As the network is becoming more vulnerable to attack because of the evolving perimeter, the threats themselves are changing. In addition to Trojans and botnets, newer, even more dangerous threats lurk. Two of the most troublesome are flash threats and self-mutating worms. Flash threats are so named because of the speed with which viruses or worms can spread. In 1999, a virus dubbed “Melissa,” one of the earliest and most widespread viruses at the time, took 16 hours to spread globally, according to Network Associates Inc. In January 2003, the “Slammer” virus managed to infect more than 90 per cent of the vulnerable hosts worldwide within 10 minutes using a well-known vulnerability in Microsoft’s SQL Server. New viruses in the coming months and years are expected to spread even faster. Therefore whatever defense organizations create, they must be able to identify the threat and respond much more quickly than ever before. The other looming threat is the self-mutating worm. Today’s worms are relatively unintelligent. They are programmed to follow a specific set of instructions, such as to infiltrate one machine through a specific port and once on the machine compromise it in some way, for example, causing a buffer overflow and planting a Trojan. If anything interferes with these planned instructions, the worm lacks the ability to adjust and dies.

Now, however, rogue developers are adding intelligence and logic to worms so that if they can’t complete a specific task worms can mutate and pursue other lines of attack. The current security defense paradigm is to deploy more and more of the existing security technologies throughout every segment of the network. This includes firewalls and ACLs to block access and perform application inspection, intrusion protection system (IPS) technology to provide very granular traffic inspection and identify known threats, encryption software to counter eavesdropping, anomaly detection to detect worms or DoS attacks, and antivirus software to battle viruses. Many of today’s security technologies were developed to perform their specific function with little context of the overall network threat environment. Operating alone, however, these technologies are less effective in stopping the newer attacks, as well as the changing ways in which user’s access networks, because of the “security gaps” that exist between each technique’s capabilities.

With the increased complexity of threats, such as the blended threats that use a combination of techniques to disrupt networks, security technologies must operate in a coordinated fashion to stop attacks and better control network activity and applications. Unfortunately, over the years, many companies have addressed nagging security concerns by constantly adding devices and software to address each particular problem. This has led to separate antivirus protection, firewalls, VPNs, and intrusion prevention. While this addresses the short-term needs, it creates an entirely new and bigger problem: managing multiple systems that operate independently of one another. As more advanced threats emerge, there is a need for network security to become more holistic; security technologies must act in coordination to detect and defend against more sophisticated threats. There is a growing need for devices that can assemble the puzzle pieces and lock down the gaps that exist in conventional network security systems.

Transforming chaos into a clear and manageable security policy is essential, which is why future network security systems need to focus on convergence and consolidation. For robust information security for an enterprise, a proactive architectural and system approach is critical. The idea is to accurately identify and stop attacks as early and as far from the destination host as possible, while simultaneously simplifying the security architectures required to do this. Instead of a security product for each security need in isolation, an end-to-end security solution approach or system enables these combined functions to operate as a coordinated defense (instead of silos) that stops a broader range of attacks and greatly reduces the number of diverse multi-vendor devices that must be deployed, thereby simplifying security design and management. Historically, firewalls have generally been considered fairly simple devices, but they are effective at what they do — either block a packet or let it through based on Layer 3 and Layer 4 information and session state. They can provide some level of application inspection but do not perform the detailed inspection of some other technologies. An IPS device can pick up where a traditional firewall leaves off by peering more deeply into a packet’s contents to see whether the data within conforms to company policy.

Host IPS, host firewall on servers and desktops/ laptops, day zero protection and intelligent behavioral based protection from application vulnerability and related flaws (within or inserted by virus, worms or Trojans) provided great level of confidence on what is happening within an organization on a normal day and when there is a attack situation, which segment and what has gone wrong and gives flexibility and control to stop such situations by having linkages of such devices with monitoring, log-analysis and event co-relation system. Adaptive threat defense is the need now where an end-point security system can dynamically generate an attack signature and push it to the other end-points and to the perimeter IPS devices to stop it from propagating to rest of the infrastructure.

Similarly security operations teams have challenges to fine-tune false positives, they struggle by logging into various devices to understand which logs are resulting into what logs; the need of the hour is that security operations team should be able to easily see the logs and link the same to configurations which are resulting into these logs. This type of systems approach transforms security from operating as separate siloed technologies in a reactive mode-with limited and static detection methods-to functioning as a coordinated, proactive threat defense system that adapts to the threat environment. These systems provide numerous benefits: improved detection, greater event classification accuracy, lower operating costs, streamlined administration, and services extensibility that integrate the most advanced security technologies as they are developed. These converged systems will not compromise the quality of security in any given category, but instead combine the strength of each in complementary ways to deliver a tighter, coordinated defense.