When it comes to security, the race often goes to the paranoid. Companies that effectively dodge, turn, and parry hacker attacks and employee lapses get to stay out of the headlines and don’t have to face costly lawsuits.
There’s no need to turn away from tools that can help you make your network not only more secure, but a new level of secure. As hackers have become more sophisticated in their methods of malfeasance, so have tools that detect it.
“The trend is toward network behavior analysis to detect not someone who is trying to penetrate the network, but someone who is trying to imitate an ordinary user’s behavior, such as a hacker with several machines that are all trying to guess a user’s password,” says Ron Meyran, director of product marketing for security products at Radware (www.radware.com). “These tools might detect, say, a higher number of level 7 transactions without higher levels of revenue or the kind of attacks that are low-volume and that can’t be detected with analysis of traffic patterns.”
There are also tools to save work in an area that gets bigger the more security devices you have in place: log data. Firewalls, intrusion detection systems, and other systems generate volumes of log data, and not every company has the IT staff or know-how to benefit from it. “They’re designed to provide better visibility into what’s going on in your network,” Meyran says. “It’s not just seeing that a certain user was trying to penetrate the network through a particular route, but whether they succeeded or not and what needs to be done about it. It’s a way to deal with that flood of log information and add another layer to your security posture.”
And if you thought the firewall is more or less a commodity now, think again. Firewalls have historically screened traffic by port, a designation that hackers stopped respecting a long time ago. Now, firewall makers are staking their claim on identifying incoming traffic by application, rather than by port, and on confirming that it’s really a P2P or Web application session based on its layer 7 information rather than ports or protocols.
Read full article here