The Essentials Series: Understanding and Responding to Network Threats

by Dan Sullivan


Networks face a stream of constant and evolving threats while changing in response to business demands for new IT services. This series is designed to help IT managers, network administrators and related decision makers understand the types of threats faced in today’s online environment and how to evaluate and deploy security products to counter those threats. The Essentials Series: Understanding and Responding to Network Threats series is particularly focused on a comprehensive approach to network security management and products that can effectively address multiple threats.


Article 1: Keeping Pace with Security Threats Understanding

The state of networks is constantly changing to meet new business requirements but on top of this network administrators are expected to keep pas with the latest security threats. This article is designed to help readers understand how to balance risks and adapt to changing environment all without creating a security-based bottleneck to business. The article addresses key questions, such as understanding what is on the network, who is on the network, and what is the configuration of the network.

Article 2: Evaluating Intrusion Prevention Products

Intrusion prevention systems (IPS) are one of a core set of security products that protect network assets. Unfortunately, typical evaluation criteria, which focus on narrow technical issues like how large is the attack signature database and how fast is the appliance, do not capture the breadth of technical and business requirements for an IPS. This article outlines a better way to evaluate IPS functionality that focus on comprehensive security issues like resource vulnerabilities, measuring performance improvements and system robustness.

Article 3: Managing Multi-Function Security Products

Unified threat management (UTM) is a promising approach to consolidating security controls, including firewalls, intrusion prevention, anti-virus, content filtering, and reporting.  There are however a number of operational issues that should be considered when evaluating and managing these devices. This article examines those issues and describes the benefits of the UTM approach, including policy-based management, select security controls, and the ability to scale to meet the demands of a particular network.