Enterprises with geographically dispersed remote locations and branch offices on the company network, beware: this structure creates unique network vulnerabilities. That is, at least, the conclusion of recent research conducted by managed network security services provider Nuspire, which counts General Motors, Volkswagen of America, and Subaru of America among its clients. I recently spoke with Saylor Frase, Nuspire president and CEO, to discuss the challenges of securing remote locations and what enterprises can do about those challenges.
Nuspire's research, which focused on Fortune 500 companies, identified several troubling patterns. Network reconnaissance activities like port scanning and automated credential guessing are not only on the rise, but are "by far the most prevalent types of IT network security breaches among remote locations and branch offices," the vendor claimed in a recent statement. Nuspire also found that internal spamming at remote retail and branch locations poses a threat to network performance, security, and reliability. So how can dispersed enterprises protect their franchises, retail stores, and branch offices from incidents that could affect the entire company network?
Understanding the problem is the first step. "Historically, the focus has been on large organizations and large gateways. There's a big focus on gateway security, while a lot of smaller locations are left to their own devices," Frase told me. Companies often simply lack the budget or manpower to provide traditional monitoring, analysis, and response to all the locations in their network. This failure to provide real-time attention leaves the neglected locations vulnerable.
In the best case scenario, enterprises would "bring to bear the same caliber of resources to those end locations" as what they have at headquarters, Frase said. Security Information and Event Management (SIEM) and status monitoring solutions can't do much unless the information they collect actually gets analyzed on a real-time basis. Intelligence means little unless it leads to effective response. That's easier said than done, however, for enterprises that can't simply bring on additional network security manpower for every remote location on the WAN.
Instead, Frase recommends the centralization of SIEM and status monitoring intelligence and analysis. Many SIEM solutions common now "are local, so they'll collect log information from a particular gateway and keep it local there, perhaps with some type of audit or analysis, but nothing that correlates all the logs from all the gateways and has a central response plan," Frase told me. Deploying a solution capable of collecting reports from disparate locations for analysis in a central hub can ensure that events actually get seen and responded to instead of overlooked.
Centralizing SIEM and status monitoring reports has another benefit, one possibly even more significant: greater enterprise-wide security intelligence. A holistic perspective of security events across a dispersed enterprise may yield surprising results. "Sometimes an individual incident may look erroneous, but if you see it happening at multiple locations, you can see that correlation across the board and take network-wide action," Frase said.
Jude Chao is Executive Editor of Enterprise Networking Planet. Follow her on Twitter @judechao.