Coordinating Our Network Defenses
Making the case for coordinated endpoint security, as developed by Trusted Computing Group
Stuart Bailey
Infoblox Founder and CTO
November 26, 2007
Jan walks into the office at 8 a.m. with a hot cup of coffee and a calm look on her face. After a few minutes, she notices that the dreaded “Fawlty”
virus tried to bring the corporate network to a grinding halt last night, but didn't. At first glance it looks like a visitor to the Executive Briefing Center inadvertently infected the guest wireless network, but a deeper trace suggests that a malicious Russian hacker spoofed a VOIP call to gain access to the core data center.
Finally, the records show, that amidst the chaos of last night's maintenance window, Jan's coordinated defense system correlated the “Fawlty” virus and the VOIP session to an infected, but authenticated, laptop running Windows XP in the EBC and quarantined it. She now has a name and number of an executive to follow up with today. She decides that she'll walk this one up herself.
Jan's fictional coordinated defense system sounds too good to be true. For most cost-sensitive buyers of off-the-shelf network security systems, it is too good to be true. For starters, Jan would need to know exactly where to look to find out what devices are on the network, who is associated with those devices, where those devices have been, what the network traffic from those devices looks like, and as much activity history of those network devices as possible.
Read the Full Article at SecurityInfoWatch