| From computer viruses to hackers, with so many | | | | processes and tools that anyone (not just IT) can do it. |
| lurking security threats, it's important to have a solid | | | | Overall, your network security solution should have |
| network security solution in place. Whether your | | | | monitoring, prevention, reporting and enforcement all in |
| company has security software, a dedicated IT team | | | | one solution. |
| to monitor suspicious activity, or both - threats keep | | | | 5. Cost of Ownership. Any solution should have a |
| evolving and adapting to their environment. That said, it | | | | reasonable cost of ownership, meaning it should |
| would be in your best interest to have an integrated | | | | possess the ability to integrate with a broad range of |
| network security solution with all the modern tools you | | | | security and networking solutions as well as a flexible |
| need to keep your system up and running smoothly. | | | | deployment scheme. Additionally, the solution should |
| So how can you assess your network security | | | | have a measurable effectiveness, i.e. reporting. That is |
| solution to see if it's time to update your security | | | | if a breach or leak does happen your solution should |
| software or procedures? Here are 6 important | | | | be able to classify the incident(s) and provide |
| aspects you should consider when evaluating your | | | | remediation in order to have a reasonable cost of |
| current network security. | | | | ownership. |
| 1. Detection Accuracy. It's critical to have a network | | | | 6. Vendor Viability. Unfortunately, the majority of |
| solution that can lower the amount of false positives | | | | available solutions are from start up companies with |
| negatives and can also design policy controls that map | | | | limited funds and product vision. Network security |
| to business processes. Make sure the solution can | | | | solutions from start up companies can sometimes lack |
| protect both structured and unstructured data as well | | | | the R&D, global sales and support services |
| as data ranging from simple credit card numbers and | | | | organizations need to have guaranteed, long term |
| SSNs to source code and other proprietary | | | | security for their network. Additionally, due to |
| information. | | | | consolidation in the security industry, these small |
| 2. Enforcement Capabilities. Since most leaks are | | | | vendors and 'boutique shops' are more likely to be |
| internal (or at least start out that way) it's important to | | | | acquired by a larger company at some point or even |
| have a network security solution with integrated | | | | forced out of business eventually. The larger, publicly |
| enforcement capabilities for all data types, vectors, for | | | | traded firms however, generally have a more |
| both internal and external communications. | | | | substantial customer base, a well funded R&D |
| 3. Policy Administration and Updating. Make sure your | | | | program, and a global presence with strong sales and |
| network security solution is able to set rules based on | | | | support. Therefore, purchasing solutions from a more |
| users, data, vector, and destination. It should be able to | | | | viable vendor could mean better results and service in |
| tie each of these variables together to say who can | | | | the long run. |
| send what information where and how. Additionally, | | | | For any business present in today's fast-paced, ever |
| since these policies should be created based on | | | | changing web environment, finding an integrated |
| regulatory compliance requirements and corporate | | | | security solution that will take care of everything listed |
| governance, your network security solution should be | | | | above is imperative. After you've evaluated your |
| automatically updating them as regulations change. | | | | current security - begin researching security solutions |
| 4. Manageability and Reporting. Security software | | | | (such as the Websense(R) Web Security Suite (TM) ) |
| should be easy to deploy and manage. Policy controls | | | | that will fill the gaps left open by traditional security |
| should be so easy to create and integrate with existing | | | | software. |