December 12, 2012, 11:13 AM — This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
For all the advances in enterprise networking over the years there's been one big step backward: security testing. Relatively few enterprises today conduct regular security tests in-house, relying instead on occasional tests by outside consultants or, more dangerously, just taking vendor claims at face value.
Too often enterprise security testing takes one of two paths, neither satisfactory. Some enterprises buy complex security test tools, along with training, but then the tools gather dust once the trained staff leaves. Or they bring in outside consultants for security audits and penetration tests. While the results can be useful, they offer only a snapshot of the enterprise network at a given point in time. Obviously, both approaches have drawbacks.
ROUNDUP: Worst security snafus of 2012
What's really needed is an understanding that network security is an ongoing process, not a single product or service. Security test tools will continue to be important -- but only if they're actually used. With that in mind, here are some guidelines for assessing in-house security test tools:
* Ease of use and portability. The most common reason security test tools fall into disuse is their inherent complexity. We live in an age where children take to tablet interfaces with no instruction. There's no reason why security test tool interfaces should require a Ph.D. in network forensics to operate. And testers should get the same look and feel, regardless of whether a test is run from a desktop, tablet, smartphone or any other device.
* Meaningful, repeatable results: Test traffic should offer as much realism as possible. For example, tests that simply packet-blast a firewall with stateless small packets aren't very interesting, especially if the firewall's job is to guard against specific types of stateful application-layer attacks.