What Are You Missing When it Comes to Enterprise Security Testing?

For all the advances in enterprise networking over the years there's been one big step backward: security testing. Relatively few enterprises today conduct regular security tests in-house, relying instead on occasional tests by outside consultants or, more dangerously, just taking vendor claims at face value.

By Aswath Mohan, director of marketing, Spirent Communications
Wed, December 12, 2012

Network World — This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

For all the advances in enterprise networking over the years there's been one big step backward: security testing. Relatively few enterprises today conduct regular security tests in-house, relying instead on occasional tests by outside consultants or, more dangerously, just taking vendor claims at face value.

Too often enterprise security testing takes one of two paths, neither satisfactory. Some enterprises buy complex security test tools, along with training, but then the tools gather dust once the trained staff leaves. Or they bring in outside consultants for security audits and penetration tests. While the results can be useful, they offer only a snapshot of the enterprise network at a given point in time. Obviously, both approaches have drawbacks.

ROUNDUP: Worst security snafus of 2012

What's really needed is an understanding that network security is an ongoing process, not a single product or service. Security test tools will continue to be important -- but only if they're actually used. With that in mind, here are some guidelines for assessing in-house security test tools:

* Ease of use and portability. The most common reason security test tools fall into disuse is their inherent complexity. We live in an age where children take to tablet interfaces with no instruction. There's no reason why security test tool interfaces should require a Ph.D. in network forensics to operate. And testers should get the same look and feel, regardless of whether a test is run from a desktop, tablet, smartphone or any other device.

* Meaningful, repeatable results: Test traffic should offer as much realism as possible. For example, tests that simply packet-blast a firewall with stateless small packets aren't very interesting, especially if the firewall's job is to guard against specific types of stateful application-layer attacks.

* DoS/DDoS protection: There are times when packet-blasting at high rates is exactly what's needed, and that's true for denial-of-service testing. Test tools need to have enough horsepower to saturate one or more backbone links with known forms of DoS and DDoS attacks, and they need to do so in a way that offers fine-grained control of key traffic parameters such as attack source addresses.

* Fuzzing. There's a bit of an arms race going on among vendors of signature-based security devices such as intrusion prevention devices (IPSs). One vendor will claim its IPS supports X number of signatures, while another will say its products are better because it has 2X signatures.

1 2 3 next page »

Originally published on www.networkworld.com. Click here to read the original story.

More from CIO

You are here: Technology Topics » Security » Expert View

Most Recent Security Stories

White Papers »

Top 8 Identity & Access Management Challenges with Your Saas Applications

This whitepaper presents the eight biggest identity and access management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them.

Everything You Need To Know About A DDoS Attack

DDoS attacks can bring large online businesses to a complete halt. Banks and eCommerce sites are two high profile sectors that have experienced large attacks recently.

Cloud Impacts and Outcomes for Business Leaders

Learn More

Wanted: A Trusted Provider for Public Cloud Services

Learn how Dell's cloud strategy, built on the highest level of VMware integration and security, is enabling enterprises to get out of the data center business by leveraging Dell as a trusted cloud service provider.

A Universal Log Management Solution

Digital fingerprints are generated by individuals as they use enterprise systems. Do you know where your vulnerabilities are? This white paper discusses the log management landscape and the solution that protects modern networks.

Big Security for Big Data

To meet security problems faced by organizations, a paradigm shift needs to occur. Businesses need the ability to secure, collect, and aggregate data into an intelligent format for real-time alerting and reporting. How do you get started?

Webcasts »

HIPAA Hiccup Solved

Data protection priorities rapidly changed after a patient data leak that caused one healthcare provider unexpected expenses, potential reputational risk and possible HIPAA non-compliance.

Dell Software

This overview of Dell SonicWALL next-generation firewalls showcases how you can increase network security by scanning every packet without any compromises in network performance.

Enhance Network Security with Dell SonicWALL Next-Generation Firewall

This 5-minute video demonstrates some of the key features of Dell SonicWALL. See how intuitive, real-time dashboards enable IT to enhance network security, manage network bandwidth and regain control into the visibility of applications.

The New Mobile Management: Getting A Grip on Complexity

As mobile devices of every description proliferate across the enterprise, the IT pro must ensure that mobile applications have the bandwidth and security they need to run effectively.

Customer Success Video (State of Michigan)

Learn how the State of Michigan is utilizing DeepSight security intelligence to protect critical infrastructure.

PGI Customer Success Video

Learn how PGI is using Symantec Managed Security Services to protect their systems, while allowing them to focus on running, and building, their business.