This article can also be found in the Premium Editorial Download "Information Security magazine: Security Products Readers' Choice Awards 2007."
Download it now to read this article plus other related content.
In the trenches
The trouble within
IT pros have two big headaches when it comes to intrusion defense--getting support from upper management and getting users to clean up their computing habits.
Ask IT professionals which intrusion defense challenges keep them awake at night and few will mention the performance of their IDS or IPS devices or the tenacity of remote hackers.
Sure, for some users, headaches abound when it comes to their IDS devices giving off false positives and needing too much configuring. Dave Bixler, CISO for Siemens Business Services, says it was too much trouble tuning his IDS and babysitting it 24/7 to ensure it was properly monitoring everything. So he outsourced those tasks to a MSSP.
"We cured our pain points by passing the buck," Bixler jokes. "We decided to do this because of our earlier experiences with IDS/IPS, the expertise required to adequately tune it and the need for 24/7 monitoring, plus the added overhead of proving to auditors that we responded to every alert made."
For most IT security pros, however, the biggest obstacles to an adequate intrusion defense don't come from imperfections in their IDS or IPS. They come from executives who don't always understand the need for security investment or employees whose computing habits make it easier for the bad guys to steal sensitive data.
Of 307 IT professionals who took a SearchSecurity.com survey
Dealing with the rest of the workforce is another matter. They may leave USB keys with sensitive data in hotel rooms and airplanes, lose laptops, or open malicious attachments.
To deal with that problem, Bixler and other IT professionals rely on user education programs and an array of security devices--everything from IDS and IPS to antivirus software and firewalls, content-scanning filters and vulnerability management tools. That way, if an intruder punches through one end of the network, he can be stopped by devices and procedures deployed in other parts of the network.
City of North Vancouver IT manager Craig Hunter agrees user education is important. But he says the average employee will never become an infosecurity expert. That's why good security technology is important.
"The best you can do is embed security into systems so the users don't see it," he says. His philosophy: "Make it easier for users to do it right than to do it wrong."
This was first published in April 2007