Unified management to avoid security blind spots

Author: Wang XiaoYu PM

The simple compilation of information security products of different manufacturers and brands brings great management troubles. In particular, the lack of "communication" between various security products forms a "Blind Zone" for information security ". The effective way to avoid security blind spots is to manage security products in a unified manner. It can be said that unified management of security products is the central nervous system for building information security systems, and it can also make preventive effects more effective.

Security is not a simple Stack

Information security systems are usually composed of firewall, intrusion detection, vulnerability scanning, security auditing, anti-virus, traffic monitoring, and other products. However, security products come from different vendors and do not have uniform standards, therefore, security products cannot communicate with each other. Therefore, many security islands and security blind spots are formed. What enterprise users need at present is to establish a standardized security management platform to centrally manage various security products.

For the more complex security threats currently faced by the network, simple security protection against single-point attacks cannot meet the requirements, and hybrid attacks are becoming increasingly complex and hidden, traditional security methods, such as anti-virus, firewall, and intrusion prevention, have a single function, making it difficult to defend against mixed attacks. As a result, enterprise users began to seek new ways to defend against mixed threats. The general approach was to use a variety of security protection products. As a result, some users now have new troubles, that is, how to manage a large number of security products?

Some enterprises did not plan well when building a network security system. Instead, they chose security products based on funds or the current security market conditions. Now more and more users have gradually realized the importance of network security and began to purchase a large number of network security products such as firewalls, anti-virus and anti-intrusion. As security threats continue to increase, more and more products are being purchased. Moreover, enterprises adopt the so-called security overlapping addition for the use of these security products. The more security products are piled up, the more they will bring three new problems: first, a waste of resources. Some products have repeated functions, but they still need to be purchased to solve new problems. The second is complicated management. So many security products, each of which generates at least a variety of new alerts every week, how to handle and generalize them; and third, it is difficult to coordinate. To solve some security problems, we need to work together and work together between different products. The most typical is to manage worms. If these worms come from spam, you must stop and eliminate them effectively, it requires the joint efforts of anti-spam, anti-virus, and even firewall and intrusion detection products. However, how can we manage so many products from different vendors, different series, and different operating systems or platforms? These problems are put in front of any user, even if they have experienced network administrators, it is also difficult to solve.

Centralized management is the key to security

Today, managing enterprise security is a difficult process, which requires integrating different products of different vendors that lack integration and interoperability. As a result, complexity increases and operational costs increase, and you have to rely on isolated security data to make major security decisions. This makes it more difficult for enterprise security management personnel to effectively carry out their work. It is difficult to detect and take action in time for millions of incidents, enterprise program administrators need to spend a lot of time on redundant and complex security infrastructure management in networks. In this economic situation, from the perspective of finance and resources, there is a pressure to use very few resources to do more things. So why don't we consider: if there is a security management tool that can automatically analyze security alerts to help enterprises complete this task, enterprises will be able to focus their security management personnel on more valuable events, which means they have taken the initiative to implement security protection.

If the enterprise's information security management personnel do not have an overall understanding of today's security architecture, how will they perform security management? It may be useful to run security tools such as firewalls, intrusion detection, and anti-virus software independently. However, how can they coordinate and protect the network of enterprises, how managers can monitor their performance, and how they can truly build an indestructible security system, these are the difficulties faced by enterprises that are equipped with security products or are implementing security products. Many users complained to the vendor: "Why is my installed anti-virus product still infected?" and "why is my firewall still under attack?" These facts prove that security is not equal to security products, and real security also requires good security management. Nowadays, more and more security solutions also reflect this point-security management is more important.

Lenovo Wangyu's security expert said: "The Security Management Platform is first of all a comprehensive security management software. It is the central nervous system of security management. Security management should also focus on the overall security of the network, through the centralized management and monitoring of various security devices and security software in the network, connecting isolated information security isolated islands into a whole of organic collaboration and interaction, real-time status monitoring, dynamic policy adjustment, comprehensive security audit, and appropriate and timely Threat Response in the network security management process are implemented to effectively improve the manageability and security level of your network. "

Tianyuan longma said: "The core modules of the Security Management Platform should include the security management center, integrated interfaces, console and database modules. The security management center can be connected through an integrated interface and can be flexibly expanded to a multi-level structure. The Security Management Platform plays a crucial role in the security protection system and serves as a link between security products and security policies. For security management personnel, the security management platform can collect and analyze data of all security products on the network, feedback the processed information (including alarm information, historical data, and statistical information) to the security management personnel. This information is not the information of a single device, but the overall security operation information of the entire system ."

Security products work together

They all say that unity is powerful. This sentence is also applicable to network security construction. Each security product may be excellent, but when used together? Who can make them play the biggest role? Therefore, enterprises need to establish a new overall network security management solution-a unified security management platform for overall configuration and control of the entire network's multi-level and distributed security system, centralized Monitoring of various network security resources, unified policy management, intelligent auditing, and interaction between multiple security function modules are implemented to simplify network security management, improve the security level, controllability, and manageability of the network, and reduce the overall security management overhead of users. This platform is the key to making security products even harder.

Cisco Security experts said: "firewall, intrusion detection, encryption, authentication, VPN, and other products are very important. However, enterprise network security is not just built on these security products. If they are used incorrectly, the best technology cannot fully tap its potential. Today, all devices on the network may be attacked: routers, switches, hosts, and networks (both local and remote), applications, operating systems, security devices, remote users, business partners, external networks, etc. In the past one or two years, many enterprises have considered security issues as a relatively independent part of the network architecture. This reflects enterprises' emphasis on network security, but on the other hand, this method also limits Enterprises' efforts to formulate more complete network security policies, and sometimes leads to loss of network investment."

Lumeng believes: "the network security system should adopt a complete security policy and use multiple security products to effectively implement comprehensive protection, rather than simply building up security products. Based on this understanding, green alliance has strengthened its interaction with firewalls and other security management products in the "ice eye" system to help users build a truly reliable security protection system. Through the linkage operation of various Firewall Products, the ice eye intrusion detection system can automatically cut off attack behavior, and an ice eye network detector can interact with multiple different types of firewalls, it truly plays an active defense role. At present, the "ice eye" can be linked to the firewall netscreen series, the Tian Rong Xin firewall series, Check Point FW-1 series (or other firewall products that support the opensec Protocol), Eastern Dragon Horse firewall series, Skynet series and other products."

It can be said that the security management platform is a security policy support system. It not only provides security management personnel with the basis for formulating security policies, but also collects feedback on policy execution and optimizes and improves security policies, makes Security Management visualized, concrete, and operable. Therefore, in order to ensure network security, enterprises need to deploy all-round security products, and management of these security products is equally important. Good management is even more important for security products with high real-time response capability and active defense capability requirements.

What is security management?

Security Management (SM) is an important part of enterprise management. From the perspective of information management, security management involves policies and procedures, security defects, and resources, firewalls, password encryption issues, authentication and authorization, and client/server authentication systems, packet transmission security and protection against virus attacks.

In fact, security management is not a simple software system. It includes a lot of content, mainly covering security device management, security policy management, security risk control, security audit and other aspects. Security device management refers to the unified management and monitoring of all security products on the network, such as firewalls, VPN, anti-virus, intrusion detection (Network, host), and vulnerability scanning.