RSA 2009: Layer up for security, say experts

Experts warned against 'M&M security', which is hard on the outside but soft in the middle. Pic credit: Lin Pernille

A panel of network security experts on Thursday warned administrators to steer clear of so-called magic bullet offerings.

The group spoke to delegates at the 2009 RSA conference on the virtues of using multiple security solutions and pursuing a 'defence in depth' philosophy for securing their networks.

The system calls for adding multiple levels of security throughout the network, both to prevent intrusion and secure data within the network. Rather than relying on one suite of products on one box to provide total security, the panel advised administrators to pursue multiple best-of-breed products and secure multiple avenues for attack.

For panellist Bob Pratt, head of product management for ArcSight, the term defence in depth applies not only to a company's hardware choice, but also its philosophy towards administration and management of IT.

"It is not just buying six products and layering them one on top of the other," said Pratt.

"It is not having one guy who administers every single security product in the company; you have two security products, why not have two different sets of administrators?"

Several of the panellists likened the approach to that of a bank vault, where multiple security measures and procedures are put in place to safeguard the money in addition to the vault itself.

The panel also warned against relying simply on front-end security and intrusion prevention systems. Netronome director of product management Daniel Proch described the approach as 'M&M security' in reference to the hard-shelled candy.

"It is a hard outer shell they think, but with a really soft middle," Proch explained.

"They are not patching back-end systems, they are relying on the boxes on the outside to stop everything."

In general, the panel agreed that to better prevent attacks and intrusions, businesses needed to better communicate. Panellist and Tenable Network Security chief executive Ron Gula suggested that enterprises follow the lead financial institutions have begun to take and share certain attack details within the industry.

"We need to be a little bit more reactive," said Gula.

"You can put that [information] into your environment and get a good idea about how other people like you are getting attacked."