Current approach to enterprise security

Enterprise assets reside on servers: servers that provide access to the network (routers, firewalls, and intrusion prevention systems), servers to detect intrusion (intrusion detection system), servers to provide access to company information (role-based access control and fine grain authorization, file servers, email servers, etc.), servers to store critical data (database servers), and so on. There are challenges to managing security due to significant uncertainty in knowledge about the attacks, the ability to predict losses, and relying on traditional reactive approaches. Table 1 shows some of the security challenges that enterprises face and the approach taken by a few vendors to solve them.

According to Symantec the number of security holes in servers continues to rise. There are many drivers that determine and specify the level of Enterprise Security. Some of these are technical; such as the desire for additional perimeter defense, achieving sustained availability and performance by avoiding denial of service attacks, avoiding intrusions to protect the corporate crown jewels, avoiding propagation of a worm within the corporate network, and satisfying corporate privacy policy. There are also corporate governance issues, like compliance with regulations and a fiduciary responsibility to national financial system. To achieve a high level of enterprise security several approaches are currently available.

Traditionally, approaches to security incidence management have been reactive. Information technology (IT) professionals feel tremendous pressure to complete their tasks quickly with as little inconvenience to users as possible. Over the years, a security risk management assessment approach has emerged [4] [5]. The driver behind this approach is the estimation of expected loss in the value of a specific asset when a specific threat is realized. The current approach is summarized in Figure 1 below, and is henceforth referred to as the traditional security risk management approach. For the proactive security risk management approach, we will use the traditional approach as our starting point.

Once the specific threat has been identified, the computation of the Annual Loss Expectancy includes the following steps ([4, 5]):

• Asset Value (AV) = hardware + software + data
• Exposure Factor (EF) = percentage loss if a threat is successfully realized
• Single Loss Expectancy (SLE) = AV X EF
• Annual Rate Of Occurrence (ARO) = annual frequency on specific threats
• Annual Loss Expectancy (ALE) = AV X EF X ARO

We stress that in this approach, Exposure Factor (EF) plays a key role. The assumption is that in the case of an intrusion, the asset is degraded by Single Loss Expectancy (SLE). In the next section we argue that by controlling the exposure time, we can reduce the effective EF and thus the expected loss.

In modern multi-tier architecture there is a potential for exposing additional assets to risks. For example, to model the secondary impact of a successful intrusion, Timm [6] introduces Cascade Threat Multiplier (CTM). He argues that after the attacker successfully intrudes the system, the attacker has the ability to access and damage other resources that are on the same network. Since exposure time reductions will reduce the time an intruder has to do damage, the intrusion tolerance approach is likely to provide additional advantage.