Guarding IT security infrastructure

By Martin Hodgson
It’s a 2,000-year-old question, and as relevant to today’s IT security landscape as it was in Juvenal’s time: Who will guard the guards themselves...

It’s a 2,000-year-old question, and as relevant to today’s IT security landscape as it was in Juvenal’s time: Who will guard the guards themselves?

We think of security infrastructure as our guardian against the dark powers who would infiltrate our network and steal our most sensitive secrets, but there’s danger in putting too much trust in technology without overseeing these tools.

Relying on firewalls and antivirus monitoring (AV) alone isn’t enough to counter today’s sophisticated, well-resourced cybercriminals. Security now depends on a holistic approach – one that not only identifies all the potential hazards, but which also links different security systems (both physical and logical) and manages the relationships between them.

See also:

That doesn’t mean that traditional technologies such as AV and intrusion detection are no longer useful. Rather, organisations should be aware that not all threats are external in origin or criminal in intent. They include malfunctions from poorly-configured devices and applications, threats from Shadow IT such as employee-owned devices, or disasters such as fires and floods.

That’s why having a monitoring and early warning system is such an important element to any serious security strategy. By monitoring all critical components, from firewalls to CCTV, antivirus to environmental sensors, organisations can spot the first signs of impending problems before a crisis occurs.

Our own security systems require their own safeguards, and this “meta-security” should incorporate five elements. First, organisations need full control and oversight of their security tools to ensure that firewalls are properly configured, backups regularly and fully undertaken, and threat detection is identifying suspicious activity on the network.

Next, they need backup systems in case conventional tools fail. We are already seeing this in new Identity and Access Management tools which work by detecting unusual behaviour, rather than scanning for known malware signatures.

Businesses also need the ability to monitor systems performance in real-time, including all hardware, software and data streams. This shouldn’t just focus on security infrastructure, but everything that affects employees’ ability to conduct their work.

Similarly, any monitoring system should watch over physical sensors, including CCTV, and notify the business when defined thresholds have been exceeded.

The final element is the ability to draw all these disparate monitoring systems into one clear, easily-understood whole, rather than a set of separate solutions. This clarity is essential if one is to gain a holistic picture of your preparedness.

Where can you buy such a multi-faceted security monitoring system? The answer is that there is no out-of-the-box solution – nor should there be. Each organisation is unique in its infrastructure mix and the threats it faces, so a one-size-fits-all approach won’t work.

What’s important is to build a monitoring solution that possesses all the necessary functions to monitor the entire IT infrastructure, including as many of the common protocols as possible: SNMP, Ping, FTP, http, NetFlow, sFlow, jFlow, WMI or packet sniffing. It should also connect every device and application via a well-documented API, which is straightforward to achieve.

Can we guard our guardians? Of course we can. The barrier is not technological; all it takes is the will to take security seriously.

Martin Hodgson, Head of UK & Ireland, Paessler – PRTG Network Monitor

Share

Featured Articles

Cloud & 5G - Day 1 highlights from the in-person stage

TECH LIVE LONDON returned to the Tobacco Dock last week. The stage host and Technology Magazine Editor in Chief, Alex Tuck, discusses the key themes

TECH LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at some of the highlights of our final day at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

TECH LIVE LONDON: Begins tomorrow at 10am!

Digital Transformation

Executive Q&A: Marc Lueck, CISO EMEA, Zscaler

Cloud & Cybersecurity

TECH LIVE LONDON: Registering, networking and logistics

Digital Transformation