Characteristics of a Self-Defending Network

Today's networks must be able to respond to attacks while maintaining availability and reliability.

As we move into an information-driven global economy, today's networks must be able to respond to attacks while maintaining availability and reliability. Rather than succumb, networks must be able to absorb attacks and remain operational, much in the same way the human immune system functions even in the presence of infections.

The future of security technology has changed more in the last three years than it did in the prior ten. The extent of these changes, as well as the rate of change, has made it difficult for security IT departments to keep up. Regaining control includes addressing:

  • A secure network perimeter
  • Wireless and mobility
  • E-commerce, extranets, and conducting Web-based business
  • Viruses, worms, and the rate of propagation
  • Regulatory compliance

Ideally, security enhancements should have a minimal impact on existing routing and switching infrastructure, segmentation and access control techniques, and the related organizational structures that support these systems. Four elements support this:

  • Presence: The network relies on the availability of certain controls within discrete nodes on the network, which look at identity, access control, data inspection, and communication security, as well as newer application-aware capabilities that handle peer-to-peer content, Web services, voice services, and dynamic mobile content.
  • Context: Instead of focusing only on permissions at the time a user enters a network, it's more effective to grant or revoke permissions based on behavior and associated context for the duration of the user's connection with the network.
  • Linkages: Traditionally, networks have established linkages between devices through routing protocols. In order to deal with the latest forms of threats and misuse, these linkages should extend all the way to the source and the destination of network traffic.
  • Trust: In the past, trust has been tied primarily to the identity of a device or user. Recent advances have shown that secure systems must be augmented to include understanding the state or posture and location of a device.

A Better Sense of Defense

Corporate networks, and the attacks used to exploit them, are now so complex that no single mechanism can be relied upon to keep them secure. Integrated, adaptive, and collaborative security solutions provide proactive defenses.

The key abilities of these adaptive defenses, which are built into the concept of a self-defending network include the following benefits:

  • Remain active at all times
  • Perform unobtrusively
  • Minimize propagation of attacks
  • Quickly respond to as-yet unknown attacks

These capabilities can reduce windows of vulnerability, minimize the impact of attacks, and improve overall infrastructure availability and reliability. They also help create autonomous systems that can quickly react to an outbreak with little to no human intervention. Such a self-defending system should include the following elements:

  • Endpoint Protection: By detecting and preventing viruses and worms from gaining a foothold at an entry point (or endpoint), you can prevent them from propagating across a network.
  • Admission Control: Allows you to determine what level of network access to grant to an endpoint based on its security posture, which is based on the security state of the operating system and associated applications. It also works as an on-demand vulnerability assessment and patch management tool.
  • Infection Containment: Extend the security checks performed at the time of admission for the duration of the network connection.
  • Intelligent Correlation and Incident Response: Provide services such as real-time correlation of events, quick assessment of the security impact of an event, the ability to decide what action to take, and the ability to identify the closest control point to implement a response.
  • Application Security: To address new classes of threats, security software should provide granular traffic inspection services to critical network security enforcement points, thereby containing malicious traffic before it can be propagated across the network.