Research has shown most companies start seriously addressing their security strategy immediately following a security incident, such as a well-publicized virus or a denial-of-service attack on their own systems. Historically, security has been an extremely fragmented market of point products designed to plug specific security holes or weaknesses. Enterprises must now take a more strategic approach to security management that:

1. Relies on security experts to outline security risks and ensure that technologies designed to remedy the problem are implemented correctly.
2. Centralizes security policy management and enforcement to ensure consistency across the enterprise.
3. Addresses the critical requirements to manage user access to resources on the network, identify and respond to malicious attacks, protect assets on the network from theft or corruption, and discover and remedy vulnerabilities before they are exposed.
   
   

(If you're new to Security, please read our Security Overview.)

Consult an Expert

Perhaps the most valuable step any enterprise can take when thinking about security is to consult a security expert first. There are many dimensions to the security challenge. Your network administrator, who probably has a solid understanding of security risks at the connectivity level, may not have the expertise to either know where vulnerabilities lie or the latest solutions to address them. Certifications in the security space include the Certified Information System Security Professional (CISSP) and the Cisco Certified Security Professional (CCSP), and you should ask for these qualifications when hiring an expert.

Centralize Security Management

Enterprises are faced with meeting the growing access demands of employees, business partners and customers, while deploying more and more security devices to restrict access and protect the network from increasingly sophisticated types of attacks. As a result, most companies have hurriedly deployed security or let different departments deploy their own security. Centralized management allows the enterprise to manage, monitor, and report on all of the disparate devices, and take a strategic approach to security.

Address Critical Requirements

Security solutions fall into four categories:

1. Identity Management. Identity Management focuses on authenticating and authorizing network-based users. It generally includes provisioning technology to manage user accounts and manage access privilege, web access control to validate users when accessing a resource, and single sign-on to simplify the process of logging into multiple systems without jeopardizing security.
   
   
2. Vulnerability Management. Vulnerability Management focuses on identifying vulnerabilities or weaknesses in the computing environment and providing the infrastructure to eliminate them. These solutions generally include firewalls, assessment tools, and vulnerability scanners.
   
   
3. Threat Management. Threat Management focuses on identifying and responding to malicious events that occur throughout the network, and generally includes security event management to actively monitor and centrally record events, and intrusion detection to monitor network resources and respond to attacks.
   
   
4. Trust Management. Trust Management focuses on protecting assets that reside on the network during high risk activities, such as transmitting private corporate information between systems. These solutions use encryption and Public Key Infrastructure (PKI).

For more information on choosing the right security solution for your company, read our Security Overview.

Go to Bitpipe Research Guide: Security.