The Future of Intrusion Prevention - Essay Example

Four 2 Page Papers Swarnambika S Academia Research Risk Analysis and Threat Assessment A threat assessment methodology will provide themeans to analyse and understand the threat agents in order to anticipate their moves and ways of engagement. Until now, threat assessment was just a part of risk analysis. Risk analysis is a process to assist management in defining where time and money should be spent (Nosworthy, 2000). There are two types of risk analysis, the quantitative and the qualitative. The first is a mathematical approach based on probabilities and the second is a high/medium/low approach. Unfortunately the majority of threats defy all sorts of probability analysis. The reasons for conducting a risk assessment are (Neumann, 1995; Smith, 1993; Reid and Floyd, 2001; Katzke, 1988; Hancock, 1998; Brewer, 2000): new threats, new technology, new laws and new available safeguards. The issue taken for the risk analysis and threat assessment was the students' violent behaviour at school. The aim of the assessment was to identify the next rebel by developing the profile of a typical rebel. To achieve this, a four spiked model of assessment was designed. This model provides a framework for evaluating a student in order to determine if he or she has the motivation, means, and intent to carry out a proclaimed threat. The assessment is based on the sum of the circumstances known about the student in four major areas. Spike 1 (Personality of the student): Evidence to a student's personality can come from observing behavior when the student expresses characteristics like, managing with conflicts, disappointments, failures, insults, or other stresses encountered in everyday life, anger, frustration, disappointment, humiliation, sadness, or similar feelings. Spike 2 (Family background): Family background involves patterns of behavior, thinking, beliefs, traditions, roles, customs and values that exist in a family. Spike 3 (Academic History): Academic history involves patterns of behavior, thinking, beliefs, customs, traditions, roles and values that exist in a school's culture. Spike 4 (Social History): Social history involves patterns of behavior, thinking, beliefs, customs, traditions, and roles that exist in the larger community where students live. Findings Spike 1 (Personality of student): There may be involuntary signs shown by the student about his inclination to violence in his behavior, thoughts or attitudes. The student might often show out frustration and tries to alienate. There is a collection of acts of "injustice" done against him registered in his mind. The student often shows signs of depression such as lethargy, physical fatigue or lack of interest towards any activity performed. He exhibits selfishness and has self-centred thoughts with great inclination towards entertainment filled with violence. He behaves inhumane and has low tolerance levels. Spike 2 (Family Background): The student might have a damaged relationship with parents. He might have easy access to weapons at home, unlimited non-monitored access to the media and internet. Spike 3 (Academic History): The student might have a low tolerance for punishments and bullying at school. He might be with a school having fixed culture with unsupervised computer access. There might little trust with the teachers. Spike 4 (Social History): The student might have companions who have great inclination to violent activities. He might have unlimited access to internet, computer and media. The knowledge of a student and his attitude towards the use of drugs and alcohol too play a vital role. The Intervention Process An effective intervention process by the school would be to manage the threat effectively by taking the following measures: 1. Inform the students and parents of the school policies 2. Appoint a Co-Ordinator for threat assessment 3. Enforcement of law in three levels - low, medium and high - while the intervention at low level would involve interview with the student and parents; the intervention at the medium level involves an investigation and the one at high level ends up with a criminal prosecution. The Future of the Security Industry over the Next Two Decades There has been a lot of debate during the past two years about the future of intrusion prevention. Some have argued that the future of network security lies in intrusion prevention and that intrusion detection is dead. Others have made the case that detection is simply evolving into prevention. But now that prevention technology has had time to evolve, it is clear that enterprises require security that not only combines high-quality detection and prevention, but is more than just a sum of these two parts. Once prevention is added to detection, this combination must progress on its own to become a truly comprehensive internal network security solution. You cannot prevent an attack if you do not first detect it, so the detection of attacks, anomalies and policy violations are the foundation of intrusion prevention. As detection becomes more critical to internal network security policy enforcement, intrusion prevention will drive the need for continuous improvement in the