Region: Asia [change]
My Customer Portal Login >
Home > News > Reachout > Delivering network security

The challenge of delivering network security

The challenge of delivering network security in any global organisation is manifestly clear. The continued changes of environment, technologies and types of threat all contribute to the problems faced today.  And even with considerable advances in the area of security, businesses are still failing to protect their businesses.

However, as Adam Lembariti, Head of Security at Telstra International, EMEA explains, deploying the right technology alone is not the solution…

The first question to ask is: “Where do these threats come from?”  Attacks are evolving, growing in both size and sophistication each year, with the 2008 threat environment report by Symantec showing an almost threefold increase in the number of observable threats.

The fundamental driver of this growth and evolution is an economic one. In the early nineties, cyber criminals would find a vulnerability and then exploit it in the most public manner possible – hence the high profile hits against NASA and the Pentagon. The aim was simply to gain notoriety and ’respect’ within their circle.

This is no longer the case.  Today, there is a well organised underground economy in which a single piece of credit card information alone can fetch anything up to 30 US dollars. What’s more, hackers no longer need skill or knowledge: a new market has developed where malware is created by hackers to be sold to - and used by - relatively unskilled criminals. Money, not notoriety, is now the main attraction. 

Changes in the global business environment have exacerbated the situation:

  • Mobile workers not only move data outside the organisation but also connect back into the network remotely from access points that the business has no control over at all.
  • Most organisations provide access to third parties and partners into their networks.
  • Most organisations today interact with their customers in some way over the Internet.

These changes mean the traditional secure network perimeter, a trusted ’boundary’  inside of which everything was safe, is no longer so well defined.  Furthermore, it is no longer easy to conclude that whatever is within the boundary is known and trusted. Increasingly shorter employment periods, disgruntled employees and larger business operations can make it difficult to determine what needs to be secured and against whom to secure it.

It is only once the motivation is understood that an organisation can set about securing the business.

And the only way to effectively secure a business is to define clear and comprehensive security policies that are aligned to business needs at strategic, tactical and operational levels.

This is nothing new. Businesses are aware of it and many have policies and practices in place. We would therefore expect to see a decline in breaches of the most basic types of vulnerabilities.

But this is not the case. 

Research from sources such as the Identity Theft Resource Centre (www.idtheftcenter.org) shows a year on year increase in breaches. What’s more, these breaches are not complex, but often the result of exploiting simple vulnerabilities. This suggests that even though businesses may have well defined policies, accompanying procedures and the required technology – including firewalls, IPSec, Anti Virus software, Intrusion Detection Systems and so on - security is failing at a much more basic level. It comes down to people in the loop: those who execute your policy are those who will ensure your business is secure.

This is where a security partner can play a key role. Internal staff can be supported by security experts in tracking the moving threat environment and can quickly receive guidance to managing evolving and emerging threats. With the ability to analyse threats against a large base of monitored devices spanning many businesses, you can detect threats much earlier and proactively work to mitigate risks to the business.

Most importantly, as security is their core business, they have a vested interest to stay ahead of the threat environment.

This then is the positive side. Most businesses are already deploying enough technology to at least detect breaches. The answer isn’t in investing yet more money to deploy the latest and greatest. It is ensuring that your current technology is being properly managed.

Contact a Telstra specialist

Click here

Product overview

Managed security
Copyright Telstra Corporation Limited 2010