how to guide: integrated security
Build an integrated security architecture
Policy-driven security management requires integration, but undue complexity must be avoided
THE security arsenal of the typical organisation is a collection of point tools that address individual issues. The network firewall will not be connected to the web application firewall; the distributed denial- of-service (DDoS) defences will not talk to the antivirus software. This approach is a barrier to policy-driven security, which allows the organisation to define acceptable levels of risk, permissable network behaviour and security service level agreements (SLAs) for applications that are pushed out to individual defences. This approach is particularly useful for managing security infrastructure in line with regulatory compliance.
The need for integration If these point solutions are not integrated, however, then implementing or updating a security policy requires each one to be updated individually. This increases the workload of implementing security policies, and increases the chance that a policy will be implemented incorrectly or not at all. The ideal situation is a service-oriented
WWW.INFORMATION-AGE.COM
security architecture, in which individual components can be controlled using standards-based application programming interfaces (APIs). This allows a central repository for security policies – often a governance, risk and compliance (GRC) application – to be integrated with the individual security technologies, which in turn means that policies can implemented and updated automatically. It is a good idea to bear this ideal in mind
when choosing security technologies. In the long run, a security tool with medium
WWW.F5.COM 5
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20