Self defending networks
Download as DOCX, PDF2 likes2,571 views
This document discusses the need for self-defending networks to address evolving security threats. It notes that threats are now faster moving and more difficult to detect than in the past. Self-defending networks aim to identify threats, isolate infected devices, and reconfigure network resources automatically in response to attacks. They integrate security across all network aspects for a globally distributed defense.
Self defending networks
- 1. INTRODUCTION As the nature of threats to organizations continues to evolve, so must the defense posture of the organizations. In the past, threats from both internal and external sources were relatively slow-moving and easy to defend against. In today's environment, where Internet worms spread across the world in a matter of minutes, security systems - and the network itself - must react instantaneously. The foundation for a self-defending network is integrated security - security that is native to all aspects of an organization. Every device in the network - from desktops through the LAN and across the WAN - plays a part in securing the networked environment through a globally distributed defense. Such systems help to ensure the privacy of information transmitted and to protect against internal and external threats, while providing corporate administrators with control over access to corporate resources. SDN shows that the approach to security has evolved from a point product approach to this integrated security approach These self-defending networks will identify threats, react appropriately to the severity level, isolate infected servers and desktops, and reconfigure the network resources in response to an attack. The vision of the Self-Defending Network brings together Secure Connectivity, Threat Defense and Trust and Identity Management System with the capability of infection containment and rouge device isolation in a single solution. SELF DEFENDING NETWORKS To defend their networks, IT professionals need to be aware of the new nature of security threats, which includes the following: Shift from internal to external attacks Before 1999, when key applications ran on minicomputers and mainframes, threats typically were perpetrated by internal users with privileges. Between 1999 and 2002, reports of external events rose 250 percent, according to CERT. Shorter windows to react. When attacks homed in on individual computers or networks, companies had more time to understand the threat. Now that viruses can propagate worldwide in 10 minutes, that "luxury" is largely gone. Antivirus solutions are still essential but are not enough: by the time the signature has been identified, it is too late. With self-propagation, companies need network technology that can autonomously take action against threats.
- 2. More difficult threat detection. Attackers are getting smarter. They used to attack the network, and now they attack the application or embed the attack in the data itself, which makes detection more difficult.An attack at the network layer, for example, can be detected by looking at the header information. But an attack embedded in a text file or attachment can only be detected by looking at the actual payload of the packet--something a typical firewall doesn't do.The burden of threat detection is shifting from the firewall to the access control server and intrusion detection system.Rather than single-point solutions, companies need holistic solutions. A lowered bar for hackers. Finally, a proliferation of easy-to-use hackers' tools and scripts has made hacking available to the less technically-literate. The advent of 'point-and-click' hacking means the attacker doesn't have to know what's going on under the hood in order to do damage. These trends in security are what have lead to the advent of SDNs or Self Defending Networks as the latest version in security control.