| The information security landscape has changed | | | | data critical to financial operations, customers, and |
| dramatically in recent years. While the network hacker | | | | employees. Achieving regulatory compliance is a |
| continues to pose a threat, regulatory compliance has | | | | complex challenge for organizations, with massive |
| shifted the focus to internal threats. As noted by | | | | amounts of data and complex applications to monitor, |
| Charles Kolodgy, analyst at IDC, "Compliance shifted | | | | and increasing numbers of users with access to those |
| security management from monitoring external | | | | applications and data. Organizations need accessibility |
| network activity to managing internal user activity at | | | | to contextual information and to understand real-time |
| the application and database level." Whether | | | | network changes, such as adding assets, and the new |
| contending with the Sarbanes-Oxley Act (SOX), the | | | | vulnerabilities and threats that creates. Business |
| Health Insurance Portability and Accountability Act | | | | Services Continuity Continuity of the security |
| (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the | | | | management program across an organization is key |
| Federal Information Security Management Act | | | | to risk management and compliance success. |
| (FISMA), or other compliance challenges, companies | | | | Organizations should be able to predict where most |
| must prove diligence in managing information security | | | | threats might occur, and how they might impact the |
| risk. Maintaining the integrity of security information is | | | | business. Data is constantly in motion, continually |
| increasingly complex, consuming valuable resources. | | | | consumed by users and applications across the |
| Service-oriented architectures are increasing the pace | | | | enterprise. Increased deployment of service-oriented |
| of application development. Networks are comprised | | | | applications increases the number of users with |
| of more applications and data with greater distribution, | | | | potential access to enterprise data. Service-oriented |
| creating more access points to critical data. Though | | | | applications have many moving parts, and monitoring at |
| visibility into real-time threats and vulnerabilities is called | | | | the application layer is much more difficult than |
| for, most organizations lack the tools needed to | | | | monitoring network activity. |
| transform information security data into actionable | | | | Threat and Risk Management As businesses and |
| security intelligence. Security Information Management | | | | networks grow, organizations shift their security focus |
| Challenges Developing and implementing an effective | | | | from trying to address all security issues to establishing |
| security information management system has many | | | | security priorities. The larger, more complex |
| challenges. With the recent explosion of information | | | | organizations choose to focus on the most damaging |
| privacy and security legislation, executives and IT | | | | threats, those with the greatest financial impact, and |
| groups are more accountable for security | | | | those security issues that can cause the most |
| requirements and compliance auditing. Closer | | | | disruption to business processes. Previously, the focus |
| examination of company security postures is exposing | | | | for security organizations has been on stopping threats |
| potential vulnerabilities previously unimportant or even | | | | from outside the enterprise. Yet data leakage and |
| unrecognized, including: | | | | inappropriate user activity from inside the enterprise |
| - Disconnect Between Security Programs and | | | | are often bigger threats, since the potential hacker is |
| Business Processes - Information security programs | | | | so much closer to the data. Organizations today are |
| are often inadequately integrated into business | | | | forced to reconsider their approach to managing risk |
| processes, creating disconnect and process | | | | from insiders. Security Performance Measurement |
| inefficiencies. | | | | Given that organizations cannot manage what they |
| - Fragmented Security Information, Processes, and | | | | cannot measure, the need for security information |
| Operations - Information security often takes place in a | | | | event management and benchmarking are key |
| decentralized manner. Separate databases and | | | | aspects of an effective security decision support |
| unrelated processes might be used for audit | | | | solution. Organizations need to understand their |
| assessments, intrusion detection efforts, and antivirus | | | | security posture at any point in time, and then have the |
| technology. | | | | ability to use that as a security baseline to measure |
| - Security Performance Measurement Difficulties - | | | | against. Also, executive management needs a fast, |
| Many organizations struggle with performance | | | | straightforward, and credible way to have visibility into |
| measurement and management, and developing a | | | | the organization's security posture. |
| standardized approach to information security | | | | Unified Network and Security Management Too often, |
| accountability can be a daunting task. | | | | identifying, managing and eliminating threats across the |
| - Broken or Nonexistent Remediation Processes - | | | | enterprise is a fragmented and ineffective process for |
| Previously, compliance and regulatory requirements | | | | businesses and can lead to damaging outcomes. |
| called for organizations to simply log and archive | | | | Taking a trial-and-error approach can result in network |
| security-related information. Now, auditors request | | | | and application outages, lost data, lost revenue, |
| in-depth process documentation. Both threat | | | | potential compliance violations, and frustrated users. To |
| identification and remediation are becoming more | | | | meet compliance needs and maintain business |
| important. | | | | services continuity, organizations need a coordinated |
| - Abnormal User Activity and Data Leakage | | | | response across a unified infrastructure. Paul Stamp, |
| Identification - With today's security requirements, | | | | Senior Analyst for Forrester Research, states, "When |
| organizations need to quickly and efficiently add | | | | security incidents like a worm outbreak or a system |
| processes to facilitate incident identification and | | | | compromise occur, information risk management |
| detection of anomalous behavior. | | | | needs to coordinate the response, providing timely |
| Security Decision Support Solutions Today, achieving | | | | advice regarding the appropriate response actions. |
| information security compliance and managing risk | | | | Moreover, they need to make sure that the different |
| requires a new level of security awareness and | | | | teams involved in IT security that need to plug the |
| decision support. Organizations can use both internal | | | | security holes communicate effectively and get the job |
| security expertise and external consultants, to | | | | done as efficiently as possible." Security Information |
| implement security information. Integration of network | | | | Management: The Backbone of Security Decision |
| operations centers with security operations centers | | | | Support |
| aids timely identification and remediation of | | | | Security decision support can provide a flexible yet |
| security-related issues. For successful security decision | | | | comprehensive solution for addressing risk |
| support, organizations must automate incident | | | | management and compliance challenges. An |
| response processes. These automated processes, | | | | enterprise-class SIM platform can translate raw data |
| however, must remain flexible and scalable. Risk | | | | into actionable security intelligence that can facilitate |
| management and compliance are dynamic, with | | | | decisions regarding appropriate mitigation and |
| ongoing modifications, regular and complex security | | | | remediation. Security metrics enable management to |
| incidents, and continuous efforts for improvement. A | | | | take decisive action. SIM also accelerates incident |
| successful comprehensive security decision support | | | | response with a consistent work flow. SIM technology |
| solution involves several critical elements: compliance, | | | | enables collection and interpretation of security |
| business services continuity, threat and risk | | | | information from strategic applications and |
| management, and security performance measurement. | | | | compliance-related assets, as well as from perimeter |
| Compliance | | | | devices. Security information is made available to |
| The emergence of compliance as the leading driver | | | | individuals and technology domains across the |
| for information security management projects has | | | | enterprise, while supporting IT governance, enterprise |
| forced organizations to refocus on securing underlying | | | | compliance, and risk management initiatives. |