Security must move to the network for companies to remain safe in the face of debilitating and dangerous threats, said John Chambers, CEO of Cisco Systems Inc.
“If an attack can affect your network in about 10 seconds, you have no time for human intervention,” Chambers told journalists, analysts and CSOs on the second day of RSA Conference 2005. “Your network has to be like the human body that (without your conscious awareness) tackles viruses and other things that come into you.”
Chambers said corporate networks have to become more intelligent and proactive in stopping security breaches or attacks that can harm a company’s bottom line.
Single-point remedies such as firewalls, anti-virus or anti-spam products are not enough, he said, adding that such solutions have to be integrated right into the network architecture and the network itself must become more intelligent at identifying threats before they harm users.
Chambers said the network has to move from a reactive to an adaptive mode. In practical terms, he said, this means going beyond intrusion detection (where you notice a problem and then react to it) to threat prevention.
Adaptive network security, he said, involves multiple levels of defense, with security built into the network infrastructure, right down to the switches and routers and other components and not bolted on as a separate layer. “You have to think about it architecturally. You can’t approach this problem with point products. Also, you can have a security team that can walk on water, but they can’t do everything or catch everything. The network has to be self-defending.”
Russell Artzt, executive vice-president and co-founder of Computer Associates shared Chambers’ view that the network and enterprise is coming under greater attack and faces new kinds of security challenges.
But Artzt said the antidote does not just involve tackling virus, malware and spyware but also involves legislative remedies such as the Sarbanes-Oxley Act.
“I deal with customers around the world and they tell me (compliance) is the number one issue they have to deal with,” said Artzt. “The Act demands a whole new level of transparency. The truth is Sarbanes and a host of other provisions around the world have ushered in a new regulatory environment and (businesses) are coming to companies like CA and others to help them.”
He said people at every level of an organization now have to deal with a bunch of regulatory requirements backed by stringent measures to ensure compliance. “No aspect has been most affected by this as security and it has sparked a fundamental shift. Security is not an afterthought. Security now aligns IT and the business process.”