quality of detection, as well as the quality of policy enforcement management. The result will be that enterprises have much greater control over the security policy and risks within defined segments of their networks. The debate is no longer about which technology will prevail but rather how it will evolve. The future of intrusion prevention is not simply in the speed and sophistication of new hardware. Instead, the future lies in the security content and expertise that enterprises must demand from vendors, both in the design of the products and in the security intelligence fed into the products in real time. The evolution of intrusion prevention is shifting the focus to making smarter and more effective products that provide the knowledge to make correct decisions. IT administrators cannot afford a product that makes unnecessary mistakes. The knowledge behind the box is just as important as the product itself, so vendors must develop and be able to provide the security intelligence that is critical to making intrusion prevention a success. If security intelligence is incorporated into a sophisticated product, intrusion prevention will undoubtedly become a key component of the security architecture, just as firewall and antivirus are today. "As the internet and technological advances continue to reshape the way we do business in government and industry, and as competition and economic pressures create quicker and more efficient ways to do business, the reality of increased economic crimes has a serious impact" (Nasheri, 2005). Not all enterprises have the security expertise or, in some cases, the personnel required for security coverage 24 hours a day, seven days a week. Intrusion prevention puts control back in the hands of administrators, and as it evolves will allow even more flexibility and control. When taken to the next level, it can also restore confidence that the enterprise is protected. This next level of security will not come from speed or fancy hardware, but will require rich security intelligence. Security vendors must become partner in protecting the enterprise by providing regular security updates and early warning threat notification. This security intelligence, combined with technology, will allow security policies to dynamically modify the threat defense landscape and guard against the latest vulnerabilities before exploit code can potentially cause harm. In the past, using intrusion detection alone was like driving with blinders on - it only allowed administrators to see a narrow segment of what was happening in the network. With intrusion prevention, the blinders have come off a little. And in the future, the blinders can be removed even more by having the knowledge of what's going on not just in your network, but also on the Internet as a whole. The more security intelligence enterprises have, the easier it will become for administrators to create policies that activate the proper blocking capabilities at the right time, minimizing disruption to their networks during threat outbreaks. In the next two decades, products will become more sophisticated and more dependent on rich security content and the intelligence going into them. That, in turn, will allow IT managers to develop expectations of the benefits of intrusion prevention and make it a standard part of a secure network. Impact of the convergence of traditional physical security and IT security The most important trend in security today is convergence. Convergence includes the merging of physical and computer security departments, as well as increasing involvement of IT vendors, departments and personnel in the manufacture, purchase and operation of security equipment. Next-generation equipment and software combine the monitoring and management of physical and computer security. Similarly, another goal of convergence is to have employees use only one employee ID to access the premises and equipment. Approximately 39% of businesses worldwide are considering integration of access control and security systems for their premises, according to Access Control Technologies and Market Forecast World Over (2007), Sept. 2005, published by RNCOS. Another important element of convergence is the use of open IT standards to develop comprehensive security systems. The end results of these actions are standardized technology platforms that enable enterprises to eliminate redundant systems, technologies and data. This enables security/IT personnel to solve problems once and take common approaches to threats, be they physical or logical. Convergence also results in the creation of clear responsibilities for handling security threats and promotes close cooperation amongst all IT and physical security professionals working together. "Technical systems for performing work through social interactions of workers quickly evolved, and the term socio-technical systems came into use to describe the merger" (Fayo, 2001). While convergence helps to streamline security systems, processes and procedures, the tasks at hand for ensuring security continue to grow in complexity and expense. Fortunately, IT staffs that have been watching over non-physical IT/IP-based assets for many years can manage new