Visibility - IT managers need to be able to accurately identify the applications active in the environment (regardless of protocol) and see the myriad of connecting hosts, infrastructure and users. With this visibility they can apply the context of network and user behavior to determine the intent of any given connection and whether it should be blocked.
Threat effectiveness - Organisations need to ensure that the network security technology can protect against both known and emerging threats while maintaining effectiveness under load during peak utilization.
Granular controls - Network security devices are supposed to enable safe access, not encourage employees to go around the set defenses. This requires fine-grained security policies with the ability to customize detection and response for both applications and web sites.
Automation - For most IT security organisations, resources aren't increasing to keep pace with advanced adversaries. These companies require tools to automate the provisioning and tuning of security policies and apply those policies consistently across the enterprise.
Advanced malware protection - With increasingly sophisticated malware attacks, it's becoming more difficult to reliably detect malware on the network and remediate it if it does successfully get through. Cloud-based malware intelligence and the ability to coordinate defenses across the environment are now essential.
Performance, scalability and flexibility - To analyse and apply complex policies at high speeds, performance and the ability to scale to multi-gigabit networks is critical. Flexibility to support a deployment model today and the capability to easily change in the future gives an investment protection.
Management and extensibility - To be practical, any updated approach to network security must enable centralized IT security management across the entire enterprise and seamlessly support additional capabilities.
It's no longer a question of whether (if) an attack is about to happen nor is it about when it will happen the real question is how often your organisation is being repeatedly attacked time and time again. In fact, 9% of end users have at least one malware detection event, of which at least 66% are repeat offenders as observed by our Sourcefire Vulnerability Research Team (VRT). Despite all of these alarms, there is a false sense of security. The good news is that network security technologies are evolving, so businesses no longer have to be hampered by first-generation approaches. Armed with the right tools, IT managers can be confident about making the best decisions to protect their organisation and mitigate risks in this challenging era.
Amitpal Dhillon is Senior Product Manager, Asia Pacific for Sourcefire, now a part of Cisco.
Sign up for MIS Asia eNewsletters.