This article can also be found in the Premium Editorial Download "Information Security magazine: How security pros can benefit from information sharing."
Download it now to read this article plus other related content.
Real-time Security Awareness Tool
How often do you send an urgent e-mail warning against opening strange attachments, and, yet, some hapless user will open it anyway? We can put up all the firewalls we want, write policy after policy, and impose controls and rules, but ultimately our security is at the mercy of naÏve users who rarely realize the implications of their actions.
What many security practitioners wish for is an intelligent rules engine that can recognize risky or prohibited activity and pop up a dialogue box that either confirms the user's intended action or blocks the action entirely. For a greater degree of control, the system could send a message to a security manager, requesting a policy exception, such as the one-time right to transmit a .vbs script via e-mail.
Users want the system to generate reports on policy violations and warnings; it would help managers identify topics for security awareness training and identify users that cause frequent security problems.
We already have the foundation for this in several applications, such as the e-mail warning box that pops up when opening attachments. Verdasys' Digital Guardian and other DRM vendors provide warnings and logging systems for misuse of content and digital media. What security managers want is a system that's mapped to security polices and can apply those rules to nearly all user actions.
Software management and installation controls are often all-or-nothing propositions. You can lock down devices and desktops, preventing users from installing unauthorized applications, and you can use Active Directory, SMS and other tools to install applications by groups across an enterprise. What's missing is a tool that can push new software to specific devices, and then remove them once they're no longer needed.
In an enterprise with locked-down configurations, the system would allow a user to request software, have the request reviewed and approved, and then initiate the installation process.
Security managers also want the power to back out of application installations. If the user only needs a piece of software for a specific period of time, this system would know when to uninstall the app, including .dll files, registry entries and other system directory components.
A True One-Stop Shop
It's still a best-of-breed world, but security managers wish for the day when they can go to a single vendor to get what they need.
Every year, the security market goes through a round of consolidations, where large IT and security vendors snap up the smaller boutique shops to fill out their product catalog or capitalize on their technology. Despite the rapid expansion of product lines by Symantec, McAfee, Cisco Systems and others, most enterprises still go to multiple IT and security vendors to get the technologies and products they need to operate and secure their infrastructures.
This was first published in January 2005