内部网络安全(译文).docVIP

Internal Network Security Go Inline for Greater Gains Abstract As enterprises consider internal or LAN security solutions, they face a confusing set of options. They can choose among solutions that reside at the client, the data center, or in the network. Network-based approaches are available as overlay or inline devices. This paper compares the relative strength of those approaches and concludes that network-based, inline solutions provide the greatest set of advantages. About the author Mark Bouchard, CISSP, is the founder of Missing Link Security Services, LLC, a consulting firm specializing in information security and risk management strategies. A former META Group analyst, Mark has spent the past decade assessing and projecting the business and technology trends pertaining to a wide range of information security topics. During this time he has assisted hundreds of organizations worldwide with everything from strategic initiatives (e.g., creating five-year security plans and over-arching security architectures) to tactical decisions involving the justification, selection, acquisition, implementation and ongoing operations of individual technologies/products. He also routinely works closely with the creators and sellers of information security solutions, helping them to better understand and meet the needs of the market at large. Enterprises worldwide are waking up to the need to secure their internal networks. Indeed, recent surveys indicate that approximately two-thirds of organizations consider addressing internal threats to be their greatest current security challenge. This situation derives in part from the need to comply with a considerable collection of imperative yet ambiguous privacy and security oriented legislation (e.g., S-Ox). More significant, however, is the fact that the inadequacies of a perimeter-only security strategy are repeatedly being revealed by the increasing frequency of malware gaining entry via alternate paths – in particular, th