Firewalls, intrusion detection solutions, unified threat management and an endless assortment of malware and spam avoidance products make up the security infrastructure of all responsible organisations.
Few of the executives leading these organisations, however, can claim to know if all the money spent on security solutions delivers the protection they expect and creates a practical corporate security posture.
“I often hear the question: 'How do we know we are really secure?' from executives who have already spent significant amounts of money on security solutions,” explains Alan Rehbock, sales and marketing director at Magix Security. “These managers have done their best to secure their infrastructure and ensure their data is safe from external and internal threats. This knowledge does not satisfy their concerns, as they simply do not know how secure their companies really are.”
Rehbock says without careful planning, it is almost impossible for company leaders to know their perimeters are secure and all devices connected to the corporate infrastructure are authorised to transact on it. This is a problem all companies face in the connected, hi-tech era we live in and one that can't be ignored or resolved by simply installing a product.
The optimal approach to ensuring an organisation's security posture is to conduct a vulnerability assessment, and thereafter develop a comprehensive security policy covering all the identified vulnerabilities.
“Once an effective security policy is in place and an acceptable security posture developed, it is imperative that organisations continually monitor their posture to make sure it remains intact,” adds Rehbock. “The most cost-effective and reliable way to handle this is via regular, automated maintenance checks of existing solutions and scans for new vulnerabilities.”
While manual processes are always involved in a consultative and management role, technology is able to provide independent verification of a company's security posture, helping organisations to answer the following questions, among others:
* How do you know that every piece of equipment attached to your network is authorised to be there?
* How do you know that the information security policy you have developed and published within your organisation is being adhered to?
* How do you know that your customer-facing Web site is not being used to gain access to private information?
* How do you know that sensitive company or even customer information is not being leaked?
“The reality is that security is an ongoing exercise that cannot be handled by manual processes alone,” says Rehbock. “Organisations can only be assured of their security posture if they make use of technology to regularly run vulnerability assessments and security audits to ensure they are constantly prepared for any attack, whether originating remotely or from within.”
Editorial contacts

