls and policies are working. For more information, contact I-Trap Internet Security Services at (888) 658-8727 or www.i-trap.net.