What is Threat Management?
Threat management is an approach to network security which integrates a number of different approaches to threats which are designed to thwart them before they actually enter the system. Rather than dealing with threats on a case-by-case basis, this approach focuses on making the overall system more secure, to stop threats in their tracks and deter people who might attempt to compromise the system. There are a number of approaches which can be integrated into a successful threat management strategy, and several firms specialize in providing advice on setting up these types of systems.
A number of different things can pose a threat to network security. Some are obvious: viruses, trojans, spam, and worms which enter a system can compromise security and potentially bring the system down while people address them. Other threats can include things like security leaks from careless employees inside the network, hacking attempts, and phishing. Threat management recognizes all of these potential issues and creates safeguards against them.
One technique involves a heavily reinforced firewall which is designed to repel threats. At the gateway to the network, software which scans for malicious software and other problems can be implemented so that threats never get inside the network. Likewise, a system which monitors and reacts to activity can also be installed to stop people such as hackers from getting into the system. Another aspect of threat management involves regularly updating software with the latest information about threats so that it can respond quickly.
The goal is to prevent intrusion by staying ahead of and thwarting threats, rather than dealing with them once they are already inside the system. It can be challenging, but ultimately less costly than dealing with the aftermath of something which has entered the system. Much of threat management can also be accomplished through automated systems, allowing network administrators to focus on unusual activity and meeting the needs of network users, rather than on babysitting the network as a whole.
Companies which offer consulting in this area can set up threat management systems, train employees, and offer ongoing advice and support. Some companies may also administer these types of systems remotely for their clients, applying their expertise and connections to keep systems up and running as much as possible. People who are interested in working in this area should be innovative, fast thinkers who are capable of remaining several steps ahead of any situation, anticipating issues before they emerge rather than reacting to them after the fact.
@David09 - I don’t think that’s the fault of the firewall. The network administrators can adjust those settings.
If they want to let email attachments get through they can change the settings to allow certain attachments (like zip files, which can’t do any harm in and of themselves) – or to let attachments from certain locations get through, like specific vendors.
The firewall has to be capable of maximum security, however, in order to function effectively.
We have a firewall in our company, as I’m sure that most businesses do. The one beef I have about firewalls is sometimes I think they are a little too secure. This is not necessarily the case with our system, but with some of our customers’ systems.
What I mean is that from time to time I need to send a customer an email attachment. Some firewalls will not let the zip attachments get through. They won't let a database attachment through either, for fear I suppose that the database could execute a macro which could disrupt the network.
I find that in order to get through the firewall, I have to rename the attachment’s extension to .txt (an innocuous text file, which cannot execute a program) to get it through the program.
I took a course on network security in college. In addition to the stuff that the article talks about, like firewalls and virus scanners, there have been some really innovative developments in the area of network security.
One such system is called a honeypot. It's a network intrusion detection system. A honeypot is basically a bait. It emulates a real server on a network and it attracts hackers and repels their attempts at intrusion, keeping them away from the real network.
In addition, the honeypot also gathers information about the hackers so that it can build a better defense mechanism against them.
Post your comments