by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : August and September 2016
SPONSORED CONTENT S -16 © 2016 FireEye, Inc. All rights reserved. WHAT IS ‘GOOD ENOUGH’ SECURITY REALLY COSTING YOU? Truth is, good enough security is just not good enough. You simply can’t focus on just prevention or detection and call it a day. When — not if — a breach happens, who do you want on your side? The experts who are on the front lines of comprehensive detection, analysis and response or the other guys? FireEye. KNOW THE TRUTH. Carahsoft.com/innovation/FireEye-Cyber N ation- states, organized crime and hacktivists have f lipped the script on cybersecurity in the federal gov- ernment. The threats posed by these groups are stealthier, more sophis- ticated and more ambitious than ever before. Agencies have to rethink how they prepare for and respond to cyberattacks. This new reality is captured in a powerful new documentar y entitled “Zero Days,” which explores the ramifications of cyber warfare between nation - states and the emergence of cyberterrorists. The risks posed by these new players are exacerbated by the arrival of digital natives in the federal workforce. These are individuals who have grown up in an interconnected world and whose proclivity for sharing could inadvertently provide adversaries with information needed to target government systems. In this new environment, federal agencies can’t rely on the traditional approach of revising cybersecurity strategies on a periodic, as -needed basis. Today, “as needed” mea ns “continuously.” Agencies must continuously evolve their cybersecurity policies, processes, systems a nd expertise. Their adversa ries are continuously evolving as well. They will exploit any gap that they see. And they will be successful. That hard truth—that even the best defense can a nd will be compromised—is why agencies must stop thinking in terms of cyberdefense and instead focus on cyber resilience. O nce you accept that breaches are inevitable, the question is whether you can detect them quickly enough to mitigate the damage. And if damage is already done, ca n you continue operations? Banks are a good example of this. When banks are attacked, they don’t have the option of simply taking a server offline while they fix the problem. Banks have developed resilient infrastructures that let them operate through a breach while it’s being resolved. Resilience encompasses more than just incident response. To improve the odds of anticipating and mitigating threats, agencies need to develop a deeper understanding of the threat landscape. If somebody is tr ying to break in, they need to understand who it is, how they are doing it, and why. This is what mi l itar y leaders call situational awareness. In theor y, situational awareness should be simple in the cyber domain. There’s an enor mous amount of data generated on a continuous basis. Unfortunately, the sheer volume only clouds the picture. Security operation centers struggle to sift out true threats from the growing nu mber of false positives. It’s like trying to find a needle in a haystack that is growing exponentially. This often results in what’s know n as aler t fatigue. Data is not enough on its own. Agencies need tools and processes to conver t data into actionable intelligence. They must identify and respond to threats in real-time; develop a better understanding of their adversaries and prepare for emerging threats; and move to an adaptive defense that evolves as threats evolve. This is intelligence - dr iven secur ity. This is how agencies can i mprove their odds of managing this new threat environment. Intelligence-driven security is a significant change from how agencies are used to managing security. Many agencies might fi nd they lack the cyberexpertise to make this transformation , and may resist the push to quickly adopt new technology. The script has flipped though, whether we like it or not. We must all evolve. Tony Cole is Vice President and Global Government CTO at FireEye. TONY COLE VICE PRESIDENT AND GLOBAL GOVERNMENT CTO, FIREEYE As more sophisticated adversaries emerge, agencies have to rethink security management practices. INTELLIGENCE-DRIVEN SECURITY ENABLES RESILIENCE CYBER RESILIENCE
June and July 2016
October and November 2016