IT/IP-based security systems. As convergence unfolds, security and IT staff can team together to perform activities such as identity management, investigations, and infrastructure. The enterprise enjoys the cost savings this provides. In addition to meeting their own security needs, converged systems enable companies to meet security requirements being shaped by the world's political climate and legislation such as HIPAA, GLBA and Sarbanes-Oxley. Top executives and boards of directors are under great pressure to maintain a secure workplace and ensure that their companies are meeting legislative demands. Role of Al-Qaeda Al-Qaeda still exists as a terrorist structure differentiated from other groups in the global neo-Salafi Jihadist movement and it continues to pose a real threat to European societies. This threat may be direct or indirect. It is particularly serious in the case of the United Kingdom, although by no means insignificant for other European Union countries. The most plausible attack, if al-Qaeda itself participates in its planning and execution, would be highly lethal, probably catastrophic and perhaps even involving the use of non-conventional weapons. However, other less spectacular and very lethal incidents is more likely if simply instigated or facilitated by al-Qaeda. In the short and medium term, it will be difficult for state security agencies to successfully thwart all these planned terrorist attacks on European citizens and interests. Indirectly, al-Qaeda has often instigated attacks on European targets by its affiliated groups and organisations or by independent cells whose activities are inspired by the ideas and repertoire of violence promoted by the main figureheads of international terrorism. Of all this there is past evidence as well as recent indications that al-Qaeda continues to pose a serious threat for European institutions and populations. Its leadership, its closest associates and the activists most closely linked to the organisation are still determined to commit a spectacular attack on European soil, which could even include an act of non-conventional terrorism, while they continue to encourage or facilitate the terrorist activities of other groups and organisations related with the global neo-Salafi Jihadist movement. Five years ago, immediately after 9-11, American support for how the Bush Administration was responding to terrorism was nothing short of extraordinary. Today, support has plummeted, and more than a third of Americans believe their government was complicit in the events of that day. In the United States, the bipartisan consensus on Iraq did not survive the uneasy U.S. occupation or the beginning of presidential campaigning in late 2003. U.S. domestic opinion largely supported the initial decision to intervene in Iraq, but may well be turning on other, newer factors. These factors include the lack of evidence that Iraq did in fact have weapons of mass destruction (or was making substantial efforts in that direction), the burden of a U.S. occupation that has cost more funds and human casualties than the Administration publicly anticipated, and the perception that the Bush administration should be giving more attention to a stalling domestic economy with continuing joblessness. As one New York Times columnist characterized it, President Bush has gone quickly from "swagger to stagger" (Dowd, 2003). While the majority of Americans wish for multilateral support, we should recognize that the word multilateral has a unique connotation in today's United States. U.S. multilateralism post-9/11 seems chiefly to refer to a means or process. Multilateralism in these terms is not a meeting of minds. It is a process of engineering consent, with the ultimate aim of assuring a U.S. audience that its executive is not acting alone or in defiance of the common wisdom of the international community. Thus, in the run-up to U.S. action in Iraq, the Bush administration stressed the number of states, big and small, near and far, that supported its decision, even if they made no substantial contribution (Dowd, 2003). References Brewer, D. 2000. Risk Assessment Models and Evolving Approaches, Gamma Secure Systems, p.22. Dowd, Maureen. 2003. "Bush, from Swagger to Stagger," New York Times, p.8-9. Fayo, John. 2001. Contemporary Security Management, Butterworth-Heinemann College, 1st ed, p.6. Nasheri, Hadieh. 2005. Economic Espionage and Industrial Spying, Cambridge: England, Cambridge University Press, p.1. Hancock, B. 1998. Steps to a successful creation of a corporate threat management plan, Computer Fraud & Security, (7): 16-18. Katzke. 1988. A government perspective on risk management of automated information systems, Computer Security Risk Management Model Builders Workshop, Denver Colorado. Nosworthy, J. 2000. A Practical Risk Analysis Approach: managing BCM risk, Computers & Security, 19(7): 596-614. Neumann P. 1995. Computer Related risks, New York, Addison-Wesley, pp.23-29. Reid R., Floyd S. (2001). Extending the Risk Analysis Model to Include Market-Insurance, Computers & Security, 20(4): 331-339. Smith M. 1993. Commonsense Computer Security: your practical guide to information protection, London, McGraw-Hill. Read More