Feeds & Podcasts
Enterprise Blogs
- Cloud Security (10)
- Critical Infrastructure Protection (10)
- CSO / Risk Management (64)
- Data Center (9)
- Data Protection (63)
- Embedded (7)
- Management (6)
- Mobile (29)
- NAC (2)
- Network Security (37)
- Public Sector (26)
- Risk Compliance (63)
- SaaS (2)
- Security Connected (107)
- Security Perspectives (7)
- SMB (3)
- Support (6)
- System Endpoint (22)
- Virtualization (5)
Meet the Bloggers
- Adam Wosotowsky
- Andrew Berkuta
- Barry McPherson
- Brian Contos
- Brian Foster
- Brian Kenyon
- Callie Skokos
- Carrie Ellis
- Charles Ross
- Chintan Shah
- Dan Olds
- Dan Wolff
- David Hatchell
- Dr. Phyllis Schneck
- DThakkar
- Ed Metcalf
- Ed White
- Editor
- Elan Winkler
- Eric Andre
- Eric Schou
- Evan Schuman
- Evelyn de Souza
- Francois Paget
- Gary Davis
- Geok Meng Ong
- George Kurtz
- Greg Brown
- Jan Volzke
- Jim Walter
- Jimmy Shah
- John Dasher
- Joseph Blankenship
- Josh Archambault
- Kayvon Sadeghi
- Kent Landfield
- Kevin Reardon
- Kim Singletary
- Larry Ponemon
- Leon Erlanger
- Lianne Caetano
- Lillian Wai
- Marc Olesen
- Mark Campbell
- Martin Ward
- Matt Fairbanks
- Melissa Siems
- Michelle Dennedy
- Mike Carpenter
- Mike Gallagher
- Nikfar Khaleeli
- Oliver Devane
- PageOne Pr
- Pamela Warren
- Raj Samani
- Rees Johnson
- Rishi Bhargava
- Robert Welty
- Ryan Permeh
- Scott Chasin
- Simon Hunt
- Stephen Karkula
- Steven Fox
- Stuart McClure
- Swapnil Pathak
- Swaroop Sayeram
- Tim Fulkerson
- Tim Roddy
- Tom Conway
- Tom Gann
- Tony Zirnoon
- Tyler Carter
- Vijay Upadhyaya
- William Beltane
Archive
- February 2012 (18)
- January 2012 (47)
- 2011 (482)
- 2010 (431)
- 2009 (395)
- 2008 (294)
- 2007 (416)
- 2006 (169)
Tags
#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity
Elements of Optimized Security: Multi-Layered Defenses
|
|
As I’ve mentioned, we believe that an optimized security program has three key elements. The first which I discussed in an earlier post is Global Threat Intelligence. The second key element of building an optimized security posture is the deployment of multi-layered defenses. This doesn’t mean deploying a different security product for each threat that comes along. In fact, point products make multilayered protection difficult, if not impossible. The key to having effective multi-layered defenses is creating an environment where your various security solutions are integrated, correlated and centrally managed.
Historically, security management has been a complex task due to siloed security products and processes that drain resources, increase costs, and create security gaps. We took an informal poll recently that found that most respondents had anywhere from 6-15 different security product types deployed in their companies. Is this a multi-layered defense? Not exactly. Security becomes multilayered when you connect processes and intelligence across systems and networks and establish visibility across your organization.
BAE’s Director of IT Security, John Fulmer, chatted with McAfee recently about the challenges businesses face today and BAE’s multi-layered approach to security. Like many large enterprises, BAE is faced with a constantly expanding business, new company acquisitions, a movement toward standardization and the need to keep up with the evolving threat landscape.
One of the most important recommendations John gave for creating a multi-layered defense was to make sure you understand your company’s unique environment and security pain points. Rather than tackling everything at once, create a three to five year roadmap of goals and start with one or two security initiatives where you can demonstrate success. In BAE’s case, John first tackled anti-spyware. Then, using McAfee’s central management console, ePO, John tackled endpoint encryption, pushing it out to all users in non-pre-boot fashion, then using the console to migrate users to pre-boot encryption. BAE saw immediate protection and increased visibility and control of their overall risk posture.
As John points out, getting to optimized security is not an easy path. With a constantly changing threat landscape and business environment, most companies will go back and forth among the various stages of maturity. The key, however, is to create a multi-layered program that gives you central control and deep visibility into your security posture so that you can act quickly and nimbly to address changes as they arise.
|
|
Tags: Cybercrime, Security Connected
Submit your own comments / message for this post