Managing network security vulnerabilities

IT managers have their horror stories by the dozen:

  • Installing the latest operating system and software patches throughout your network only to find that they created new security vulnerabilities;
  • Spending all weekend implementing security countermeasures only to discover that the "risk" was a hoax;
  • Having to justify to a major customer, shareholder or the legal department why the latest headlined threat won't impact your operation.

These are just a few of the everyday problems in attempting to keep enterprises and e-business applications secure from hackers and malicious code. But staying abreast of potential security breaches for every operating system, browser, e-mail utility, firewall, VPN solution, antivirus protection software package, etc. can be a monumental task for disparate networks spread across the country and even around the world. And that doesn't include evaluating the validity of threats and the effectiveness of patches and fixes.

It's for these reasons that companies are turning to vulnerability assessment tools for answers. However, John Giubileo, vice president of Managed Services and Technology for

    Requires Free Membership to View

eSecurityOnline.com cautions that if these solutions have not been validated, the "cure" may make things even worse.

"A lot of security scares that come out in the media, on the Web, and through mailing lists aren't true vulnerabilities," Giubileo said. "For example, recently there was a firewall alert that didn't come from a good source and it turned out to be false. If you act on unsupported claims and start loading un-validated patches on 10,000 NT servers, for example, you can waste a lot of time or do more harm than good."

Guibileo says that companies need to make sure they are using trusted sources to perform vulnerability assessments and make recommendations for effective patches and fixes. To ensure that their ASP customers are correctly informed, for example, eSecurityOnline.com's Research and Development Team maintains validated databases on 2,400 vulnerabilities and fixes for 50-plus operating systems, 450-plus applications, and 50 devices - a task that far exceeds the capabilities and resources most IT departments can support.

"In addition, we watch continuously for vulnerabilities specific to each client's network and alert administrators immediately of any new and dangerous threats," Giubileo said.

ASP-based security assessment is an emerging technology that shows great promise for helping IT departments offload as well as upgrade the management of network security vulnerabilities.

About the author
Linda Gail Christie is a contributing editor, based out of Tulsa, Okla.

This was first published in September 2000

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.