Those of us who travel through any U.S. airport are used to the inconvenience of airport security - the long lines, metal detectors, having to take off your shoes, belts, earrings, and of course the ominous "liquids and gels" inspection. While most people accept these inconveniences as an unfortunate necessity, much of what has been implemented shares some of the common pitfalls found in many computer and network security programs. Using the U.S. airport security model as an example, let’s take a look at some of the security being implemented and relate it to security gone wrong in the enterprise:
"Boarding a plane at Ben Gurion airport, shoes aren’t removed (no stocking feet!), passengers aren’t body scanned, and there are no pat downs. There are, however, plenty of questions asked by intelligent security officers who have got their eyes firmly on you, know exactly what to look for, and have no qualms about detaining any individual or group who arouse their suspicions."
Sound familiar? It should. It reminds me of my weeklong class training on intrusion detection systems. We learned what to look for on the network to detect attacks, and had no qualms about digging deeper into specific packets, reviewing them in their entirety to determine their purpose. Employing security personnel trained in what to look for does wonders in keeping your data, or airlines, safe. Couple this with end-user training, and you've added another layer to your security model.
The really scary part is how this relates to the most recent attack against the U.S. on Christmas day by the infamous "underwear bomber". President Obama announced that intelligence agencies knew that the "underwear bomber" posed a threat, but could not "connect the dots" and prevent this attack from happening. I’ve been in the same situation, as it relates to network security. After an incident occurs, I would go back to my logs and realize that I could have prevented it from happening, but it was too late. This highlights the need for both tools (such as the Tenable Log Correlation Engine, otherwise referred to as "SIM" or Security Information Management) and people who are trained to use them.
We're Here to Help
At Tenable, we strive to provide you the tools, skills and guidance necessary to build a successful security program. The tools include Nessus, PVS, Security Center and LCE. You can see them in action here on this blog, on our YouTube channel,and our demonstration video page. We offer a comprehensive training program for all of our products as well. There are other resources on our whitepapers page (for example the paper titled "Maximizing ROI on Vulnerability Management") that offer guidance on how to use the tools and skills to build a successful information security program.