StoneBlog.stonesoft.com

The recent list of successful cyber attacks is getting longer and more severe, with the IT security landscape changing fast. By now, everyone knows this. Every second some organization is being attacked, and yet the criminals remain untouched. Why? Because they are improving their tools and methods so quickly that the industry and organizations can not keep up. During recent years, the gap between defense and offense has become quite narrow, but seems to be growing again.

Continue reading »

written by Ari Vänttinen - 792 views \\ tags: AET, attacks, IT security, network security, risk management, security governance, security threat

Global economy downturn put new pressure on some security solutions weaknesses in term of high cost of ownership/administration, low manageability, clumsy incident management processes and cumbersome configuration procedures.

This happens when the whole security solution (or part of it) is conceived thoughtlessly or with a patchy attitude (oh, I have this issue/new need, let’s fix it).

Security has been, still is and will always be a process and everything related to that should never be an afterthought, especially if this has impact on resources and budget.

When undersized groups of people need to manage consistently security of a corporate information flow, the accent is less on watching and more on consciousness… less on surveillance and more on knowing what’s going on… less on monitoring and more, much more on awareness.

Monitoring is ability to watch a dashboard and see, for instance, that an attack is in progress or that a firewall node of a cluster in xyz location is in error state.

Security Awareness is about being conscious of the complete situation in the lesser time possible, and knowledgeable of the most efficient countermeasures to mitigate the risks while ensuring that damage possibilities or data loss/thief is nullified.

Continue reading »

written by RoarinPenguin - 1,110 views \\ tags: awareness, secure information flow, Security, security governance

Security solutions arena is today very crowded place, with each vendor claiming to have the latest greatest technology for that spectacular in depth inspection, prevention, protection, detection, defense, etc.

How about some governance?

The market recently saw some nice technologies popping out pretending to manage and govern multiple security vendors’ solutions from a single, consistent administration console.

Words like Security Governance, Event Correlation, Policy Change Management, Administration Rights Delegation, Alert and Incident Management, Auditing are wildly used and very often abused, leading to some very interesting questions:

• Multivendor Policy Management: how is it possible to cope with the multiple configuration options offered by each security solution? For instance, a CheckPoint firewall is rather different from a Juniper, which in turn is again different from a StoneGate
• Event Correlation: this is one of most abused term in security… often resulting in complex rules that never meet customer expectations
• Policy Change Management: fair enough… but why should I pay for a revision tool when I would expect this functionality from my security management platform?
• Administration Rights: I would say same as above

Let’s now give a closer look to SMC, aka StoneGate Management Center.

Stonesoft has been very careful from day one to the Security Governance side of the solution offered… never forgetting that no matter how easy, powerful or sophisticated and flexible a solution is, it always involve an impact on resources, a learning curve, a need for meta information to support decision in critical moments, etc.

This focus we had grew and evolved with the security engines product, trying to meet constantly requirements from regulations (but also from customers), trying to offer broad range of functionality (but at the same time keeping usability levels high), trying to build a powerful and flexible protection architecture (without forgetting that power is nothing without control).

Let’s now take a closer look to the questions I mentioned above from a StoneGate standpoint, taking also advantages of new features coming with the next major version 5.0 described so well in previous posts by Tero:

• Policy Management:
  StoneGate Management Center includes several important tools to ensure that security policies are always consistent and error-free.
  The administrator can always compare the policy installed on a given engine with the latest version stored in SMC, highlighting eventual changes.
  Furthermore, it can check which engines among the installed base need a policy refresh.
  It is also possible to check past policy snapshots, comparing each with current policy, to validate a policy before the upload for common errors like unreachable destinations, duplicate rules, conflicting rules, inconsistent NAT definitions, etc.
  Finally, security administrators can check how often a given rule has been used in given amount of time to keep the rulebase always performant, manageable and correct.
  Other technologies to help greatly managing security policies, especially when installed base is large, are Templates, Subrules and Aliases.
  Last but not least, it is possible to create immediate corrections to policies from within the log browsing system, saving huge times in fine tuning operations like eliminating false positives, avoid useless logs, etc.
• Event Correlation:
  StoneGate takes event correlation to the State of the Art: not only it is possible to show relevant logs related to a given event (like an alert), not only it is possible to browse just the relevant logs for a given topic, but in StoneGate Management Center refined information and correlation is implemented to the highest degree of usability:
• Flow Correlation with StoneGate Analyzer, allowing the build of powerful correlation situations to detect even the most sophisticated threats and attacks attempts, performing analysis that spans time and/or space
• Visual correlation with geolocation, up to linking the refined aggregated information with Google Maps
• Combining different views of information needed with Live Overview to maximize monitoring
• Switch from detailed log view to graphs and report to maximize perception of trends and situations with aggregated informations
• Visual Reporting to generated refined information for security decision support
• Administration rights delegation:
  it’s not necessary to have 1000 security engines installed to need administration rights delegation. It’s surely needed when security is pervasively implemented throughout the Company Information Flow. Hence StoneGate Management System focuses on providing enhanced option to ensure proper low-impact efficient administration of the  whole architecture:
• complete and flexible access control, with administration roles and role-based granular rights.
• Separated Domains and Web Portal, to achieve proper segmentation of information managed by multiple groups.
• Multichannel, progressive Alert escalation with thresholds and moderations to ensure that time-critical events are notified properly to efficient channels
• Auditing, to achieve compliance with regulations and to control who did what and when
• integrated Incident Management System, to keep track of data and actions performed in case of critical events like threats and attacks

And if the above is not enough, let’s complete the overview by mentioning state-of-the-art monitoring with Network Diagrams and new VPN Monitoring, Failsafe Remote Upgrade and other nice “historical legendary features” of StoneGate Management Center, now available to monitor and process logs of Third Party Devices.

Anyone for Security Governance?

written by RoarinPenguin - 917 views \\ tags: low tco, policy change management, security governance