April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

Blue Coat Systems CTO says government cyber professionals need these capabilities in their 'toolbox'

By: Aubrey Merchant-Dest
Federal CTO, Blue Coat Systems
On a daily basis, federal cybersecurity professionals are inundated with warnings of anomalies on their networks and within their agency systems. These alerts, which come from anti-virus software and other solutions that identify irregular activity, provide a list of so many abnormalities that it’s almost impossible to separate a valid risk from a false alarm. For example, the U.S. Postal Service (USPS) Office of Inspector General recently released a report which stated that the organization’s system for collecting and analyzing IT security events was almost entirely reporting false positives for malware. This issue is not just limited to the USPS; it is a growing concern government-wide.

According to the 2016 Verizon Data Breach Investigations Report, 93 percent of attacks took only minutes, sometimes seconds, to compromise systems, while organizations took weeks, months, or longer to discover that a breach had even occurred. What causes more concern is that organizations’ internal security measures were not the ones to discover the breaches. Notifications often came from customers or law enforcement after it was too late. With so much at stake, it is important that federal cybersecurity personnel build a strong security posture that enables them to efficiently sift through the network noise and effectively identify true threats from all of those false positives.

In order to be more targeted in their efforts, here are five capabilities government cyber professionals need to have in their cyber “toolbox”:

Application Identification with Advanced Deep Packet Inspection

Application security should be at the top of every IT organization’s priority list. Since applications are commonly used to penetrate network defenses and carry out advanced targeted attacks, government agencies need to know about all of the applications that run on their network – this could be hundreds or even thousands – so that agency assets and vital information can be protected. Cybersecurity professionals need to not only be able to classify and identify these applications, but also extract detailed attributes from them to assist in clear discovery. Doing so allows cybersecurity professionals to have information on all applications and which hosts, users and artifacts are associated with each so that their complete context can be revealed for any investigation.

Machine Learning and Anomaly Detection

False positives can be eliminated by using a tool with a machine learning engine that automates the process of establishing a normal baseline of activity within an agency’s network. Statistical modeling can then be used to identify and report on abnormal activity. By using captured packet and metadata from the tool, the amount of human effort required for identifying malicious activity is greatly reduced, eliminating many false positives.

Threat Intelligence

Security professionals can benefit from the automatic notification of targeted events in real time. By creating observables for suspicious, malicious, or prohibited behavior, the system can establish rules associated with those observed packet and network behaviors. As result, the system will automatically notify analysts of suspicious activity and violations. This tool can help analysts to automate common tasks such as checking for traffic against a list of known bad websites, receiving notification of unknown applications on the network, or sending an alert about the presence of encrypted traffic on non-standard ports.

Real-time File Brokering to Sandbox Technologies

Cybersecurity professionals also need a tool that can extract files in real time. If the file is not determined to be in the local “good” or “bad” file database, the tool immediately flags it for sandboxing detonation, analysis and risk scoring to identify any security issues. Once a determination is made, the tool can intelligently deliver only “unknown” URLs and files for further analysis, optimizing malware inspection and analysis, while eliminating multiple false positives. The tool should be able to also help determine a context for what happened before, during and after the malware is identified.

Layer 2-7 Analysis

A tool that can provide a variety of advanced analytics across the network layer – from packets, ports/protocols and applications to user sessions and files – strengthens security incident response with comprehensive and conclusive analysis. Some of the key capabilities the tool should include are: full session reconstruction; real-time reputation look-up; instant messaging, email and image reconstruction; root cause identifier; and, delivery of complete artifacts, not just packets.

A Comprehensive Strategy

While these five capabilities each represent a single mechanism to protect government networks from compromise, no single solution or approach is effective. It’s the integration and orchestration of these capabilities that will advance an agency’s security posture. In order to help guard against advanced threats, government cybersecurity professionals need a comprehensive cybersecurity plan and strategy in place to capture, reconstruct, analyze and remediate attacks. The best way to beat advanced threats is to orchestrate an integrated approach to security visibility, analytics, threat intelligence and enforcement. As a result, government agencies are able to focus on their most important priority – the mission at hand.

 

Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...