& cplSiteName &

Level 3: Security Is Company-Specific

Carol Wilson
12/7/2015
50%
50%

NEW YORK -- Even with growing concerns about security breaches, many enterprises aren't protecting their data adequately because they don't know where it resides within their IT structure or whether the right data is being protected. That's why careful auditing and assessment are key steps to a more secure future and may be more important than careful compliance, Level 3's Chris Richter told the Carrier Network Security Summit here last week.

Richter, who is senior vice president of Global Security Services for Level 3 Communications Inc. (NYSE: LVLT), said it's also important for an enterprise to know exactly what makes their company a target, whether it's stored customer information, intellectual property or something else, before a company's specific risk can be determined. The security strategy needs to be built on addressing risks, not on just meeting compliance rules.

Level 3's Chris Richter

"Every company faces different kinds of risks" and the threat environment is constantly changing, Richter said.

Level 3 has become much more aggressive both in promoting managed security services and in proactively going after the bad guys, using network intelligence built on understanding of network behavior to see where things are off kilter. Network-based security services are able to evolve with the ever-changing threat landscape, and therefore offer better protection, he commented.


Read the latest on issues around network security in our dedicated security section here on Light Reading.

But company-specific audits are also a key. He cited one California-based company whose Level 3 audit showed connection activity on its servers from places such as Turkey, where the company wasn't doing any business.

"That was a clear indication that something was wrong," and there were vulnerabilities to address, Richter commented. But it takes company-specific audits to identify those kinds of otherwise undetected issues.

Richter was among several speakers who also urged enterprises to collaborate and share threat information so that known threats can be more quickly identified and warded off.

He also pointed to the difficulty many enterprises face in hiring security experts. While lower-level jobs requiring little experience can be filled in a matter of months, it can take a year or more to hire the most senior folks, who are capable of building an enterprise-wide security strategy.

— Carol Wilson, Editor-at-Large, Light Reading

(3)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
ITProjec39942
50%
50%
ITProjec39942,
User Rank: Lightning
10/7/2016 | 2:45:11 AM
it is amazing to think that some companies
Carol, it is amazing to think that some companies don't even know the architecture of where their data is, the access points, etc., let alone the level of security risk for their data.

What this suggests to me is that not everyone has evolved with the evolution of technology/data and are not designing, let alone securing and managing, their systems, networks, and data relative to the changing values.  If one just listens to the recent interview with lowongan kerja the infrastructure manager that Steve Saunders conducted with LinkedIn's Infrastructure Manager, one can see the need and value for good design, prioritizing, keeping track of the changes, and navigating.  That, on top of the example you use of audits to "assess" risk, suggest entirely new assessments and addition to company security efforts. thanks a lot
cnwedit
50%
50%
cnwedit,
User Rank: Light Beer
12/8/2015 | 12:39:56 AM
Re: Level 3: Company-Specific Security
It is surprising how much of the vulnerability of enterprises is based on their own behavior - good and bad - but if you think about it, things such as mergers and acquisitions or new product rollouts and technology changes are happening separate of the security issues and it's likely that the security folks are being dragged in last minute, if at all. 

So there is an accumulation of things and it takes a careful audit or assessment, as Chris Richter states, to detect where problems exist and possibly have existed for a long time. This is why managed security services is a huge opportunity for network operators that get it right. 
DHagar
50%
50%
DHagar,
User Rank: Light Sabre
12/7/2015 | 9:29:11 PM
Re: Level 3: Company-Specific Security
Carol, it is amazing to think that some companies don't even know the architecture of where their data is, the access points, etc., let alone the level of security risk for their data.

What this suggests to me is that not everyone has evolved with the evolution of technology/data and are not designing, let alone securing and managing, their systems, networks, and data relative to the changing values.  If one just listens to the recent interview with the infrastructure manager that Steve Saunders conducted with LinkedIn's Infrastructure Manager, one can see the need and value for good design, prioritizing, keeping track of the changes, and navigating.  That, on top of the example you use of audits to "assess" risk, suggest entirely new assessments and addition to company security efforts.
Featured Video
Flash Poll
Upcoming Live Events
September 17-19, 2019, Dallas, Texas
October 1-2, 2019, New Orleans, Louisiana
October 2-22, 2019, Los Angeles, CA
October 10, 2019, New York, New York
November 5, 2019, London, England
November 7, 2019, London, UK
December 3-5, 2019, Vienna, Austria
December 3, 2019, New York, New York
All Upcoming Live Events